§1 DEFINITIONS

• Administrator or CleverPoint – CleverPoint sp. z o. o. with its registered office in Warsaw, KRS: 0000960378.
• Cookies – text data collected in the form of files placed on the User’s Device.

• Personal data – means information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, the economic, cultural or social identity of the individual.
• Platform – the platform through which CleverPoint provides the Services.
• RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
• Website – the “cleverpoint.pro” website operating at https://cleverpoint.pro
• External Website – websites of partners, service providers or service recipients cooperating with the Administrator.
• Device – an electronic device with software through which the User gains access to the Website, External Service or Application.     
• Services – services provided by CleverPoint consisting in providing access to the Platform via the Website or Application.
• User – Platform User or Service User.
• Platform User – an individual to whom the Administrator provides services through the Service or Application.
• Service User – an individual using the Service.

§ 2 DATA PROTECTION OFFICER AND CONTACT WITH THE CONTROLLER

The Administrator has appointed a Data Protection Officer, who can be contacted via e-mail at the following address: gdpr@cleverpoint.pro. Notwithstanding the above, contact directly with the Administrator is possible at the following addresses:

• postal address– CleverPoint Sp. z o. o., ul. Domaniewska nr. 17/19, lok. 133, Warszawa,
• e-mail address– contact@cleverpoint.pro.

§ 3 TYPE, PURPOSE AND PERIOD OF PERSONAL DATA PROCESSING

PROCESSING OF PLATFORM USER DATA

Personal data of Platform Users processed for one of the following purposes::

• Performance of the agreement concluded with the Platform User that is the basis for the Platform User’s use of the Cleverpoint Platform or participation in the webinar:
  • Legal basis: Article 6(1)(b) of the GDPR (conclusion, performance and termination of the concluded contract),
  • Processing period: duration of the contract, 
  • The scope of processed data: e-mail address, name, surname, company name, year of birth, gender, age, other data voluntarily provided by the Platform User in connection with the registration of an account in the Cleverpoint Platform, such as gender, the application of which is voluntary.
  • Legal basis: Article 6(1)(a) of the GDPR (consent to the processing of personal data to the extent that it is not necessary for the performance of the concluded contract),
  • Processing period: until the  data is deleted or consent is withdrawn, but no longer than until the end of the contract period,
  • Scope of data processed: any data voluntarily provided by the User, in connection with the use of Cleverpoint and CleverPoint services, such as image and other data provided at the discretion of the User of the Platform in connection with the use of the Services, whereby the provision of data is voluntary, and consent to data processing may be withdrawn by the User at any time.

• Implementation of the legitimate interests of the Administrator:
  • consisting of establishing, pursuing or defending claims that may be raised by the Administrator or which may be raised against the Administrator in connection with the concluded contract:
    • Legal basis: Article 6(1)(f) of the GDPR (implementation of the legitimate interests of the Administrator),
    • Processing period: the data is stored until the expiry of the limitation period  for claims arising from the contract concluded with the Administrator, which is 3 years from the date of termination of the contract, but not earlier than on the last calendar day on which the 3-year limitation period ends,
    • Scope of data: e-mail address, first name, surname, company name, year of birth.
  • consisting of conducting marketing and commercial activities in relation to persons with whom the Administrator has concluded an agreement:
    • Legal basis: Article 6(1)(f) of the GDPR (implementation of the legitimate interests of the Administrator),
    • Processing period: the duration of the contract concluded with the Administrator, 
    • Scope of data: e-mail address, first name, surname, company name, year of birth.
  • consisting of researching the opinions of Platform Users and conducting communication with Platform Users in order to develop Cleverpoint products and services:
    • Legal basis: Article 6(1)(f) of the GDPR (implementation of the legitimate interests of the Administrator),
    • Processing period: the duration of the agreement concluded with the Administrator, 
    • Scope of data: e-mail address, name, surname, company name, gender, age, other data voluntarily provided by the User in connection with the use of Cleverpoint services, 

PROCESSING OF SERVICE USER DATA

Personal data of Service Users processed for one of the following purposes:

• Making contact via contact form and email to use the demo version of the Platform:
  • Legal basis: Article 6(1)(a) of the GDPR (consent to the processing of personal data),
  • Processing period: until the consent is revoked, but no longer than 3 years from the last correspondence between the Administrator and the person,, 
  • The scope of processed data: name, e-mail address, telephone number, cities, company name, role in the company, number of employees of the company, other data voluntarily provided in the content of the message, whereby the provision of personal data is voluntary, but necessary to address an inquiry and receive a response from Cleverpoint , while consent to the processing of personal data can be withdrawn at any time.

• establishing contact through the contact form and emails to respond to inquiries, sending e-books, tutorials, newsletters, accessing videos in connection with a request made through the contact form:
  • Legal basis: Article 6(1)(a) of the GDPR (consent to the processing of personal data),
  • Processing period: until the consent is revoked, but no longer than 3 years from the last correspondence between the Administrator and the person,
  • The scope of processed data: name, e-mail address, telephone number, cities, company name, role in the company, number of employees of the company, other data voluntarily provided in the content of the message, whereby the provision of personal data is voluntary, but necessary to address an inquiry and receive a response from Cleverpoint, while consent to the processing of personal data can be withdrawn at any time.

• conducting marketing and sales activities:
  • Legal basis: Article 6(1)(f) of the GDPR (implementation of the legitimate interests of the Administrator),
  • Processing period: the duration of the contract concluded with the Administrator, 
  • Scope of data: name, email address, phone number, company name, role in the company, number of company employees

• establishing contact, including responding to inquiries directed to the Administrator via the contact form and e-mail messages:
  • Legal basis: Article 6(1)(a) of the GDPR (consent to the processing of personal data),
  • Processing period: until the consent is revoked, but no longer than 3 years from the last correspondence between the Administrator and the person,
  • Scope of data: name, e-mail address, telephone number, company name, role in the company, number of employees of the company, other data voluntarily provided in the content of the message, whereby the provision of personal data is voluntary, but necessary to address an inquiry and receive a response from Cleverpoint, and consent to the processing of personal data can be withdrawn at any time

PROCESSING OF OTHER PEOPLE’S DATA

• Conducting marketing and commercial activities in relation to persons who are not Cleverpointclients:
  • Legal basis: Article 6(1)(a) of the GDPR (consent to the processing of personal data),
  • Processing period: until the consent is revoked,
  • Scope of data: e-mail address, name, surname, company name, other data voluntarily provided, whereby providing personal data and consent to their processing is voluntary, but necessary to receive marketing and commercial content from Cleverpoint, and consent to the processing of personal data may be withdrawn at any time

• Implementation of the Administrator’s legitimate interests consisting in running profiles on social media (including Facebook, Instagram, LinkedIn), including communication with social media users:
  • Legal basis: Article 6(1)(f) of the GDPR (implementation of the legitimate interests of the Administrator),
  • Processing period: until the end of the  activity of a given social media user in the Administrator’s social media or until an objection to the processing of data is raised,
  • Scope of data: e-mail address, name, surname, nickname, image, company name, other data voluntarily provided.

§ 4  RIGHTS OF PERSONS WHOSE DATA IS PROCESSED

Persons whose personal data are processed have the following rights:  

1. The right to access personal data, i.e. the right to access their personal data, implemented at the request submitted to the Administrator.
2. The right to rectify personal data, i.e. the right to request the Administrator to immediately rectify personal data that are incorrect and/or supplement incomplete personal data, implemented at the request submitted to the Administrator.
3. The right to delete personal data, i.e. the right to request the Administrator to immediately delete personal data, implemented at the request submitted to the Administrator. In the case of data collected in user accounts, the deletion of data is carried out through anonymizing it. When receiving a request to delete personal data, the Administrator each time verifies the legitimacy of the request, taking into account all legal grounds for the processing of personal data. Each time, the Administrator informs the person whose data is processed about the outcome of the consideration of the request. In the case of the Newsletter service, the User has the option of deleting their personal data on their own, using the link placed in each e-mail sent to them.
4. The right to limit the processing of personal data, i.e. the right to limit the processing of personal data in the cases indicated in Article 18 of the GDPR, m.in. to question the correctness of personal data, implemented at the request submitted to the Administrator.  
5. The right to transfer personal data, i.e. the right to obtain personal data from the Administrator in a structured, commonly used machine-readable format, implemented at the request submitted to the Administrator.
6. The right to object to the processing of personal data, i.e. the right to object to the processing of their personal data in the cases specified in art. 21 of the GDPR, implemented at the request submitted to the Administrator.
7. The right to lodge a complaint with the supervisory body dealing with the protection of personal data (President of the Office for Personal Data Protection) 

§ 5 COOKIES POLICY

COOKIES ON THE WEBSITE AND PLATFORM AND THE PURPOSES FOR WHICH THEY ARE USED 

Cleverpoint in the Service and on the Platform uses the following types of cookies:

• External cookies – files placed and read from the User’s Device by ICT systems of external websites. Scripts of External Websites that may place Cookies on the User’s Devices have been consciously placed on the Website and on the Platform through scripts and services made available and installed on the Website or Platform.
• Session cookies – files placed and read from the User’s Device by the Website or by the Platform during one session of a given Device. At the end of the session, the files are deleted from the User’s Device.
• Persistent cookies – files placed and read from the User’s Device by the Website or Platform until they are manually deleted. Cookies are not deleted automatically after the end of the Device session, unless the configuration of the User’s Device is set to the mode of deleting cookies after the end of the Device session.

Cookies used on the Website and Platform can also be classified into:

• Necessary cookies – these are files that contribute to the usability of the Website or Platform by enabling basic functions such as navigation on the Website and access to secure areas of the Website or Platform. The Website or Platform cannot function properly without these cookies.
• Preference cookies – these are files concerning preferences. They allow the Website or Platform to remember information that changes the appearance or operation of the Website or Platform, such as your preferred language or the region in which you are located,
• Statistical cookies – these are cookies that help the owners of the Website and Platform understand how different Users behave on the site, collecting and reporting anonymous information,
• Marketing cookies – these are files are used to track Users on the Website or Platform. The purpose is to display ads that are relevant and interesting to individual Users and thus more valuable to third-party publishers and advertise.
• Unclassified cookies – these are cookies that are in the process of classification, along with the providers of individual cookies.

SECURITY OF DATA STORAGE

• Mechanisms of storing and reading Cookies – mechanisms of storing, reading and exchanging data between Cookies saved on the User’s Device and the Website or Platform are implemented through built-in mechanisms of web browsers and do not allow to download other data from the User’s Device or data of other websites visited by the User, including personal data or confidential information. It is also virtually impossible to transfer viruses, Trojan horses and other worms to the User’s Device.
• External cookies – the Administrator performs all possible actions to verify and select website partners in the context of Users’ safety. The administrator selects well-known, large partners with global social trust for cooperation. However, it does not have full control over the content of cookies from external partners. For the security of Cookies, their content and license-compliant use by the Scripts installed on the website, coming from External Websites, the Administrator is not responsible as far as the law allows. 
• Cookie Control

The User may, via the form on the Website and on the Platform, at any time, independently change the settings for saving, deleting and accessing the data of saved Cookies by each website.

• Risks on the part of the User – the Administrator uses all possible technical measures to ensure the security of data placed in Cookie files. However, it should be noted that ensuring the security of this data depends on both parties, including the User’s activity. The Administrator is not responsible for intercepting this data, impersonating the User’s session or deleting them, as a result of conscious or unconscious activity of the User, viruses, Trojan horses and other spyware that may, is or was infected User’s Device. Users should follow the recommendations of safe use of the network to protect themselves from these threats.
• Storage of personal data – the Administrator ensures that it makes every effort to ensure that the processed personal data entered voluntarily by Users is safe, access to them is limited and carried out in accordance with their purpose and purposes of processing. The administrator also ensures that he makes every effort to protect his data against their loss, by applying appropriate physical and organizational safeguards.

Limiting the saving and access to Cookies on the User’s Device may cause malfunction of some functions of the Website or Platform. The Administrator does not bear any responsibility for malfunctioning functions of the Website or the Platform in the event that the User limits in any way the ability to save and read Cookies or will not consent to their processing.

COOKIES OF EXTERNAL WEBSITES USED ON THE PLATFORM

The Administrator on the Platform on the Website uses javascript and web components of partners that may place their own cookies on the User’s Device. Below is a list of partners or their services implemented on the Platform on the Website that may place cookies:

• Multimedia Services:
• YouTube
• Vimeo
• Agora.io
• Social and advertising/combined services:(Registration, Login, content sharing, communication, etc.).
• Facebook / Facebook Pixel
• LinkedIn / LinkedIn Insight Tag
• Google / Google Ads 
• User.com 
• SendGrid
• FireBase 
• Running statistics:
• Google Analytics
• WordPress Stats (Automattic Inc.)
• Google Tag Manager
• Hotjar
• CRM:
• HubSpot
• Other services that support the operation of the Platform:
• Segment
• Survicate

Services provided by third parties are beyond the control of the Administrator. These entities may change their terms of service, privacy policies, purpose of data processing and use of cookies at any time.

COOKIES OF EXTERNAL WEBSITES USED ON THE WEBSITE

The Administrator on the Website uses javascript and web components of partners that may place their own cookies on the User’s Device.

Services provided by third parties are beyond the control of the Administrator. These entities may change their terms of service, privacy policies, purpose of data processing and use of cookies at any time.

§ 6 TYPES OF NON-PERSONAL DATA COLLECTED ON THE WEBSITE

The Website collects data about its users. Part of the data is collected automatically and anonymously, and part of the data is personal data provided voluntarily by Users when subscribing to individual services offered by the Website.

Anonymous data collected automatically:

• IP address.
• Browser type and device.
• Screen resolution.
• Approximate location.
• Opened subpages of the website, data on activity on the Website and the Platform
• Time spent on the appropriate subpage of the website.
• Type of operating system.
• Address of the previous subpage.
• Referrer address.
• Browser language.
• Internet connection speed.
• Internet service provider, cellular network data.
• Telephone number.

§ 7 ACCESS TO PERSONAL DATA BY THIRD PARTIES

As a rule, the only recipient of personal data provided by persons using the Cleverpoint Services and other users of the Website is the Administrator. 

The Administrator may, if it is necessary for the proper provision of services, use the services of external entities. The controller uses only the services of processors who provide sufficient guarantees for the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the GDPR and protects the rights of data subjects.

The recipients of personal data and entities to which we entrust personal data may be entities supporting us in our current operations, including entities participating in the provision of services, in particular they may be providers of psychological services, IT solutions, including software used in the implementation of services, service providers supplying the Administrator with technical and organizational solutions, as well as other entities, if the use of their services is necessary for the proper use of their services the provision of services by Cleverpoint. Personal data collected by Cleverpoint may also be made available: to relevant state authorities at their request on the basis of relevant legal provisions or to other persons and entities – in cases provided for by law.

Cleverpoint may transfer personal data to third countries in a situation where any of the entities indicated above performs data processing in a third country and only if the European Commission has determined an adequate level of protection or using contractual clauses approved by the European Commission.

In justified cases and only with the consent of the data subject, the administrator may transfer personal data to third parties, which will also act as the administrator of personal data.

§ 8 EXTERNAL LINKS

On the Website – articles, posts, entries or comments of Users may contain links to external websites with which the Website Administrator does not cooperate. The Administrator is not responsible for the content outside the Website.

§ 9 PROFILING

The Administrator may make decisions in an automated manner, including profiling Website Users and Platform Users to the extent in which it conducts marketing activities, in relation to Platform Users – based on the legitimate interest of the Administrator, and in relation to Website Users – based on the consent to such action.    

§ 10 CHANGES TO THIS PRIVACY POLICY

The Administrator reserves the right to change this Privacy Policy at any time without having to inform the persons whose data it processes in the scope of using and using anonymous data or the use of Cookies.

The Administrator reserves the right to any change to this Privacy Policy regarding the processing of Personal Data, about which he will inform the persons whose data he processes within 14 days of the change of records. Your continued use of the Services constitutes your reading and acceptance of the changes to the Privacy Policy. In the event that the User does not agree with the changes, he is obliged to delete his account from the Website or withdraw consent to the processing of his Personal Data.

The introduced changes to the Privacy Policy come into force upon their publication.