Pursuant to Article 13 of the General Data Protection Regulation dated 27 April 2016 (GDPR), we hereby provide the following information regarding data processing by the Administrator of the Service and the Partners:

SERVICE ADMINISTRATOR

  1. SalesMax, a company with registered office at no. 2A/17 Bajaderki Street, 02-776 Warsaw, Poland is the Controller of personal data.
  2. All personal data-related issues shall be directed to the above mentioned registered office address, by phone, by calling. +48 22 100 32 00, or by e-mail, to the following address: office@salesmax.com.
  3. Users’ personal data is processed for the purpose of:
    1. entering into and performance of the contract involving provision of services via the Service – data processing is required on legal grounds for the purpose of entering into and performance of a contract involving provision of services by electronic means (Article 6, point b) of paragraph 1 of GDPR);
    2. providing access to the data for the Controller’s Partners so as to enable them to carry out marketing activities regarding the products and services, including presentation of offers – user’s consent constitutes the legal basis for conducting the marketing activities related to products and services (Article 6, point a) of paragraph 1 of GDPR),
    3. entering into and performance of the contract with the Partners – the legal basis of processing is the legitimate interest pursued by the Controller, i.e. performance of the contracts and organization of the work with the Partners (Article 6, point f) of paragraph 1 of GDPR);
    4. fulfillment of legal obligations to which the Controller is subject, including enforcement of the rights of the data subjects – the legal basis is formed by the necessity of fulfillment of the legal obligations to which the Controller is subject (Article 6, point c) of paragraph 1 of GDPR);
    5. collecting of the information on Users and the traffic statistics in the Service – the legal basis is the Controller’s legitimate interest, i.e. organization and management of the Service as well as processing of statistical information to support the management and development of the business (Article 6, point f) of paragraph 1 of GDPR);
    6. providing response to a person who has contacted the Controller, reviewing of potential complaints as well as establishment, exercise and defense of legal claims – the legal basis is formed by the legitimate interest pursued by Controller, i.e. processing of complaints as well as establishment, exercise and defense of legal claims (Article 6, point f) of paragraph 1 of GDPR).
  4. Browsing of the information content of the Service does not require a User to provide any personal data. In a situation when a User wishes to use the service of having an offer matched to his/her preferences and interests by a Service’s Partner, provision of a User’s personal data shall be voluntary, however it shall be indispensable for the purpose of performance of the requested service.
  5. The following parties shall have access to personal data:
    1. the Controller’s duly authorized personnel and associates,
    2. the parties providing services to the Controller and at his instruction/request (i.e. the parties providing IT services, telecommunication services and support services) who need to have access to the data to be able to perform their obligations.
    3. Access to personal data can be also provided to duly authorized state institutions.
  6. A User’s personal data processed on the basis of:
    1. a contract shall be retained for a period of 12 months;
    2. a legal obligation – until the legal obligation is fulfilled and its fulfillment is discharged of;
    3. a legally justified interest of the Controller – until the interest is fulfilled, in particular until the expiry of the limitation period, or the until the time an effective objection against further processing is filed.
  7. User’s personal data can be used for automated decision-making, as defined by Article 22 of GDPR, including for profiling by virtue of Article 22 point a of paragraph 2 of GDPR (necessary for the performance of the contract between a User and the Controller). Such a decision may involve selection of a Partner, or Partners, to whom a User’s data will be transferred. Selection of a Partner, or Partners, depends on the information provided by a User, the scope of the provided personal data as well as the Partner’s technical and organizational capabilities to serve a given User.
  8. The data subject is entitled to:
    1. request access to his/her personal data, rectification of the data, deletion of the data or restriction of processing, as well as the right to transfer the data,
    2. revoke the consent in the scope in which personal data is processed on the basis of the data subject’s consent – withdrawal of the consent to data processing shall not affect compliance with the law of any processing performed before the consent was withdrawn,
    3. file, at any time, an objection against personal data processing for reasons associated with a special situation if the personal data processing was performed on the basis of a legitimate interest of the Controller,
    4. file a complaint with the President of the Office of Personal Data Protection in Poland or local regulatory authorities such as the Information Commissioner’s Office in the UK.
  9. Data transmission via the Service shall be secured with the use of SSL protocol.