Privacy policy

You entrust us with your data by using our services. We understand that this is a great responsibility and we do everything in our power to ensure data safety and allow you to control them.

§1 WHO HAS ACCESS TO YOUR DATA

  1. The data administrator is YetiForce Sp. z o. o. [al. Jana Pawła II, 00-133 Warsaw, NIP: 118-000-24-25].
  2. In exceptional cases, trusted partners also have access to data:
    • Server room and equipment: OVH [https://www.ovh.pl/]
    • Network and servers: FollowYou [ul. Ogrodowa 4B / 2, 72-006 Mierzyn, NIP: 5581708765]
    • Accounting: GAMA Accounting Office [ul. Myśliborska 104A, 03-185 Warsaw, NIP: 734-183-95-52].
  3. The data may be made available to competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with applicable law. The number of requests is currently 0.

If you have questions about the data we process that concern you, send an e-mail to gdpr@yetiforce.com or send a letter to the headquarters of YetiForce Sp. z o. o., we will happily answer all your questions.

§3 OBJECTIVES AND LEGAL BASIS FOR DATA PROCESSING IN YETIFORCE SP. Z OO

  1. We collect only the minimum data that is necessary or relevant to us.
  2. Websites - we collect only minimal information about the user visiting our website, i.e. session ID, IP address, browser information, and in the case of logged in users also name, surname and e-mail address. The data are collected for analytical and statistical purposes and for the purpose of providing electronic services in the scope of making the content collected on the Website available to Users.
    • The legal basis for processing is the necessity of processing to perform the service contract (Article 6 (1) (b) of the GDPR).
    • The data processing period is 5 years. The period of data processing may be extended if the processing is necessary to establish and assert any claims or defend against them, and after that time only if and to the extent that it will be required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized.
  3. Webforms - in the case of contacting us using electronic contact forms, it is required to provide data, i.e. name, surname, e-mail address, telephone number, content of the inquiry, and additionally we collect data, i.e. the IP address from which the inquiry came, date and time, unique session identifier and basic information about the browser. The User may also provide other data in order to facilitate contact or handling the inquiry.
    • The legal basis for processing is the necessity of processing to perform the service contract (Article 6 (1) (b) of the GDPR).
    • In addition, in the scope of data that are not necessary to make contact or handle the inquiry - the legal basis for processing is the User's consent (Article 6 (1) (a) of the GDPR).
    • The data processing period is 5 years. The period of data processing may be extended if the processing is necessary to establish and assert any claims or defend against them, and after that time only if and to the extent that it will be required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized.
  4. Email - in case of contacting us via email, it is required to provide data, ie. email address and inquiry and also collect data ie. the IP address where the query originated, the date and time, a unique session identifier and a full header and content of the email along with attachments. The User may also provide other data in order to facilitate contact or handle the inquiry.
    • The legal basis for processing is the necessity of processing to perform the service contract (Article 6 (1) (b) of the GDPR).
    • In addition, in the case of data that are not necessary to make contact or handle the inquiry - the legal basis for processing is the User's consent (Article 6 (1) (a) of the GDPR).
    • The data processing period is 5 years. The period of data processing may be extended if the processing is necessary to establish and assert any claims or defend against them, and after that time only if and to the extent that it will be required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized.
  5. Newsletter - the user can subscribe to the newsletter on their own, directly via the website or directly from the CRM system. In both cases, we collect data, i.e. name, surname, e-mail address, IP address where the inquiries originated, date and time, unique session ID and basic information about the browser. 
    • The legal basis for processing is the necessity of processing to perform the service contract (Article 6 (1) (b) of the GDPR).
    • In addition, in the scope of data that are not necessary to make contact or handle the inquiry - the legal basis for processing is the User's consent (Article 6 (1) (a) of the GDPR).
    • The data is processed until the consent is withdrawn or after a period of 24 months of inactivity for the newsletter. The period of data processing may be extended if the processing is necessary to establish and assert any claims or defend against them, and after that time only if and to the extent that it will be required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized.
  6. Social media portals - the Administrator processes the personal data of Users visiting the Administrator's profiles in social media (Linkedin, Facebook, Twitter, GitHub). These data are processed only in connection with keeping the profile, including to inform Users about the Administrator's activity and to promote various types of events, services and products.
    • The legal basis for processing personal data by the Administrator for this purpose is the Administrator’s legitimate interest (Article 6 (1) (f) of the GDPR) to promote their own brand.
    • In addition, in the scope of data that are not necessary to make contact or handle the inquiry - the legal basis for processing is the User's consent (Article 6 (1) (a) of the GDPR).
    • The data processing period is 5 years. The period of data processing may be extended if the processing is necessary to establish and assert any claims or defend against them, and after that time only if and to the extent that it will be required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized. It should be remembered that in the case of social networks, the owners of these websites are also data controllers and have their own regulations regarding data processing, which should be read.
  7. YetiForce system registration and product registration - the administrator processes data from CRM systems, which are sent automatically from the user's system to the Administrator's system using the API. In the case of offline systems [without internet access], the Administrator processes the data provided below on the basis of e-mail correspondence between the user and the administrator. Below is a list of processed data:
    • System registration: system version, app id, crm id, default language, time zone, company size, supplier, company / person name, tax id, address data, company website, links to social media. 
    • Product registration: system version, app id, crm id, supplier, company size, registration date, registration time, registration status, system key, last error date, last error message, list of purchased products.
    • The legal basis for processing personal data by the Administrator for this purpose is the agreement concluded with the User when installing the system. In addition, in the scope of data that are not necessary and do not result directly from the agreement, the legal basis for processing is the User's consent (Article 6 (1) (a) of the GDPR).
    • The data processing period is 10 years. The period of data processing may be extended if the processing is necessary to establish and assert any claims or defend against them, and after that time only if and to the extent that it will be required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized.
  8. Server and application logs - [incoming and outgoing queries] as well as server and application logs are stored for the purpose of possible determination and pursuit of claims or defense against them. The data collected in the logs include: IP address, date and time, requested URL, browser information and a unique identifier,
    • The legal basis for processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR) to protect their rights.
    • The data processing period is 7 years. The data processing period may be extended if the processing is necessary to establish and assert any claims or defend against them, and after that time only if and to the extent that it will be required by law. After the expiry of the processing period, the data is irretrievably deleted or anonymised

§4 RIGHTS OF THE DATA OWNER

  1. The User has the right to: access the data and request rectification, deletion, processing restrictions, the right to transfer data and the right to object to data processing, as well as the right to lodge a complaint to the supervisory body dealing with the protection of personal data.
  2. To the extent that the User's data is processed on the basis of consent, it can be withdrawn at any time by contacting the Administrator, which does not affect the lawfulness of data processing before its withdrawal.
  3. The User has the right to object to the processing of data for marketing purposes, if the processing takes place in connection with the legitimate interest of the Administrator, and - for reasons related to the particular situation of the User - in other cases where the legal basis for data processing is the legitimate interest of the Administrator (e.g. in connection with the implementation of analytical and statistical purposes).

If you want to exercise your rights, send an e-mail to gdpr@yetiforce.com or send us a letter to the headquarters of YetiForce Sp. z o. o., we will happily answer all your questions.

§5 SECURITY OF PERSONAL DATA

  1. The administrator conducts a risk analysis on an ongoing basis to ensure that personal data is processed in a safe manner - ensuring, above all, that only authorized individuals have access to the data and only to the extent that it is necessary due to the tasks they perform. The administrator makes sure that all operations on personal data are recorded and performed only by authorized employees and associates.
  2. The administrator takes all necessary steps to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures in each case when they process personal data at the request of the Administrator.

§6 CHANGES TO THE PRIVACY POLICY

  1. The privacy policy is verified on an ongoing basis and updated if necessary. The current version has been accepted and is valid from 2021-06-19.