Principles of data processing
Last update 02-09-2024
The Personal Data Processing Policy is a document that defines how users' personal data is collected, stored and used, taking into account the purposes of the processing. In addition, it also includes users' rights to access, correct, delete and transfer their personal data.
As of May 25, 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (referred to as “RODO”) is in force.
With the above in mind, this document provides information on data processing and the principles of data processing.
- Administrator
- The administrator of the personal data is MIZZOX S.A. based in Krakow, registered in the register of entrepreneurs kept by the District Court for Krakow-Śródmieście in Krakow, XI Economic Department of the National Court Register under the KRS number 0001123058, NIP: 6793097640, REGON: 12302151500000.
- Kontakt
- On the issue of personal data and its processing, the appropriate e-mail address is [email protected] Or contact by letter to the registered office address indicated in point. 1
- If the correspondence will concern a request from the controller for access to, rectification, erasure or restriction of processing of personal data concerning the data subject, or about the right to object to processing, as well as the right to data portability, proof of identity will be necessary.
- Data Protection Officer and his contact information
- Details of the designated data protection officer:
- Mailing address …………..
- E-mail …………………….
- Details of the designated data protection officer:
- What personal data is processed and for what purpose
- The personal data that …………… processes is collected during the use of our services provided through the mizzox.com Website and its functionalities and the Application, in connection with the conclusion of agreements and contact with …………………. including emails and telephone messages.
- The processing of data also occurs during the transmission to our servers of information about the use of our services, derived from the assigned identifiers in the form of: the IP address from which the Service Recipient and Users contact our Service, the name and hardware identifier of the computer, the operating system (version, language, etc.), , as well as within the cookies stored on the device, in which we record information about the fact that the Service Recipient and Users visited our site, the configurations they selected, and whether they came to our site from the website of one of our partners.
- We process personal data only to the following extent:
- name, surname, and if applicable – also the name under which the individual conducts business, the name of the company,
- email address
- phone number
- address (postal code, town, street, house/apartment number, province, district, municipality)
- PESEL
- TAX ID
- information about how the Service Recipient and Users use our Services derived from assigned identifiers in the form of: the IP address from which the Service Recipient and Users communicate with our Service, the name and hardware identifier of the computer, the operating system (version, language, etc.), information about configuration preferences and behavior in the use of our Services.
- Indicate what other data is processed
- The above personal information is necessary in order to:
- Indicate what services we will perform using personal data
- Execute the service contract,
- Detect abuses related to unauthorized use of our Service or its functionalities and Applications and in accessing them (hacking attempts, DoS attacks),
- enable you to contact us as data controller,
- send marketing offers and commercial information,
- improve our offerings and adapt them to the needs of users.
- Cookies are small text files stored on the Service Recipient’s or User’s terminal device, which they can control themselves (it is possible to set the acceptance or blocking of cookies in the web browser). Blocking cookies may result in a lack of functionality of the Website and Application, for which the Service Provider is not responsible.
- At the same time, we have included detailed information on our use of these cookies in the Cookie Policy document.
- Data processing is carried out without the involvement of automated decision-making in individual cases.
- Legal basis for data processing
- The legal basis for processing Service Recipient and User data depends on the purpose for which we process it:
- personal data provided in the performance of services available through our Website and its functionalities and applications (listed in the Terms of Service document) we process on the basis specified in Article 6(1)(b) of the RODO (processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject prior to entering into a contract),
- data provided for a contract to which the Service Recipient is a party, we process on the basis specified in Article 6(1)(b) of the RODO (processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject prior to entering into a contract),
- all Service Recipient and User data that we hold as data controller we also process for marketing purposes with reference to the so-called legitimate interest of the data controller and on the basis of your consent given prior to the processing. Our legitimate interest is to present the Service Recipient and Users with offers and promotions that may be of interest to them, as well as other information to promote our brand and the brands of our partners,
- we process personal data provided for the purpose of contacting us as administrator and other users on the basis of consent given prior to processing,
- We process information about the way Service Recipients and Users use our Services from assigned identifiers in the form of: the IP address from which Service Recipients and Users communicate with our Service, the name and hardware identifier of the computer, the operating system (version, language, etc.) they use, and generated by their devices in the form of cookies, based on the legitimate interest of the data controller. Our legitimate interest is to prevent abuse, to improve our offerings and management of server resources, to sustain the trouble-free operation of the websites and license activation service, and to fulfill the controller’s statutory obligations to ensure the security of personal data protection.
- The legal basis for processing Service Recipient and User data depends on the purpose for which we process it:
- Recipients of personal data
- We provide Service Recipients and Users’ data only when it is necessary to complete the services they order. We never share and will not commercially share data with third parties. We store personal data with our partners through whom we can operate our Service and Application.
- Partners to whom we may share personal data are responsible for areas such as:
- Maintaining and securing the technical infrastructure, including maintaining and ensuring the continuous operation of servers, making the content of our websites available on the Internet;
- Improve the quality of the experience, including services that make websites display faster and minimize the number of interruptions to the services we offer;
- Security monitoring, fraud prevention and debugging to keep data safe;
- Provision of information by electronic means (e.g. e-mail, SMS) – both as part of the ordered services and advertising information, provided that separate consent has been given for their transmission, as well as information that we are required to send by law;
- Delivery of information by snail mail, if services have been requested in this regard;
- Handling the purchasing process, payments, invoicing, accounting services;
- Other services provided by our subcontractors that increase the scope, quality, comfort and safety of our services, as well as for additional and periodic services;
- For each of these purposes, we transfer only the data that is necessary to achieve the purpose. Where possible, we use anonymization or pseudonymization tools, i.e. measures that make the Service Recipient and Users unidentifiable to our partners and subcontractors, where we still have the data.
- Period of processing of your personal data
- Personal data obtained in connection with:
- use of the Services available through our Website and its functionalities and Applications (listed in the Terms of Service document) – we process for the period of the statute of limitations for tax liabilities or the duration of the relevant contract,
- conclusion of a contract,- we process for the period of the statute of limitations for tax obligations or the duration of the contract in question,
- processing for marketing purposes – we process for the period of limitation of liabilities
- tax or the validity of the contract in question,
- sent by mail / e-mails – we process for a period no longer than the statute of limitations for tax liabilities or the term of the contract in question,
- identifiers in the form of: the IP address from which the service recipient or Users communicate with our service, the name and hardware identifier of the computer, the operating system (version, language, etc.) they use, –
- we process indefinitely, whereby the data can only be linked in exceptional cases to the
- a specific person (e.g., entering a name as the name of the computer).
- In the event that the rights described in Articles 16-18 and 20-21 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (Right to rectification of data; Right to erasure /to be forgotten/; Right to data portability; Right to limit processing; Right to object to processing)are exercised by the Service Recipient or User, the processing of the aforementioned data may be curtailed or withheld/limited in accordance with the Service Recipient’s or User’s request. After this period, we will process the data within the scopes described in Section 5, which is in accordance with data protection regulations (e.g., if it is necessary to establish, assert or defend claims in judicial, administrative or other out-of-court proceedings, as well as to clarify the circumstances of unauthorized use of the service).
- Personal data obtained in connection with:
- Your rights
- As we process data on the basis of, among other things, the consent given by the Service Recipient and User, they have the right to withdraw the aforementioned consent at any time.
- The rights of Service Recipients and Users include:
- The right to access the content of your personal data.
- Service recipients and Users have the right to obtain whether personal data pertaining to them are processed in our collections, and if so, to access them and the categories of information provided in one of the commonly used formats (e.g. PDF).
- Right to rectify data
- If the data we process is inaccurate, Service Recipients and Users have the right to request immediate rectification of personal data concerning them that is inaccurate. In this case, we may ask you to provide us with an additional statement on the circumstances of the data change.
- Right to request erasure of data (“right to be forgotten”)
- This right means that you can request that we delete from our database systems and from our records any information containing Service Recipient’s or Users’ personal data. We will not be able to do so insofar as we have a legal obligation to process the data (e.g., warranty obligation, to establish, assert or defend claims, obligation to ensure accountability of our actions, accounting documents for tax purposes). In any case, however, we will delete personal data to the fullest extent possible, and where this is not possible, we will ensure that the data is pseudonymized to the extent possible (the data subject cannot be identified without an appropriate linkage key), so that the data will be accessible only to a very limited circle of people.
- The right to restrict data processing
- If a Service Recipient or User believes that we process too broad a catalog of personal data for a specific process, we no longer need the personal data for the purposes of processing, or he or she questions the accuracy of the data – he or she has the right to request that we limit this scope of processing. As long as the request does not oppose the requirements imposed on us by law or is not necessary for the performance of the contract, we will grant the request (for the period of recognition of the request, the processing of data shall be suspended except for storage, only with the consent of the data subject, or for the establishment, investigation or defense of claims, or for the protection of the rights of another natural or legal person, or for important reasons of public interest of the Union or a Member State).
- Right to data portability to another data controller
- At any time, Service Recipients or Users have the right to ask us to export the data they have provided to us in the course of all our contacts and all our cooperation to a separate file for further transfer to another data controller.
- Right to object to data processing
- When a Service Recipient or User does not want us to process his/her personal data for marketing purposes or processed for purposes arising from the legitimate interests pursued by the controller, he/she may file such an objection. In this case, we will continue to process the data for other needs (purposes) and to the exclusion of the purpose for which the objection was raised. The rights referred to above can be exercised only after authorization, through the Service or the Application, or by sending an authenticated instruction by registered mail. If in doubt about how to exercise rights, the Service Recipient or User may contact us for assistance and guidance by writing to the e-mail address [email protected] or calling the number published on the website……………… Please note that we cannot, however, carry out instructions solely on the basis of an e-mail received or a telephone call if we are unable to confirm identity. We will execute instructions for the exercise of the above rights as soon as possible, not more than within 30 days.
- Please note that after the request to stop sending correspondence by e-mail for the next few days, correspondence may still be sent.
- Deletion of your account on the Service does not immediately delete your personal information – it will be deleted as required within the timeframes specified herein.
- We would like to inform you that providing personal data such as: name, surname, and if applicable – also the company under which the individual conducts his/her business activity, e-mail address, telephone number, address (postal code, town, street, house/flat number, province, district, municipality), PESEL, NIP, …………….. Is a requirement for submission by using …………….. services available through the Website and its functionalities and the Application (listed in the Terms of Service document).
- Provision of personal data such as name, surname (possibly also company), e-mail address (possibly also registered office address, including postal code, city, street, house/apartment number), telephone number is a requirement for the execution of the contract.
- Accordingly, in the event that the Service Recipient or User in the course of the performance of services from the rights such as the Right to request deletion of data (“right to be forgotten”) or similar in substance, – the performance of services by us will not be possible.
- The right to access the content of your personal data.
- If Service Recipients or Users believe that we have violated the rules for processing their personal data in any way, they have the right to file a complaint directly with the supervisory authority (as of May 25, 2018, this is the President of the Office for Personal Data Protection). In exercising this right, they should provide a full description of the situation and indicate what action they consider to have violated their rights or freedoms. The complaint should be submitted directly to the supervisory authority.
- Additional information and recommendations
- In order to maximize security, we recommend that you connect to the Site and the Application using an operating system protected by an anti-virus program and an Internet browser in the latest available version that supports the TLS data transmission encryption protocol version 1.2 or higher. We do not recommend operating through computers that are accessed by many people (Internet cafes, universities, libraries, etc.). Before using the services we offer, we recommend that you check the TLS certificate in the browser bar and confirm a reliable secure connection.