Privacy Policy
1. GENERAL PROVISIONS
This Privacy Policy (hereinafter referred to as the “Privacy Policy”) applies to persons using the Website located at the URL address: https://www.profitroom.com (hereinafter referred to as the “Website”) and is effective from September 27, 2024. Use of the Website constitutes acceptance of the terms of the Privacy Policy.
The data controller of users using the Website is Profitroom S.A. Franklina Roosevelta 9, 60-829 Poznań (hereinafter referred to as "We").
Contact details of the Data Protection Officer: Beata Marek, e-mail: gdpr@profitroom.com
2. PERSONAL DATA
In connection with the implementation of the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - hereinafter referred to as "GDPR"), we inform you that we process personal data as follows:
● Personal data processed on the basis of consent
Legal basis: Art. 6(1)(a) of the GDPR
Source of collected data: Personal data is obtained directly from the person whose data is being processed.
Purpose of processing: To carry out the purpose specified directly in the terms of the granted consent (as stated in the notice).
Scope of processed data: The scope of the processed data is specified directly in the terms of the granted consent (as stated in the notice) - if the scope of data is not specified, it includes the data normally expected in the form intended for their entry (e.g. name, surname, e-mail address, etc.).
Voluntary provision of data: Providing data is voluntary, but necessary to achieve the purpose specified in the terms of the consent expressed. Consent may be given by clicking a checkbox containing the terms of the granted consent or by clicking a button indicating agreement to the terms of the given consent.
Right to withdraw consent: Consent may be withdrawn at any time. In the case of a newsletter subscription, this can be done by clicking a button in the email footer, and in other cases it can be done by sending us an email. In such cases, we encourage you to send a message to gdpr@profitroom.com.
Retention period: We process personal data from the moment you give your consent until you withdraw it (primary purpose), subject to our right to process information such as: identifying data regarding the granted consent (IP address, email or phone number, name and surname), date of consent, date of withdrawal of consent, information about the way the purpose was achieved during the granted consent (e.g. information about sent messages). This information is stored for the so-called secondary purpose, which allows for the possibility of reviewing complaints and processing this information for the time necessary to establish, pursue or defend legal claims under Polish law. Please note that after you withdraw your consent, we will not process your data in any other way.
Data recipients: Access to data may be granted to entities cooperating with us to pursue the purpose specified in the terms of the granted consent (including, but not limited to: IT service
providers, marketing agencies, research and consulting agencies). Data may also be made available to public authorities, if required by law.
● Personal data processed in connection with the performance of a contract or taking actions at the request of the person whose data concerns, prior to the conclusion of the contract
Legal basis: Article 6(1)(c) GDPR
Source of collected data: personal data is obtained directly from the person whose data concerns or from another person in the company (e.g. a supervisor invites employees to create an account).
Purpose of processing: performing a contract for the provision of services or taking actions to begin the provision of services.
Scope of processed data: the scope of processed data includes name, surname, place of work, email address or other data provided in connection with the performance of the contract, which is necessary to provide the service.
Voluntary provision of data: providing data such as name, surname, email address, place of work is necessary for the service to be provided. In addition, providing data at the stage of concluding the contract is necessary to start providing the service and later to perform the contract.
Retention period: We process personal data from the moment of cooperation in order to start providing the service. If the contract is not concluded and there is no further communication with the Client, the data is deleted within 30 days. If the contract is concluded, the data is processed for the entire duration of the contract and after its completion for the period specified by Polish law for determining, pursuing or defending legal claims. Data processed after the contract has ended includes information on how our services have been used.
Data recipients: Our employees, associates, and external companies that are implementing a specific process related to the achievement of the purpose for which consent is granted have access to the data. Information about the recipients can be found in the conditions of the consent given and additional information can also be found in section 3 and 4 of the Privacy Policy.
● Personal data processed in connection with a customer satisfaction survey Legal basis: Article 6(1)(f) GDPR.
Source of collected data: personal data is obtained directly from the person whose data concerns.
Purpose of processing: the legitimate interest consists in studying customer satisfaction and collecting feedback in connection with the performance of the contract. Scope of processed data: the scope of processed data includes name, surname, place of work, email address.
Voluntary provision of data: providing data is voluntary. Participation in the survey is not mandatory.
Retention period: We process personal data from the moment we receive the survey. If the survey is not completed, the data is deleted within 30 days. If the survey is completed and we receive answers, we process them for a period of 2 years.
Data recipients: Our employees, associates, and external companies that are implementing a specific process related to the achievement of the purpose for which consent is granted have access to the data. Information about the recipients can be found in the conditions of
the consent given and additional information can also be found in section 3 and 4 of the Privacy Policy.
● Personal data processed for the purpose of reviewing requests, complaints or claims
Legal basis: Article 6(1)(f) GDPR.
Source of collected data: personal data is obtained directly from the person whose data concerns.
Purpose of processing: the legitimate interest of examining a complaint, request or complaint and providing an answer.
Scope of processed data: the scope of processed data includes data provided on the complaint/complaint/request form.
Voluntary provision of data: Providing data is voluntary, although we have the right to require the provision of identifying data for the possibility of resolving the complaint/complaint/request when it concerns the service provided.
Retention period: We process personal data from the moment the complaint/complaint/request is sent. After resolving the complaint/complaint/request, we have the right to retain information on the way the complaint/complaint/request was resolved and the complaint/complaint/request was made for the period specified by Polish law for determining, pursuing or defending legal claims.
Data recipients: Our employees, associates, and external companies that are implementing a specific process related to the achievement of the purpose for which consent is granted have access to the data. Information about the recipients can be found in the conditions of the consent given and additional information can also be found in section 3 and 4 of the Privacy Policy.
● Personal data processed in connection with the storage of documentation and the fulfilment of legal obligations incumbent on us:
Legal basis: Article 6(1)(b) of the GDPR.
Source of collected data: personal data is obtained directly from the person concerned. Purpose of processing: fulfillment of legal obligations as specified in the laws (e.g. tax regulations, labor laws, etc.).
Scope of processed data: the scope of processed data includes financial data or other data whose collection and storage requirements are specified in the laws (e.g. on employment) Voluntary provision of data: the provision of data is necessary to fulfil legal obligations. Processing time: we process personal data from the moment of their acquisition for the purpose of fulfilling the legal obligations until the legal obligations are fulfilled. The laws specify the periods for which certain data must be stored. For more detailed information on the processing period of your data, you can contact the Data Protection Officer. Data recipients: access to data is granted to our employees, co-workers, and external companies that carry out a given process related to the fulfilment of the purpose for which consent is given. Information about recipients can be found in the conditions of the consent granted and you can also find additional information in section 3 and 4 of the Privacy Policy.
3. DATA RECIPIENTS
We use the services of programming and ICT system maintenance companies, with which we have appropriate agreements. These agreements cover data processing rules and
confidentiality. This data is not shared and none of these companies have the right to process the data in any other way than specified in the contract. Your data, insofar as the company has access to it, may only be processed for the purpose of proper service provision.
We use third-party services to deliver targeted advertising on social media and the Internet, using services i.e.: conversion pixel and Facebook ads (Meta Platforms, Inc.), Google Ads, Google Ads Remarketing and Google Analytics with anonymous IP address (Google Inc.), LinkedIn conversion tracking, LinkedIn retargeting and LinkedIn ads (LinkedIn Corporation).
We cooperate with the aforementioned entities based in the United States of America, which provide us services. In order for the services to be possible, our subcontractors must have access to personal data entrusted to us by data subjects - this is how personal data is transferred to another country, i.e. the USA. Since European data protection regulations do not apply in the USA, we have concluded agreements under which the personal data transferred by the user will be protected in the same way as if they were processed in Poland. We reserve that the user decides what data is transferred and has the right to give or not give their consent to this through cookie settings, and to change the settings at any time.
The newsletter service is provided by the Zoho Corporation. Data is processed within the EU, transmitted as confidential and is not owned by the Zoho Corporation. Data from the European Economic Area (EEA) is transmitted on the basis of a data processing agreement. Detailed information on how the Zoho Corporation processes data: terms of use of Zoho Marketing Automation.
4. COOKIES
Our websites and applications use cookies and similar technologies. Below you will find information about cookies and similar technologies that we use, as well as additional information on how our websites and applications work, including information about geolocation.
What are cookies?
Cookies are text files that are stored on your device (e.g. a computer, laptop, or smartphone) as you browse the internet. When you revisit our website, your browser sends a cookie back to the website (or to its server, strictly speaking), and in this way, for example, we can recognise when the user visits us again.
Cookies have a stated expiry date after which they become inactive. Our websites and applications use other similar technologies such as pixels, plugins, tags, and web beacons. We will refer to these technologies collectively as cookies.
We use cookies particularly to obtain and process information about the browser and its version, operating system, URL of the previously visited page, IP address, time of the server request, user ID, language, searches on the website, products added to the basket, authentication data, data on the content viewed, and data on other activities carried out on
the website or in the application. We combine your user ID with other data provided by you (such as email address or telephone number).
Why do we use cookies?
Some cookies are necessary for the functioning of websites and applications and the use of their resources. They increase their efficiency so that you can find the information you need faster.
Some cookies are also used to obtain information for analytical and statistical purposes or for marketing purposes (e.g. providing you with tailored advertising based on your activity, or retargeting, i.e. providing you with a specific advertisement on other websites). Cookies, except for those that are necessary for our websites and applications to run, are installed subject to your consent.
Do we use third party cookies?
Yes, when you use our websites or applications, you may receive cookies from the third parties that cooperate with us. We use those cookies mainly for analytical and marketing purposes.
We use the following tools provided by third parties related to the use of cookies and identifiers:
● Google Tag Manager – a tool for managing tags placed on websites. The tool itself does not use cookies, but helps manage tags that may lead to the storage of cookies.
Analytical tools
● Google Analytics – a tool that collects analytical data, i.e. count visits to websites or applications, measure the duration of visits and determine which functionalities or parts of websites or applications are used or visited most often. Google Analytics uses cookies and creates pseudonymised user profiles. The IP addresses obtained by the tool are anonymized so that they cannot be assigned to a specific user. To block the collection of information about your activity by Google Analytics, go to: tools.google.com/dlpage/gaoptout
● Hotjar – a tool that collects analytical data about the behaviour and preferences of users on our websites, e.g. time spent on specific pages or the most frequently clicked items. Hotjar stores this information in a pseudonymised user profile. Neither Hotjar nor we will use this information to identify individual users or to match it with further data on an individual user. To block the collection of information about your activity by Hotjar, go to: help.hotjar.com/hc/en-us/articles/360002735873-How-to-Stop-Hotjar-From-Collecting -your-Data
● Survicate - a tool used to conduct surveys that determine customer satisfaction levels in order to improve and refine offered products and services.
Marketing tools
● SALESmanago – tool supporting the automation of marketing and sales processes, including the processing of marketing and sales data and their complex analytics in
the multi-channel model – i.e. in a model that allows the user to be reached via various channels (such as websites, push notifications, SMSs, MMSs, -mail, chat, telephone) and various devices (such as computers, smartphones, tablets, telephones)
● Google Ads – Google’s advertising platform for running text, image and video ads as well as displaying sponsored links in the search results of the Google search engine and on cooperating websites under the Google AdSense programme
● Google Marketing Platform – a platform that allows us to use many Google marketing tools in order to provide users with tailored ads, avoid displaying ads that the user has already seen, optimise campaigns and monitor their progress. To block the Google advertising tools, use the information available at www.google.com/settings/ads/plugin
● Facebook (Meta) Ads Manager – Facebook’s advertising system for creating, purchasing and managing ads within the Facebook, Instagram, and Messenger social networks, and Facebook’s Audience Network. We use the Facebook Pixel on our websites. It allows us to track activity on our website, and on this basis show you ads tailored to your needs or display ads to other Facebook users whose profile is similar to yours. Facebook users can manage their ad preferences at www.facebook.com/ads/preferences (in addition, in Ads settings, you can also disable the possibility of personalising ads Facebook ads that use data provided by us); other users can do this at www.facebook.com/settings/ads/ or at www.youronlinechoices.com/pl/twojewybory.
In addition to the above tools, our websites and applications use cookies from other third party advertisers. Our cookies, cookies of providers of the specified tools and cookies of other third parties collect information about user activity on our websites or applications. This information is used for profiling for marketing purposes, displaying personalised content and offers tailored to your potential interests or profile, and running advertising campaigns, including retargeting.
These cookies collect information on your visits to our websites and your activities there. They allow us and third party providers to target our marketing message to specific groups of users, users who previously visited our websites or applications, and monitor the progress of advertising campaigns.
You can block targeted ads from “About Ads” providers at www.aboutads.info/choices or “European Interactive Digital Advertising Alliance” providers at www.youronlinechoices.com/pl/twojewybory. The block should be set for each browser. It will remain in effect until you remove cookies from your browser.
If you do not want your data to be used for marketing purposes, please contact us at gdpr@profitroom.com
How to manage cookies?
You can manage your cookie settings via the cookie banner available on the Website.
Except for the cookies necessary for the website operation, we only use cookies with the user’s consent. At any time, you can go to the browser settings to disable cookies, delete any cookies already stored or modify the option of storing them on your device or by cookie baner. Remember that changing your browser settings by disabling or limiting the possibility of storing cookies may limit the functionality of websites or applications.
In the menu bar of each web browser, go to the “Help” section to find information on how to manage cookie settings. Below you will find details about how to manage cookie settings in the most popular browsers:
● Edge
● Chrome
● Safari
● Firefox
Additional important information concerning Website operation:
Location
You can consent to the use of location data in your browser, application or device settings. We use this feature to provide you with information such as the location of the nearest fitness club or to display personalised ads and offers based on your location.
How do I turn off location sharing?
You can turn off location sharing using the application, device or browser settings:
● Edge
● Chrome
● Safari
● Firefox
5. FINAL PROVISIONS
Any disputes or claims arising from or in connection with the implementation of the Privacy Policy shall be subject to the jurisdiction of Poland, and the local jurisdiction of the court is
determined for our headquarters, subject to the provisions of the consumer's or data subject's applicable law. In this case, these provisions apply and this provision is excluded.
In case of a dispute, it can be resolved amicably and this allows for the resolution of disputes through the Internet using ADR entities (entities entitled to amicable dispute resolution). The platform is available at: http://ec.europa.eu/consumers/odr/.
We reserve the right to change the Privacy Policy by publishing a new content of the Privacy Policy on the Website, which shall be effective on the date specified therein. In addition, we reserve the right to update the list of cookies on an ongoing basis.
In the event of any change and/or invalidation of any of the provisions of the Privacy Policy as a result of a final court ruling, the remaining provisions shall remain in force.