Privacy Policy
-
-
The following document (Privacy Policy) sets out the rules for the processing of personal data by Cipher S.A .with its registered office in São Tomé and Príncipe, at Avenida Amilcar Cabral 889, Cidade de S. Tomme.
Controller contact details:
- Address for correspondence: Avenida Amilcar Cabral 889, Cidade de S. Tomme
- Email address: [email protected]
-
Regarding personal data, including the exercise of rights, should be contacted at [email protected]
-
The protection of personal data is carried out in accordance with the requirements of generally applicable law, i.e. in particular in accordance with the Act of 10 May 2018 on personal data protection (Journal of Laws of 2018 item 1000, as amended), Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 (GDPR) and the Act of 18 July 2002 on the provision of electronic services, and their storage takes place on secured servers.
-
The Controller may collect data about individuals who use the services provided by the Controller, including visitors to the site. The Controller collects personal data provided directly by individuals. The Controller also collects personal data acquired in the course of individuals' activities, as acquired when users visit sites or use or interact with any of the services; in addition, data about terminal devices, IP addresses.
-
The data that are collected may be used in different ways, depending on the individual's status as: (i) a publisher, advertiser or other content provider who has entered into an agreement with the Controller ("Client"); (ii) a visitor to the Clients' websites and digital properties that are associated with the services ("User"); or (iii) a visitor to online platforms/areas supervised by the Controller who falls into the category of Client or potential Client.
-
To find out more details about the use of cookies by the websites and services, please read the Cookie Policy.
-
Data collecting and advertising is not knowingly targeted towards websites that have, as their audience, children under the age of 18.
-
Processing of personal data
-
The Controller recommends that Users should carefully read and understand the whole contents of this Privacy Policy and Cookie Policy before use of Controller services.
-
Controller respects and protects the privacy of Users. Controller collects and uses personal data, which are generated during using website or services, in accordance with this Privacy Policy.
-
The Privacy Policy and Cookie Policy could be changed from time to time, and the new policy will immediately replace the older one once posted.
-
Purposes and legal basis for processing of data
-
Users' data are processed in particular for the following purposes:
- concluding and performing agreements with Client, User;
- providing services;
- informing about the content and services offered by Controller;
- conducting direct marketing;
- conducting measurement and improving content and services;
- responding to complaints;
- ensuring compliance with legal provisions, where law requires the processing of personal data;
- ensuring the security of IT systems;
- pursuing claims.
-
The legal basis for the processing of the personal data by Controller is the necessity to perform agreements (pursuant to Article 6 .1 (b) of the GDPR);
-
To the extent to whose personal data is processed in order to measure and improve content and services, conduct direct marketing, respond to complaints, ensure IT systems security, claim redress, conclusion and performance of a contract, with the entity represented by the user, the legal basis for the processing personal data is legitimate interest of Controller (pursuant to Article 6.1 (f) of the GDPR).
-
Controller may also process User's personal data if it is necessary to fulfil the legal obligation imposed on the controller (pursuant to Article 6.1 (c) of the GDPR). This may include, for example, providing user data at the request of public authorities.
-
In some cases, Controller may process users' personal data based on the consent given by users. In this case, the User will be asked for consent (pursuant to Article 6.1 (a) of the GDPR).
-
Categories of data
-
User Information is collected automatically when Users come into contact with the services featured on the websites of Clients and other digital properties. This User Information is collected through the use of cookies and other technologies employed by most web-based services.
-
Controller collects data only in a pseudonymized form, meaning your identity is concealed from us as we do not know or process your name, e-mail address, or other relevant personal data.
-
Controller may collect User Information that includes, but is not limited to:
- data regarding the device and operating system of the User;
- IP address;
- the web pages visited within our Client' websites;
- the link that brought the User to a Client's website;
- the accessing dates and times on a Client's website;
- event information (e.g., system crashes);
- geographic location of User's internet service provider (i.e. country, city);
- other diagnostic data.
-
Clients are asked to acquire consent on our behalf to allow us to collect this User Information (whenever it's required by applicable data protection laws). User data may also be obtained from our data partners (accredited or authorized institutions are able to request such documents).
-
Site visitor Information may be collected by Controller either from visitor or from third parties that collect data when using one of Controller sites.
-
Site visitor Information may also be collected by Controller through third parties that automatically do so, on our behalf, when visitor access Controller site. The collected information may be about operating system, IP address, system configuration, device information, mobile data information, visited web pages within Controller sites, the link that redirected to Controller sites, what site are visited when left Controller sites, the accessing dates and times, event information (e.g., system crashes) and weblog data.
-
To find out additional information regarding the use of cookies and other technologies, please read our Cookie Policy.
-
Sharing of data
-
Information about Clients may be disclosed to the following parties:
-
Controller's Affiliates. Current or future affiliates of Controller, as well as parent companies, or subsidiaries, are not, but in the future may receive some of information about Clients for the purposes expressed in this Privacy Policy (affiliates are companies that manage, are managed by, or are under our common management.
-
Controller's Service Providers. Client information is not at the moment, but may also be disclosed to Controller's third-party vendors, service providers, agents, etc.
-
Clients. Client information may be disclosed to other Clients if this is relevant for the Service which is provided by the Controller. For instance, publishers may receive information regarding possible advertisers on their network.
-
Information about the User may be disclosed to the following entities:
-
Affiliates. Any of the Operator's existing or future affiliates, parent companies or subsidiaries may receive User Information for processing in accordance with the purposes set forth in this Privacy Policy.
-
Service providers, e.g.: service providers, agents, contractors or other parties who provide services to the Operator (e.g. maintenance, data analysis, surveys, payment and credit card processing, data hosting, etc.) may receive User Information.
-
Customers. Information about you may be disclosed to Clients.
-
Visitor information may be disclosed to the following parties:
-
Affiliates. Any of Operator's existing or future affiliates, parent companies or subsidiaries may receive information about Site visitors for the processing purposes detailed in this Privacy Policy.
-
Service Providers. Service providers, such as vendors, agents, contractors, or other entities that perform services for our platform (e.g., maintenance, data analysis, surveys, payment and credit card processing, data hosting, etc.), may receive information from the Operator for the purposes of processing detailed in this Privacy Policy.
-
Performance of rights
-
To the extent provided for by law, the User has the following rights:
-
The right of access personal data (at the User's request, Controller will confirm what personal data of the Users it processes and provide a copy of this data).
-
The right to rectify personal data (in the event that the User's personal data is incorrect or incomplete, the User may require Controller to correct or supplement it).
-
The right to delete personal data (in certain situations, the Users may require Controller to delete personal data processed by Controller).
-
Users may request Controller to temporarily suspend processing of data. Despite the processing restrictions, Controller will still be entitled to store personal data.
-
The right to request the transfer of personal data (in specific Users also have the right to receive personal data processed by Controller in a structured, commonly used machine-readable format to transfer this data to another controller).
-
The right to withdraw consent (withdrawal of consent does not affect the correctness of the processing of personal data on the basis of previously expressed consent).
-
Right to object to the processing of personal data.
-
The User has the right to file a complaint with the President of the data protection authority.
-
How Users can control their personal data
-
Users are entitled to control their personal data provided to Controller.
-
When Controller collects data from User for a specific purpose, Controller will ask for User consent in advance to which User is entitled to refuse. However, User should understand that when User refuse to give such consent, User also give up the choice to use specific services provided by Controller.
-
Users may exercise their rights by sending an appropriate application via e-mail to the following e-mail address: [email protected]
-
Data which may be shared or transferred
-
The personal data collected and generated by Controller during its operation within the territory of European Economic Area. shall be stored within the territory of European Economic Area.. If Controller needs to transfer Users personal data abroad, Controller shall obtain prior consent and conduct the cross-border data transfer in accordance with the Polish laws, regulations and policies and undertake the confidentiality obligations to protect your personal data.
-
Personal data will not be transferred outside the European Economic Area.
-
Data retention periods
-
Controller stores personal data only for the time that is necessary to achieve the purposes for which the data was collected, personal data of User is stored for 10 days. After this time, the data is deleted or anonymized in such a way that it is impossible to determine the identity. Personal data may be stored longer if such an obligation arises from the provisions of law or it is necessary to defend or assert by Controller claims against users.
-
In the event of withdrawal of consent, the data will be deleted, unless there is another legal basis for their processing.
-
How Controller protects data
-
If Controller terminates operation, Controller will stop the collection of personal data in time, post the announcement on Controller and delete or anonymize personal data held by us within a reasonable period.
-
To protect personal data, Controller may adopt data security techniques, improve internal compliance levels, provide security training for our staff, and set security authority for access to relevant data to protect personal data.
-
Protection for the Minors
-
The following special provisions apply to minors who are under the age of 18 years old.
-
Natural persons who are under 18 can not use website nor any services without the consent of their parents or legal representatives.
-
Links to other websites
-
This document applies only to the website operated and services offered by the Controller.
-
Controller is not responsible for links placed on the website that allow Users to go directly to websites whose controller is not Controller. Controller encourages to read the content of the privacy records posted on the websites to which users are directed.
-
Operator in order to measure the effectiveness of advertisements and track traffic Operator may use technologies including, but not limited to, cookies, JavaScript, web beacons (as well as clear GIFs) and Flash LSO.
-
Miscellaneous
-
If users are outside Poland, they shall fully understand and conform to the laws, regulations and rules in your jurisdictions which are relevant to use of Controller.
-
This Privacy Policy shall become effective on 01.09.2021
-
The Privacy Policy may be subjected to occasional updates or changes, so everyone, in particular Clients, Users and visitors should read this policy periodically to keep abreast with the new modifications. Any changes related to the Privacy Policy will be immediately published.
-
If any revisions to Privacy Policy have a significant impact on Operator practices concerning the Information Operator may collect, Operator will try to alert of such updates.
-
Continued use of sites or services means express agreement to the amendment.