Privacy Policy - PTM Soft

The Privacy Policy describes the rules for processing information about you, including personal data and cookies.

This Privacy Policy sets out the rules for storing and accessing data on Users’ Devices who use the Service, for the purpose of providing electronic services by the Administrator, as well as the rules for collecting and processing Users’ personal data, which they have personally and voluntarily provided through tools available in the Service.

This Privacy Policy forms an integral part of the Service Regulations, which define the rules, rights, and obligations of Users using the Service.

§1 Definitions

Service – the “ptmsoft.pl” online service operating at https://ptmsoft.pl/

External Service – online services of partners, providers, or clients cooperating with the Administrator

Service / Data Administrator – the Administrator of the Service and the Data Administrator (hereinafter: Administrator) is the company “PRZEMYSŁAW TOMECKI PTM SOFT”, operating at: Więckowice, ul. Kasztanowa 78, 32-082 Bolechowice, Poland, tax identification number (NIP): 679-28-46-140, providing electronic services via the Service

User – a natural person for whom the Administrator provides electronic services through the Service

Device – an electronic device with software, through which the User gains access to the Service

Cookies – text data collected in the form of files placed on the User’s Device

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation)

Personal Data – means information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person

Processing – means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction

Restriction of Processing – means the marking of stored personal data with the aim of limiting their processing in the future

Profiling – means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements

Consent – of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them

Personal Data Breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed

Pseudonymization – means the processing of personal data in such a manner that they can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person

Anonymization – means an irreversible process of operations on data that destroys/overwrites “personal data,” making it impossible to identify or associate a given record with a specific user or natural person.

Information in Forms
The Service collects information voluntarily provided by the User.

The Service may record information about connection parameters (such as timestamp, IP address).

The Service may record information that facilitates linking the data in the form with the User’s email address filling out the form. In such cases, the User’s email address may appear within the URL of the page containing the form.

The data provided in the form are not shared with third parties except with the User’s consent.

The data provided in the form are processed for the purpose resulting from the function of the specific form, e.g., in order to carry out a service request or for business contact purposes.

The data provided in forms may be transferred to entities that technically perform certain services – in particular, this applies to the transfer of information about the holder of a registered domain to entities that are operators of internet domains, or to entities with which the Service Operator cooperates in this regard.

§2 Data Protection Officer

Pursuant to Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer.

For matters relating to data processing, including personal data, please contact the Administrator directly.

§3 Types of Cookies

Internal Cookies – files placed and read from the User’s Device by the Service’s IT system.

External Cookies – files placed and read from the User’s Device by the IT systems of External Services. Scripts of External Services, which may place Cookies on the User’s Device, have been deliberately embedded in the Service through scripts and services made available and installed within the Service.

Session Cookies – files placed and read from the User’s Device by the Service during a single session of a given Device. After the session ends, the files are deleted from the User’s Device.

Persistent Cookies – files placed and read from the User’s Device by the Service until they are manually deleted. These files are not automatically removed after the Device session ends, unless the User’s Device configuration is set to delete Cookies after the end of a Device session.

§4 Data Storage Security

Mechanisms for storing and reading Cookies – The mechanisms for storing, reading, and exchanging data between Cookies saved on the User’s Device and the Service are implemented through built-in web browser functionalities. They do not allow the retrieval of other data from the User’s Device or data from other websites visited by the User, including personal data or confidential information. The transfer of viruses, trojans, and other malicious software to the User’s Device is also virtually impossible.

Internal Cookies – Cookies applied by the Administrator are safe for Users’ Devices and do not contain scripts, content, or information that could pose a risk to the security of personal data or the security of the Device used by the User.

External Cookies – The Administrator takes all possible measures to verify and select the Service’s partners in the context of User security. The Administrator cooperates only with well-known, large partners of global public trust. However, the Administrator does not have full control over the content of Cookies originating from external partners. The Administrator is not responsible, to the extent permitted by law, for the security of such Cookies, their content, or their licensed use by scripts installed in the Service and originating from External Services. The list of partners is provided later in this Privacy Policy.

Cookie Control
The User may, at any time, independently change the settings regarding the storage, deletion, and access to Cookies saved by any website.

Information on how to disable Cookies in the most popular desktop browsers is available on the following pages:

Managing cookies in Chrome
Managing cookies in Opera
Managing cookies in Firefox
Managing cookies in Edge
Managing cookies in Safari
Managing cookies in Internet Explorer 11

The User may delete all previously saved Cookies at any time using the tools of the User’s Device through which the User accesses the Service.

User-related Risks – The Administrator applies all possible technical measures to ensure the security of data placed in Cookies. However, it should be noted that ensuring the security of this data depends on both parties, including the User’s activity. The Administrator is not responsible for the interception of such data, impersonation of the User’s session, or their deletion as a result of conscious or unconscious actions of the User, or due to viruses, trojans, or other spyware with which the User’s Device may be or may have been infected. To protect themselves against such risks, Users should follow the principles of safe Internet use.

Storage of Personal Data – The Administrator ensures that all efforts are made to keep personal data voluntarily provided by Users secure, that access to such data is limited, and that it is processed in accordance with its intended purpose and processing objectives. The Administrator also ensures that all efforts are made to protect stored data against loss by applying appropriate physical and organizational safeguards.

§5 Purposes for Using Cookies

Cookies on the Service are used for the following purposes:

Improving and facilitating access to the Service
Personalizing the Service for Users
Enabling user login to the Service
Marketing and remarketing on external platforms
Advertising services
Affiliate services
Conducting statistics (users, number of visits, device types, connection, etc.)
Providing multimedia services
Providing social networking services

§6 Purposes of Personal Data Processing

Personal data voluntarily provided by Users is processed for one of the following purposes:

Provision of electronic services:

Services related to the registration and maintenance of a User account on the Service and its associated functionalities
Services for sharing information about content posted on the Service on social media or other websites

Communication between the Administrator and Users regarding matters related to the Service and data protection

Ensuring the legally justified interest of the Administrator

Data about Users collected anonymously and automatically is processed for one of the following purposes:

Conducting statistics
Remarketing
Serving advertisements tailored to Users’ preferences
Supporting affiliate programs
Ensuring the legally justified interest of the Administrator

§7 Cookies from Third-Party Services

The Administrator uses JavaScript scripts and web components from partners on the Service, who may place their own cookies on the User’s device. Please note that in your browser settings, you can control which cookies are allowed to be used by specific websites. Below is a list of partners or their services implemented on the Service that may place cookies:

Multimedia services:

YouTube

Social / integrated services:
(Registration, login, content sharing, communication, etc.)

Facebook
LinkedIn

Advertising and affiliate network services:

Google Adsense

Statistics tracking:

Google Analytics
WordPress Stats (Automattic Inc.)

Other services:

Google Maps

Services provided by third parties are beyond the Administrator’s control. These entities may change their service terms, privacy policies, purposes of data processing, and methods of using cookies at any time.

§8 Types of Collected Data

The Service collects data about Users. Some data is collected automatically and anonymously, while other data consists of personal information voluntarily provided by Users when registering for specific services offered by the Service.

Anonymous data collected automatically:

IP address
Browser type
Screen resolution
Approximate location
Pages visited on the service
Time spent on specific pages
Operating system type
Referring page address
Referrer URL
Browser language
Internet connection speed
Internet service provider

Data collected during registration:

First name / last name / nickname
Email address
Phone number

Data collected when subscribing to the Newsletter:

Email address

Data collected when adding a comment:

First name and last name / nickname
Email address
Website address
IP address (collected automatically)

Some data (excluding personally identifiable information) may be stored in cookies. Some data (excluding personally identifiable information) may be shared with statistical service providers.

§9 Access to Personal Data by Third Parties

As a rule, the only recipient of personal data provided by Users is the Administrator. Data collected within the scope of the provided services is not transferred or sold to third parties.

Access to data (most often based on a Data Processing Agreement) may be granted to entities responsible for maintaining the infrastructure and services necessary to operate the service, such as:

Hosting companies providing hosting or related services for the Administrator

Entrusting the processing of personal data – Hosting, VPS, or Dedicated Server Services

The Administrator uses an external provider for hosting, VPS, or Dedicated Server services to operate the service. All data collected and processed within the service is stored and processed on the provider’s infrastructure located in Poland. Access to this data may occur as part of maintenance work carried out by the provider’s personnel. Access to such data is governed by an agreement concluded between the Administrator and the Service Provider.

§10 Method of Processing Personal Data

Personal data voluntarily provided by Users:

Personal data will not be transferred outside the European Union, unless it has been made public as a result of the User’s individual actions (e.g., posting a comment or entry), which makes the data accessible to anyone visiting the service.
Personal data will not be used for automated decision-making (profiling).
Personal data will not be sold to third parties.

Anonymous data (non-personal) collected automatically:

Anonymous data (non-personal) may be transferred outside the European Union.
Anonymous data (non-personal) may be used for automated decision-making (profiling).
Profiling of anonymous data (non-personal) does not produce legal effects or otherwise significantly affect the individual to whom the automatically processed data pertains.
Anonymous data (non-personal) will not be sold to third parties.

§11 Legal Basis for Processing Personal Data

The Service collects and processes User data on the basis of:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR):
- Art. 6(1)(a): the data subject has given consent to the processing of their personal data for one or more specific purposes;
- Art. 6(1)(b): processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
- Art. 6(1)(f): processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws 2018, item 1000)
Act of 16 July 2004 – Telecommunications Law (Journal of Laws 2004, No. 171, item 1800)
Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994, No. 24, item 83)

§12 Retention Period of Personal Data

Personal data voluntarily provided by Users:

As a general rule, the aforementioned personal data is stored only for the duration of the Service provided by the Administrator. Such data is deleted or anonymized within 30 days from the termination of the service (e.g., deletion of a registered user account, unsubscribing from the Newsletter, etc.).

An exception applies when it is necessary to retain the data to secure legally justified purposes of further processing by the Administrator. In such cases, the Administrator will store the specified data, from the moment the User requests its deletion, for no longer than 3 years in the event of a violation or suspected violation of the Service Terms by the User.

Anonymous data (non-personal data) collected automatically:

Anonymous statistical data that does not constitute personal data is stored by the Administrator for the purpose of maintaining Service statistics for an indefinite period.

§13 Users’ Rights Related to the Processing of Personal Data

The Service collects and processes Users’ data based on applicable laws. Users have the following rights:

Right of access to personal data
Users have the right to obtain access to their personal data, exercised upon request submitted to the Administrator.

Right to rectification of personal data
Users have the right to request the Administrator to immediately rectify inaccurate personal data and/or to complete incomplete personal data, exercised upon request submitted to the Administrator.

Right to erasure of personal data
Users have the right to request the Administrator to immediately delete their personal data, exercised upon request submitted to the Administrator. In the case of user accounts, data deletion involves anonymization of data enabling User identification. The Administrator reserves the right to suspend the fulfillment of a deletion request to protect the legally justified interests of the Administrator (e.g., in case the User has violated the Terms of Service or data was obtained through correspondence).

For the Newsletter service, Users may independently delete their personal data using the link provided in every email message.

Right to restriction of personal data processing
Users have the right to request the restriction of the processing of their personal data in cases specified in Article 18 of the GDPR, e.g., when the accuracy of personal data is contested, exercised upon request submitted to the Administrator.

Right to data portability
Users have the right to obtain from the Administrator personal data concerning them in a structured, commonly used, and machine-readable format, exercised upon request submitted to the Administrator.

Right to object to the processing of personal data
Users have the right to object to the processing of their personal data in the cases specified in Article 21 of the GDPR, exercised upon request submitted to the Administrator.

Right to lodge a complaint
Users have the right to lodge a complaint with the supervisory authority responsible for data protection.

§14 Contact with the Administrator

Users can contact the Administrator using one of the following methods:

Postal address:
PTM SOFT Quattro Business Park D – 4th floor (Ace of Space)
Al. Generała Tadeusza Bora-Komorowskiego 25, 31-476 Kraków, Poland

Email address:
kontakt@ptmsoft.pl

Telephone:
+48 12 444 7837

Contact form:
Available at: https://ptmsoft.pl/kontakt/

§15 Service Requirements

Limiting the storage and access of cookies on the User’s device may cause some features of the Service to malfunction.
The Administrator is not responsible for any malfunctioning features of the Service if the User restricts, in any way, the ability to store or read cookies.

§16 External Links

The Service – including articles, posts, entries, or User comments – may contain links to external websites with which the Service Owner does not cooperate. These links, as well as the websites or files they point to, may be unsafe for your device or pose a risk to your data security. The Administrator is not responsible for content outside the Service.

§17 Changes to the Privacy Policy

The Administrator reserves the right to make changes to this Privacy Policy at any time without notifying Users regarding the use of anonymous data or the use of cookies.
The Administrator reserves the right to make changes to this Privacy Policy regarding the processing of Personal Data, in which case Users with accounts or subscribed to the newsletter will be notified via email within 7 days of the changes. Continued use of the Service constitutes acknowledgment and acceptance of the updated Privacy Policy. If a User does not agree with the changes, they are obliged to delete their account or unsubscribe from the newsletter.
Changes to the Privacy Policy will be published on this page of the Service.
All changes take effect immediately upon publication.