Privacy & Cookie Policies of VSTORM
How do we process your personal data?
When as a natural person you contact us or use our services, regardless of whether you act on your behalf or on behalf of another entity (e.g. our client, supplier, etc.) or when we have obtained your personal data from other sources (e.g. from publicly available industry websites or when your personal data have been disclosed to us as a contact for the purpose of execution of the contracts) we start to process your personal data. We approach all information about you responsibly and in accordance with the law – in particular with GDPR.
I. Glossary – basic concepts
Your data controller is VSTORM Sp. z o.o. with the registered office at Waniliowa 48/6 Street, 51-180 in Wrocław, entered in the Register of Entrepreneurs of the National Court Register conducted by the District Court for the City Wroclaw, VI-th Commercial Division of the National Court Register under number KRS 0000853793, having tax identification number (NIP) 8952220262, which can be contacted via email: gdpr@Vstorm.com.
Personal data – all information that we process related to you. For example: name, surname, email address, consumption data, payment details etc;
Processing – all operations that we perform on your personal data. This includes e.g.: collecting, storage, updating, sending correspondence, analysing in order to issue an invoice, and erasure;
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/E
II. Whose personal data do we collect?
We may process your personal data, if:
- you are our potential or current client or supplier;
- you are an entity (or you are providing services to an entity), that we want to advertise or sell our services to;
- you are providing services / work for our client or supplier or to an entity, that uses our services or products developed by us (you act on behalf of them e.g. as their employee, associate, representative);
- you are interested in actions that we undertake (e.g. as part of contact with media).
- you take part in our recruitment process
Information that we DO NOT collect – children
We do not knowingly solicit personal information of children under the age of 18. We do not knowingly collect personal information of and from children under the age of 18. If we learn that a child under the age of 18 has provided us with personal information without parental consent, we will take steps to delete it.
III. When we may process your personal data?
We may process your personal data received directly from You or from other sources. Therefore your personal data may be processed:
- If you have provided us with your personal data via various means of communication (e.g. by sending us an inquiry / offer, via email, by telephone or via our website);
- If you sign up for our newsletter, download any content from our website;
- In the case of conclusion or performance of a contract, including in case when your personal data has been provided to us as contact data for the purpose of proper performance of the above contract;
- If we have received your personal data from other source (e.g. from an entity that is our contractor / client, during events or from publicly available sources / websites).
III. What Personal data do we collect and what is the purpose and legal basis of such activities?
The scope of personal data that we process depends on what information you or e.g. your employer provided to us, on the form of contact you’ve chosen and on the information that is vital for a given relationship – it primarily encompasses the content of documents, as well as of our correspondence/communication, along with other information we have obtained from publicly available professional sources regarding our business relations (e.g. industry websites).
This data in particular includes:
- first name and last name;
- information regarding business and professional activity, including work place, work position or department, qualifications;
- address, phone number, e-mail address, IP number or other contact data (such data may regard your work place or may constitute your personal data, depending on the relationship between you and the person (natural or legal) which you work for;
- information provided directly by you when contacting us by telephone, email, through our website, via our social media or otherwise (e.g. date of contact, duration of our conversation, communication history, e-mail content, audio record of our phone call if you were informed in advance about such recording).
Therefore, we obtain the above personal data directly from you or from other people, e.g. from your employers/clients or from public sources.
We may process your personal data under following circumstances:
- When you use contact forms or other means of communication in order to estimate our services
If you contact us using our contact forms or any other means of communication, we collect your name and email address and other personal data that you provided us with e.g. work place, work position etc. We store your data along with the message you sent us, information about the type of your project, in case you provided it and the content of our communication (e.g. chat history, e-mail content, audio record of our phone call if you were informed in advance about such recording).
We process the above information in order to respond to your inquiries, improve our communication and the quality of customer service, as well as to promote our services and conclude an appropriate agreement for the provision of services with you or your employer or other person for whom you work.
The legal basis of our actions depends on the context of our communication. If these are only general inquiries or conversations, or if you represent another entity/person the legal basis for such processing will be our “legitimate interest” (results from the purposes indicated above – Art. 6(1)(f) GDPR).
However, if such inquiry leads to the conclusion of the agreement with you, the legal basis for such processing will be “taking steps at the request of the data subject prior to entering into a contract” (Art. 6(1)(b) GDPR).
- When you are our client or contractor
Once we have concluded a relevant contract, we may collect information necessary for the proper performance of this contract such as data on consumption, settlement of any due fees, on how you use our services and on the process of execution of our contract, and also our possible communication.
The purpose of processing the abovementioned data and the legal basis as well, is proper implementation of the agreement (Art. 6 (1)(b) GDPR) and compliance with a legal obligation to which we are subject to e.g. tax obligations (Art. 6(1)(c) GDPR).
Regardless of the above, if you give us specific consent, in order to promote the services already provided to you or to the entity that you work for / which you represent, or to publicly inform about our cooperation, we may process your image (photo provided by you or via public websites e.g. Linkedin) by publishing it on our website or in our social media along with your first name and last name, name of work place and sometimes your work position and description of such services or cooperation (case studies, testimonials etc.). The legal basis for processing the above data is your consent (Article 6(1)(a) GDPR).
3. When we have obtained your personal data from other sources e.g. your employer
If you haven’t given us your data on your own behalf, for example, you are acting on behalf of our client, supplier, or another entity, we process your data in order to process the contact in the context in which you are acting in the name of the third party, as well as for the conclusion and/or processing of a contract with that third party and/or conducting a joint project.
The legal basis for processing your personal data in accordance with this purpose will be our legitimate interest (Art. 6(1)(f) GDPR) – building and maintaining relations with the third party in whose name you are acting, including the conclusion and performance of relevant contracts with that party, as well as the intention of building a positive image of Vstorm.
4. When you visit our website
The legal basis for using the cookies and similar technologies is your consent, except when their use is necessary for the proper functioning of our website (providing you with electronic services), when the legal basis for such processing will be legal provision (Art. 173(3)(2) of the Telecommunications Law) and respectively – our legitimate interest (Art. 6(1)(f) GDPR).
5. When you have signed up for our newsletter or you have downloaded any content from our website
We collect your email address if you fill the newsletter box on the bottom of our website, and we use your data only for this particular purpose of sending you our newsletter.
you want to download some promotional content from our website, in some cases you need to provide us with your email address. Depending on the topic of the content you are requesting, we can also ask you for some additional information, but providing it is always optional.
In such case we process your data to send you the content you requested and a follow up message (or in some campaigns a series of messages) regarding the content’s topic.
The legal basis for processing the above data is your consent (Article 6(1)(a) GDPR).
6. When we have participated in the same conference or industry event
We may obtain some of your personal data from you during a conference or industry event, in which our representatives took part or we may have obtained them from such event’s organiser. In this case, data from your business card, inquiry or data from list of participants are processed in our database in order to send you information which were interesting for you, respond to your inquiry and to conduct further correspondence / contact in this matter, or in order to thank you for the meeting or participation in an event.
In such cases the legal basis for processing is our legitimate interest (Art. 6(1)(f) GDPR) or your consent (Article 6(1)(a) GDPR).
7. When we want to promote our services or build positive image of our company
Regardless of the foregoing, your personal data, that is in particular, your first name and last name, as well as correspondence address and/or e-mail address, can be used by us in order to contact you from time to time (for example, to send holiday season greetings) or to contact you regarding the promotion of Vstorm’s products or services.
The legal basis for processing your personal data in accordance with this purpose will be our legitimate interest (Art. 6(1)(f) GDPR) – maintaining relations and building a positive image of Vstorm and marketing of Vstorm’s products and services.
Additionally, with regard to the processing of your personal data in order to
- defend against potential claims, as well as for the purpose of potential directing claims, the legal basis for processing of your personal data will be our legitimate interest (Art. 6(1)(f) GDPR);
- fulfill the legal obligations of the data controller (e.g. tax, accounting), the legal basis for processing of your personal data will be the necessity for compliance with a legal obligation to which the controller is subject (Art. 6(1)(c) GDPR).
In any case, we send commercial information on electronic addresses (email, telephone) only upon your prior consent (legal basis).
Your submission of personal data is voluntary, but sometimes it may be necessary for purposes related to our cooperation, e.g. in order to conclude or execute the contract or to respond to your query or to conduct further correspondence. This means that failure to provide data may constitute grounds for refusal to enter into cooperation by Vstorm, or to take legal measures to terminate possible contract by Vstorm.
Please be reminded, that in any case when processing of personal data is based on your consent, you may revoke it at any time, without affecting the legality of processing performed prior to such revocation. However, in case of processing your personal data based on our legitimate interest, you may object to such processing.
V. How long do we process your data?
We process personal data only for the time necessary to achieve the purpose(s) for which it was originally collected, after which it will be deleted, except to the extent that it is necessary for us to continue to process it for the purpose of compliance with legal obligations to which we are subject or for another legitimate and lawful purpose.
As a rule, personal data processed on the basis of our legitimate interest are processed until the objection to processing or the fulfilment of the purpose for which it has been processed. If you are not our contractor, we store data gathered only in connection with our current communication, depending on the category of each information – for a period of several weeks (some cookies) to the maximum of 3 years (more specific inquires and conversations, which may be important for our future contact).
Data processed on the basis of the consent, are processed until its withdrawal or fulfilling the purpose, for which it has been granted.
Data related to the performance of a contract that we have concluded are stored for the duration of the contract and usually for a period of maximum 7 years after its termination, what results from the tax regulations and limitation period of some claims.
The above periods may be extended, as appropriate, in the event of any possible claims and court proceedings – for the duration of these proceedings and their settlement, and also if we are obliged to further processing of such data to meet legal obligations.
VI. Who has access to your personal data?
Your personal data will only be accessed by duly authorized employees or associates of Vstorm, who are obliged to maintain them in secrecy and not to use them for purposes other than those for which Vstorm obtained such data, and entities which support us in providing services, such as email marketing platforms, IT service providers or contact tools (communicators), legal and consulting services providers, insurance providers.
All these persons and entities have access only to the personal data, which are necessary to perform specific actions by them.
It is possible that some of the entities that provide us with solutions may be based outside the European Economic Area (EEA). In each case of data transmission outside the EEA, we apply all required safeguards, including standard data protection clauses adopted pursuant to decisions of the European Commission, we conclude data processing agreements that meet the requirements of the GDPR and in the case of data transmission to the US, we verify the participation of our partners in the Privacy Shield program (more: https://www.privacyshield.gov/) and their compliance with other relevant laws. You have right to access the list of such recipients and a copy of the security measures we apply for the transfer of personal data to third countries by contacting us at gdpr@Vstorm.co.
We may also be required to provide specific information to public authorities for the purposes of proceedings conducted by them. In this case, any information are provided only if there is a proper legal basis for it.
VII. What are the “cookies” files and similar technologies? How and in what purpose do we use them?
We receive and record information (which may include personal data) from your browser when you use our website. We use a variety of methods, such as cookies and pixel tags to collect this information.
“Cookies” files are pieces of information that are transferred by the server and stored on your device (usually on your computer’s hard drive). It stores information that we may need in order to adjust to the way you use our website and in order to collect statistical data. The above information may include your (i) IP-address; (ii) unique cookie identifier, cookie information and information on whether your device has software to access certain features; (iii) unique device identifier and device type; (iv) domain, browser type and language, (v) operating system and system settings; (vi) country and time zone; (vii) previously visited websites; (viii) information about your interaction with our website such as click behaviour and indicated preferences; and (ix) access times and referring URLs.
Third parties may also collect information via our website through cookies, third party plug-ins and widgets. These third parties collect data directly from your web browser and the processing of this data is subject to their own privacy policies.
Not all of the information collected through cookies is considered personal data under GDPR. However, if you shared your personal data with us in the past, cookies files sometimes can be connected directly with your data, e.g. through connecting id numbers in cookies files with other information related to you.
We assure you that all information collected through cookies files are used by us only for the purposes indicated above and are not transferred to third parties.
The following types of cookies are used on the website:
- technical – includes cookies necessary for the proper functioning of the website and to enable the functionalities of the website, but their operation does not lead to user tracking;
- analytical – used to analyse user’s behaviour within the website, for statistical and analytical purposes (improving the operation of the website), but do not include information that could identify the data of a specific user;
- marketing – used to analyse user’s behaviour, including for marketing purposes within the websites of third parties, provides information identifying data of a particular user.
|CookieConsent||Stores the user’s cookie consent state for the current domain||1 year||analytical, marketing|
|messagesUtk||Stores a unique ID string for each chat-box session. This allows the website-support to see previous issues and reconnect with the previous supporter||1 year||analytical, determining user preferences|
|__hssc||Identifies if the cookie data needs to be updated in the visitor’s browser||1 day||analytical|
|__hssrc||Used to recognize the visitor’s browser upon reentry on the website||Session||analytical|
|__hstc||Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purpose s||1 year||analytical|
|_at.hist.#||Used by the social sharing platform AddThis to store the user’s usage history of the AddThis sharing widget||Persistent||analytical|
|_ga||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||2 years||analytical|
|_gat||Used by Google Analytics to throttle request rate||1 day||analytical|
|_gid||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||1 day||analytical|
|_hjAbsoluteSessionInProgress||This cookie is used to count how many times a website has been visited by different visitors – this is done by assigning the visitor an ID, so the visitor does not get registered twice.||1 day||analytical|
|_hjFirstSeen||This cookie is used to determine if the visitor has visited the website before, or if it is a new visitor on the website.||1 day||analytical, determining user preferences|
|_hjid||Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes||1 year or Persistent||analytical, determining user preferences|
|_hjIncludedInPageviewSample||Used to detect whether the user navigation and interactions are included in the website’s data analytics||1 day||analytical|
|_hjTLDTest||Registers statistical data on users’ behaviour on the website. Used for internal analytics by the website operator.||Session||analytical, determining user preferences|
|hubspotutk||Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes||1 year||analytical, determining user preferences|
|__atuvc||Updates the counter of a website’s social sharing features.||1 year||marketing|
|__atuvs||Ensures that the updated counter is displayed to the user if a page is shared with the social sharing service, Add This.||1 day||marketing|
|_at.cww||Used by the social sharing platform AddThis||Persistent||marketing|
|_fbp||Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.||3 months||marketing, analytical|
|_gcl_au||Used by Google AdSense for experimenting with advertisement efficiency across websites using their services.||3 months||marketing, analytical|
|at-lojson-cache-#||Used by the social sharing platform AddThis||Persistent||marketing, analytical|
|at-rand||Used by the social sharing platform AddThis||Persistent||marketing, analytical|
Third party cookies
How to MANAGE cookies
You can set your preferences regarding cookies storage in your browser settings. Most browsers also provide functionality that lets you review and erase cookies. Remember that disabling or blocking some of the cookies may prevent or significantly impede the proper functioning of our website, for example by slowing it down.
Browser manufacturers provide help pages relating to cookie management in their products. Please see below for more information.
For other browsers, please consult the documentation that your browser manufacturer provides.
VIII. Contact details of Vstorm and Data Protection
Your data controller is VSTORM Sp. z o.o. with the registered office at Waniliowa 48/6 Street, 51-180 in Wrocław, entered in the Register of Entrepreneurs of the National Court Register conducted by the District Court for the City Wroclaw, VI-th Commercial Division of the National Court Register under number KRS 0000853793, having tax identification number (NIP) 8952220262, which can be contacted via email: gdpr@Vstorm.co.
IX. What are your rights regarding the processing of your personal data by Vstorm?
Please note that the instructions given below are only a recommendation, not a requirement.
- Access to your personal data
You may ask us at any time for access to your personal data, in order to check what data about you we process and to obtain detailed information regarding:
- whether we are processing your personal data,
- for what purpose,
- what categories of data we are processing,
- who is the recipient of your data,
- what is the planned duration of processing (if possible), and if we are not able to say, the criteria for determining that duration,
- if the personal data has not been given by you – all available information about the source of the data.
- Right to rectify the personal data
If, in your opinion, information about you is or has become inaccurate or incomplete, you have the right to demand that data is rectified or made complete.
- Right to erasure of the personal data
In certain situations, GDPR gives you the “right to be forgotten.” You can invoke this right if we are still processing your personal data, particularly in the following cases:
- the personal data is no longer vital for the purposes for which it was collected or otherwise processed;
- you revoked consent to the processing of personal data and there is no other legal basis for continuing to process it;
- you object to the processing of your personal data when there are no overriding, legitimate grounds for processing;
- you object to the processing of your personal data for marketing purposes;
- your data is processed in a manner that violates the law;
- the law requires that we erase your data.
- Right to restriction of processing
You can demand that we limit processing of your personal data when:
- you question the correctness of personal data we are processing – for a period of time that allows us to determine the correctness of that data;
- the processing of your personal data violates the law, but you prefer that processing be restricted rather than the data be erased;
- we no longer need your personal data for the purposes of processing, but you need it for establishing, pursuing, or defending legal claims;
- you have objected to the processing of your personal data – only until the dispute has been resolved.
Effective submission of a request for restriction of processing personal data, will limit the actions taken by us on the data indicated by you and in the scope of particular operations/purposes to necessary minimum – basically only to storage.
- Right to data portability
You have the right to receive your data in a commonly-used format that can be read by a computer, and also to have your data sent to another data controller.
You may invoke this right, if:
- processing is done on the basis of your consent or a contract; and
- processing is done in an automated manner.
- Right to object
In certain situations, you have the right to object to some operations we perform on your personal data. You may invoke you right:
- when processing of your personal data is based on Article 6(1)(e) GDPR that is, when processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Vstorm, including profiling, on grounds relating to your particular situation;
- when processing of your personal data is based on Article 6(1)(f) GDPR that is, when processing is necessary for the purposes of the legitimate interests pursued by Vstorm or by a third party, including profiling, on grounds relating to your particular situation;
- when personal data are processed for direct marketing purposes, at any time and to the extent that it is related to such direct marketing;
- when we process your personal data for purposes related to scientific or historical studies, or for statistical purposes, on grounds relating to your particular situation.
Remember, however, that when despite of your objection we conclude that there are important, legitimate grounds for processing that override your interests, rights and freedoms, or the basis for establishing, pursuing or defending claims, we will continue to process your personal data encompassed by the objection. If you disagree with such an assessment of the situation, you can exercise your right to file a complaint with the relevant public authority (more information below).
- Complaints to the relevant public authority
In connection with our actions as the data controller of your personal data, you have the right to file a complaint to the relevant data protection authority.
If you would like to file a complaint to the data protection authority, you can find list of local authorities responsible for data protection across the EU and their contact details at: https://edpb.europa.eu/about-edpb/board/members_en.
In Poland this function is performed by President of the Personal Data Protection Office (PUODO). A detailed description of the complaint procedure is available on the website maintained by PUODO at: https://uodo.gov.pl/pl/83/155.
- To ensure the exercise of your rights, please send each request via e-mail to gdpr@Vstorm.co, with the subject “GDPR request”, and specify which rights you wish to exercise (please note that you may submit your request in another form, including in writing).
- Of course, if you have any comments about how we do things, we encourage you to first contact us gdpr@Vstorm.co. If you contact us with a privacy complaint, it will be assessed with the aim of resolving the issue in a timely and effective manner.
Last update: 15.12.2021