Privacy policy

This Privacy Policy is a document related to the Terms of Service of FFFRREE available at: https://fffrree.com/en/privacy-policy This policy serves an informational purpose and fulfills the informational obligations imposed on the data controller by the GDPR, namely Regulation 2016/679 of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

1. DATA CONTROLLER
   1. The data controller is the Service Provider, E-TRADE SOLUTIONS Sp. z o.o., based at 15 Hangarowa Street, Legnica (59-220), with Tax Identification Number (NIP) 6912552324 and National Official Business Register Number (REGON) 387822015. Registered at the District Court for Wrocław-Fabryczna in Wrocław under KRS number 0000875181, with a share capital of 100,000 PLN.
   2. Data Controller contact details: konrad@fffrree.com
2. DATA PROCESSING
   1. The scope, objectives, and legal basis for personal data processing are detailed in the table below.

      Purpose of personal data processing	Scope of personal data	Legal basis for processing personal data	Data processing period
      entering into and executing contracts	name, surname, VAT number, REGON number, address, telephone number, address, e-mail address	article 6(1)(b) of the GDPR - legal basis for processing data necessary for contract performance	until termination of the Agreement or expiration of the statute of limitations for claims related to the Agreement
      providing Product services	name, surname, VAT number, REGON number, address, telephone number, address, e-mail address	article 6(1)(b) of the GDPR - legal basis for processing data necessary for contract performance	until termination of the Contract for Additional services or expiration of the statute of limitations for claims related to the contract
      replies to messages created using the website contact form	e-mail address, name, surname, and other data voluntarily provided by the data subject	article 6(1)(f) of the GDPR – Legitimate interest of the data controller in handling inquiries and direct correspondence from data subjects	until the correspondence is concluded or objection is expressed by the data subject
      managing correspondence through electronic communications	e-mail address, name, surname, organization name, and other personal data voluntarily provided by the data subject	article 6(1)(f) of the GDPR – Legitimate interest of the data controller in handling inquiries and direct correspondence from data subjects	until the correspondence is concluded or objection is expressed by the data subject
      providing access to the website	IP address	article 6(1)(b) of the GDPR - legal basis for processing data necessary for contract performance	until expiration of the statute of limitations for claims related to the website access
      website traffic monitoring	IP address, cookies, shopping cart analysis	article 6(1)(a) of the GDPR - consent of the data subject	until the data becomes obsolete or the data subject withdraws consent
      protection against claims, directing claims	e-mail address, name, surname, other data provided by the data subject	article 6(1)(f) of the GDPR – legitimate interest of the data controller in protecting against claims and directing claims	until expiration of the statute of limitations for claims related to website access as well as all user activity within the website, counted from a user's last visit to the site

   2. If the Service Provider were to transfer any personal data to a third country (i.e. outside the European Economic Area), it will inform the data subject of this fact, as well as indicate the legal basis for such an action.
   3. In the case of personal data transfer to a third country, the Service Provider will verify the safeguards applied by the data recipient in order to confirm the recipient's assurance of the security and integrity of such data, as well as respect for the rights of data subjects in the recipient country.
   4. The service provider does not process personal data for the purposes of automated decision-making, including profiling.
3. DATA RECIPIENTS
   1. The Service Provider may entrust processing personal data to third parties in order to perform certain activities. In such cases, the individual data recipients may be: a web hosting provider, a messaging platform service, a technical support company, an email delivery service, a law firm, or an accounting office.
   2. Personal data collected by the Service Provider may also be made available to the relevant state authorities at their request under the relevant legislation, or to other persons and entities in cases stipulated by law.
   3. Each entity that the Service Provider entrusts with personal data for processing shall guarantee an adequate level of security and confidentiality. Under the personal data processing agreement (referred to as the Data Processing Agreement), such entities may only further entrust the processing of this data to another entity with the Service Provider’s prior consent.
   4. According to this Privacy Policy, personal data may only be disclosed to unauthorized entities with the prior consent of the data subject.
4. DATA SUBJECT RIGHTS
   1. Every data subject has the right to:
      • request the deletion of their personal data both from the Service Provider's system and from the databases of entities with whom the provider has cooperated. Data subjects also have the right to request from the Service Provider access to his personal data and their rectification,
      • request the restriction of data processing,
      • portability of personal data collected by the Service Provider, including the right to receive it in a structured form,
      • to request from the Service Provider access to and rectification of their personal data,
      • to object to the data processing,
      • revoke their consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent before its revocation;
      • file a complaint against the Service Provider to the supervisory authority (Data Protection Authority).
5. OTHER DATA
   1. The Service Provider may store http queries, and therefore some information may be stored in the server log files, including the IP address of the computer from which the query came, the station name of the data subject - identification carried out by the http protocol, if possible, the date and system time of registration on the Service Provider's site and the arrival of the query, the number of bytes sent by the server, the URL of the site previously visited by the data subject, whether the data subject entered the Service Provider's site using a link, information about the browser, information about errors that occurred during the execution of the http transaction. Logs may be collected as material for the proper administration of the Service Provider. Only persons authorized to administer the computer system have access to the information. Log files may be analyzed to compile the Service Provider's website traffic statistics and errors that occur. A summary of such information does not identify an individual, ensuring their anonymity.
6. SECURITY
   1. The Service Provider shall apply technical and organizational measures to ensure the protection of the processed personal data appropriate to the risks and categories of data under protection. In particular, the Service Provider shall technically and organizationally secure the data from being accessed by unauthorized persons, taken by an unauthorized person, processed in violation of the law, as well as from alteration, loss, damage or destruction. Among other security measures, SSL certificates are used and the collection of personal data is stored on a secured server, protected by the Service Provider's internal procedures for personal data processing and information security policies.
   2. The service provider has also implemented appropriate technical and organizational measures, such as pseudonymization, designed to effectively implement data protection principles, such as data minimization, and to provide necessary safeguards for personal data processing to meet GDR requirements and protect the data subjects rights.
   3. At the same time, the Service Provider indicates that using the Internet and services provided electronically may entail the risk of malicious software (malware) entering the user's ICT system and devices, as well as unauthorized access to data, including personal data, by third parties. In order to minimize these risks, the data subject should use appropriate technical safeguards, e.g. using up-to-date anti-virus software or protecting his/her identification on the Internet. In order to obtain detailed and professional information regarding the preservation of security on the Internet, the Service Provider recommends consulting businesses specializing in such IT services.
7. COOKIES
   1. To ensure the proper functioning of the website, the Service Provider uses Cookie technology. Cookies are packages of information saved on the user's device by the Service Provider, typically containing relevant information facilitating the user's interaction with the Service Provider’s site. These typically include: the service address, placement date, the expiration date, a unique number and additional information relevant to the specific cookie.
   2. The service provider uses two types of Cookies:
      • session cookies, which are deleted permanently when the user's browser session ends;
      • persistent cookies, which remain after the end of the browser session on the user's device until they are deleted.
   3. It is not possible to determine the user's identity based on cookies, whether session or permanent. The cookies mechanism does not permit the collection of any personal data.
   4. The Service Provider's Cookies are safe for the user's device. In particular, they do not allow viruses or other malicious software to enter the device.
   5. Cookies generated directly by the Service Provider cannot be read by other services. External Cookies (i.e. Cookies placed by entities cooperating with the Service Provider) can be read by an external server.
   6. The user can change their Cookie settings at any time, including conditions for storing Cookies, through their Internet browser settings or through the service configuration options.
   7. The user may disable the storage of Cookies on their device following browser-specific instructions, but this may result in some or all of the functions of the Service Provider's website becoming unavailable.
   8. The user may also delete the cookies stored on their device at any time by following browser-specific instructions.
   9. The Service Provider uses proprietary Cookies for the following purposes: to configure and adapt the page content to the preferences or behavior of the user; to analyse and monitor page views, click counts, and navigation paths through the site to improve the layout and organization of the content, time spent on the site, as well as the number and frequency of visits to the Service Provider's site.
   10. The Service Provider uses External Cookies for the following purposes: to create anonymous statistics to optimize the Service Provider's functionalities, using analytical tools such as Google Analytics.
   11. Detailed information on Cookies is available in the data subject's internet browser settings.
8. FINAL PROVISIONS
   1. This Privacy Policy takes effect on 12.06.2023 r.