Privacy Policy

‍Privacy and Cookie Policy of the www.scale.pl website‍

1. General Provisions

This Privacy and Cookie Policy defines the rules for processing personal data obtained via the www.scale.pl website (“Service”) and in the context of services related to the Service provided by the Administrator.

The administrator of personal data in the meaning of personal data protection regulations is Scale sp. z o.o. with its registered office in Warsaw, ul. Dominiki 6, 03-604 Warszawa, entered into the register of entrepreneurs of the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw, XIII Commercial Division of the National Court Register under KRS number 0000827120, NIP5248977605, and REGON 385497806, share capital 25,000 zlotys (hereinafter referred to as the “Administrator”).

The legal basis for the processing of personal data by the Administrator is:

a) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the "Regulation". Official text of the Regulation: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679

b) The Act of 10 May 2018 on the protection of personal data (Journal of Laws 2019, item 1781), hereinafter referred to as the "Act".

Given that the Administrator does not meet the criteria specified in Article 37(1) of the Regulation, the Administrator has not appointed a Data Protection Officer. Therefore, all contact regarding personal data protection should be directed to the Administrator via email at legal@scale.pl.

The Administrator pays special attention to respecting the privacy of users visiting the Service and using the Administrator's services. The Administrator guarantees the confidentiality of all provided personal data and ensures all security measures required by the data protection laws, including the provisions of the Regulation and the Act. Personal data is collected with due diligence and appropriately protected against unauthorized access.

The Administrator does not make decisions in individual cases automatically and does not profile users.

The Administrator neither collects nor processes sensitive data referred to in the Regulation as "special categories of personal data". The Administrator does not intend to collect or process data of minors under the age of 16.

2. User Rights

Users of the Service have the following rights arising from the processing of their personal data:

a) The right to request access to one's personal data – the User has the right to obtain confirmation whether the Administrator processes their personal data and, if so, they are entitled to access such data and receive information related to these data such as: the purpose of processing, categories of data, information about recipients or categories of recipients to whom the data has been or will be disclosed, the planned period of personal data storage or criteria for determining this period; this right also includes receiving a free copy of the data (for any subsequent copies requested by the User, the Administrator may charge a reasonable fee based on administrative costs).

b) The right to rectify personal data (if they areincorrect), which also includes the right to request the completion ofincomplete personal data.

c) The right to delete personal data (the so-called "right to be forgotten"), under the following circumstances: when the User's personal data is no longer necessary for the purposes for which they were collected, the User has withdrawn their consent to their processing and there is no other basis for data processing, the User has objected to the processing, personal data was processed unlawfully, personal data must be deleted to fulfill a legal obligation under the Law of the Union or the law of the member state to which the Administrator is subject, personal data was collected in connection with the offer of information society services.

d) The right to restrict data processing when: the User disputes the accuracy of the personal data (for a period allowing the Administrator to check the accuracy of this data), the processing is unlawful and the User opposes the deletion of data, the Administrator no longer needs personal data for processing purposes, but they are needed by the User to establish, assert or defend claims, the User has objected to the processing until it is determined whether the legally justified grounds on the side of the Administrator are superior to the grounds of the User's objection.

e) The right to object to processing when: the User does not want the Administrator to process.

f) The right to data portability, including receiving from the Administrator, in a structured, commonly used machine-readable format, personal data provided by the User, including the right to request that personal data be transmitted by the Administrator directly to another administrator (if technically possible).

g) The right to withdraw consent to data processingat any time (however, withdrawal of consent does not affect the legality of processing carried out based on consent given before its withdrawal).

h) The right to lodge a complaint with the President of the Office for Personal Data Protection when the User believes that the processing of personal data violates the provisions of the Regulation.

In case of any questions related to personal data processing and to exercise the above rights, please contact the Administrator by sending an e-mail to legal@scale.pl.

3. Profiling

The Administrator does not make decisions about the User based solely on automated processing, including profiling, that would have legal effects on him or similarly significantly affect him. The Administrator may use tools that can take specific actions based on information collected through tracking mechanisms, but these actions do not significantly impact the User as they do not differentiate his situation as a customer and do not affect the terms of the agreement he may enter into with the Administrator within the Service.

4. Data entrustment

‍For the proper functioning of the Service and the professional provision of its services, it is necessary for the Administrator to use the services of external entities. The Administrator uses only the services of those processors who provide adequate guarantees of implementing appropriate technical and organizational measures, so that the processing meets the requirements of the Regulation and protects the rights of the individuals concerned, in accordance with Art. 28 of the Regulation.

The Administrator entrusts the processing of personal datato the following categories of entities:

a) Hosting service providers.

b) Cloud computing service providers.

c) Newsletter sending system providers.

d) Chat system providers in the Service.

e) CRM system providers.

f) Service providers supplying the Administratorwith technical, IT, and organizational solutions (especially software providersfor running the Service and providing services, email providers, and entitiesproviding technical support to the Administrator).

g) Other entities, if using their services is necessary for the proper functioning of the Service and the provision of services by the Administrator.

All entities to whom the Administrator entrusts the processing of personal data guarantee the use of appropriate measures in the protection and security of personal data required by law.

The Administrator does not transfer personal data to third countries, i.e., to processors located outside the European Union.

With each of the processing entities, in accordance with Art. 28 para. 3 of the Regulation, a personal data processing entrustment agreement has been signed.

The Administrator may be obliged to provide information collected by the Service to authorized authorities based on lawful requests within the scope resulting from the request.

5. Purposes of processing, storage period, and scope of data

a) Purpose of processing: Establishing contact with the Administrator via email.

Legal basis: Article 6(1)(a) of the Regulation. Storage period: Until the User withdraws consent and, after the consent is withdrawn, for a period corresponding to the limitation period for claims that may be raised by the Administrator and those that may be raised against him. Data scope: First name, last name, email address + data voluntarily included in the message content by the User. The consequence of not providing the above data will be the inability to contact the Administrator via email.

b) Purpose of processing: Establishing contact withthe Administrator via a contact form.

Legal basis: Article 6(1)(a) of the Regulation. Storage period: Until the User withdraws consent and, after the consent is withdrawn, for a period corresponding to the limitation period for claims that may be raised by the Administrator and those that may be raised against him. Data scope: First name, last name, email address + datav oluntarily included in the message content by the User. The consequence of not providing the above data will be the inability to contact the Administrator via the contact form.

c) Purpose of processing: Establishing contact with the Administrator via a chat form on the Service.

Legal basis: Article 6(1)(a) of the Regulation. Storage period: Until the User withdraws consent and, after the consent is withdrawn, for a period corresponding to the limitation period for claims that may be raised by the Administrator and those that may be raised against him. Data scope: First name, last name, data voluntarily included inthe message content by the User. The consequence of not providing the above data will be the inability to contact the Administrator via the contact form.

d) Purpose of processing: Determining, pursuing, or defending claims that the Administrator may raise or that may be raised against the Administrator.

Legal basis: Article 6(1)(f) of the Regulation. Storage period: Data is stored until the cessation of the legally justified interest pursued by the Administrator, but no longer than the limitation period for claims concerning the person the data relates to, arising from the economic activity conducted by the Administrator. The limitation period is defined by the provisions of the Civil Code. Data scope: First name, last name, email address.

‍

‍6. Cookies

The Service uses cookies, which are small text files stored on the User's end device (e.g., computer, tablet, smartphone) that can be readby the Administrator's IT system.

On the first visit to the website, information about the useof cookies is displayed along with a request for consent to use them. Thanks toa special tool, the User can manage cookies from the website level. The User can change cookie settings from their browser or delete cookies altogether. It's important to remember that disabling cookies can cause difficulties inusing the site.

The Administrator uses its own cookies to ensure the proper functioning of the website.

The Service uses features provided by third parties, which involvesthe use of cookies from third parties.

Cookies are used to: identify Users; remember user activity on the Service; remember data from completed forms or login data and conduct statistics.

Web browser settings regarding cookies are crucial from the point of view of consent to use cookies by the Service – according to regulations, such consent can also be expressed through web browser settings. In the absence of such consent, it's necessary to change the web browser settings for Cookies.

The Administrator uses the Google Analytics tool to createand analyze statistics and optimize the Service's operation. Google Analytics automatically collects information about using the Service. The information collected this way is most often transferred to Google servers. When usingGoogle Analytics, the Administrator does not collect any personal data.

‍

7.  Server logs

Using the website involves sending requests to the server where the site is stored. Each query directed to the server is recorded in theserver logs.

Logs include, among others, the User's IP address, server date and time, information about the web browser, and the User's operating system. Logs are saved and stored on the server.

Data saved in server logs are not associated with specific individuals using the Service and are not used by the Administrator to identify the User.

The above data is used only for server administration purposes. Server logs are solely auxiliary material used for site administration, and their content is not disclosed to anyone except those authorized to administer the server.