Privacy Policy
Last Updated: [12.02.2024]
At OCAS IT Sp. z o.o., we value your privacy and are committed to protecting your personal data. This
privacy
policy ("Policy") explains how and why we collect, store, and use personal data. It also provides
information about
your rights with respect to your personal data.
This Policy applies to both personal data provided to us by individuals and organizations. We may use
personal data
provided to us for the purposes outlined in this Policy or as disclosed at the point of collection.
Please read this Policy in conjunction with the Terms of Use of OCAS IT Sp. z o.o. and, when
applicable, with the
Agreement between the Customer and OCAS IT Sp. z o.o.
What terms are used in this Privacy Policy?
In this Policy:
- - "Affiliate" means any company, corporation, or other entity that directly or indirectly
controls, is
controlled by, or is under common control with either OCAS IT Sp. z o.o. or the Customer.
- - "Agreement" refers to the General Terms and Conditions of OCAS IT Sp. z o.o., any order form
or contract
proposal accepted by the Customer, documentation relating to the Services, and applicable
Special Terms and
Conditions of OCAS IT Sp. z o.o.
- "OCAS IT Sp. z o.o." means OCAS IT Sp. z o.o., a legal entity registered in Europe, with the
following details
- - NIP (Tax Identification Number): 8971915605
- - REGON (National Business Registry Number): 523920098
- - KRS (National Court Register): 0001008210
- - Address: Sw. Mikolaja street 30/31/1C, 50-043 Wroclaw, Poland
- - Email: office@ocas.pl
- - "Customer" means the legal or natural person subscribing to the Services.
- - "Data Protection Legislation" refers to EU Regulation 2016/679 on the protection of natural
persons with
regard to the processing of personal data (General Data Protection Regulation or GDPR) and
Directive 2002/58/EC
concerning the processing of personal data and the protection of privacy in the electronic
communications sector,
as well as any relevant national legislation and regulations implementing them.
- - "Services" encompass the products and services of OCAS IT Sp. z o.o. and its Affiliates to
which the Customer
has subscribed under the Agreement.
- - "User" refers to visitors of the Websites and/or users of the Services on behalf of the
Customer.
- "You" and "Your" refer to Customers, individuals associated with Customers, Users, contacts,
suppliers, and job
applicants.
- "We," "Us," and "Our" refer to OCAS IT Sp. z o.o.
- "Websites" refer to all internet pages and applications provided and operated by OCAS IT Sp. z
o.o.
- Terms such as "personal data," "processing," "data subject," "data controller," "data
processor," and
"supervisory authority" have meanings as set out in applicable Data Protection Legislation.
What personal data do we collect and process?
Depending on your relationship with us, OCAS IT Sp. z o.o. may act as a data controller or data
processor for your
personal data. Our contact details are provided above
Who is responsible for your personal data?
Depending on your relationship with us (e.g., customer, vendor, applicant), we may collect and
process some of the
following personal data from you:
- - Contact Data, including your name, address, telephone number, language, educational or
professional
background, tax status, employee number, job title and function, seniority, and other personal
data relevant to
our Services.
- - Financial and Payment Data, including bank account information and other data necessary for
processing
payments and fraud prevention.
- - Business Information, including information provided in the course of Agreements or
voluntarily provided by
you or your organization.
- - Communication Information, including the content of communications exchanged between you and
us or between you
and other Users.
- - Profile and Usage Data, including your preferences for receiving marketing information from
us, your
communication preferences, and information about how you use our Services and Websites.
- - Technical Data, including information collected during your visits to the Websites (e.g., IP
address, login
data, browser type, device type, time zone setting).
- - Geolocation Data, including information about your locations or estimated time of arrival
collected during
your use of the Services.
- - Physical Access Data, relating to details of your visits to our premises.
- - If you provide information about any person other than yourself (e.g., family members,
employees,
counterparties, suppliers), you must ensure that they understand how their information will be
used and that they
have given their permission for you to disclose it to us.
How do we collect your personal data?
We collect personal data in various ways:
- - When you use any of our Services.
- - When you seek advice from us.
- - When you offer to provide or provide services to us.
- - When you correspond with us by phone, email, or other electronic means, or in writing.
- - When you provide other information directly to us, including in conversations with our staff,
external
providers, or consultants.
- - When you browse, complete a form, make an enquiry, or interact on our Websites or other online
platforms.
- - When you attend our events or sign up to receive information from us.
- - By making inquiries from your organization or other organizations with which you have
dealings.
- - By making inquiries from third-party sources such as government agencies, credit reporting
agencies, database
and information service providers, or publicly available records.
How will we use your personal data and on what basis?
We will use your personal data for the following purposes and on the following legal bases:
- - Providing information about our Services.
- - Registering you as a new customer or supplier.
- - Managing and administering our relationship with you and your organization, including
processing payments,
accounting, auditing, billing, and collection.
- - Conducting identity verification, credit checks, fraud prevention, and anti-money laundering
checks.
- - Providing customer support, including responding to your requests and complaints.
- - Notifying you about changes to our terms or privacy policy.
- - Conducting market research and analysis.
- - Administering and protecting our business and our websites.
- - Delivering content and advertisements to you and measuring the effectiveness of that content
and those
advertisements.
- - Improving the content and navigation of our websites.
- - Sending you personalized marketing communications.
The processing is necessary for compliance with a legal obligation to which we are subject,
including:
- - Complying with applicable laws, regulations, court orders, government and regulatory requests,
and industry
standards.
- - Performing audits, complying with export controls, and filing reports to regulatory
authorities.
- - Managing and auditing our business operations, complying with internal policies and
procedures, and managing
risk and legal claims.
- - Coordinating with law enforcement agencies and other governmental bodies, as permitted by
applicable laws.
The processing is necessary for the legitimate interests pursued by us or by a third party,
including:
- - Protecting our business interests and legal rights, including but not limited to use in
connection with legal
claims, compliance, regulatory, and investigative purposes (including disclosure of such
information in connection
with legal process or litigation).
- - Administering and managing our relationships with Affiliates, including transferring personal
data between
Affiliates.
- - Administering, operating, and improving our Services.
- - Managing and securing our communications, networks, and other systems.
- - Detecting, preventing, or investigating security breaches, fraud, and other prohibited or
illegal activities.
- - Complying with requests from your organization (e.g., to provide information to your employer
or business
partner about your use of the Services).
- - Keeping our records accurate and up to date.
The processing is necessary for the establishment, exercise, or defense of legal claims, including:
- - Exercising our rights and enforcing our legal obligations and rights arising from contracts or
other
agreements.
- - Pursuing or defending against legal claims in court or in other dispute resolution
proceedings.
The processing is based on your consent, including:
- - Sending you marketing communications when we do not have an existing business relationship
with you or when
required by applicable law.
- - Using cookies or similar tracking technologies on our websites as described in our Cookies
Policy.
Who may have access to your personal data?
Your personal data may be shared with the following categories of recipients:
- - Our Affiliates, including entities in which we hold a majority share, are controlled by us, or
are under
common control with us.
- - Service Providers, including third parties that provide services on our behalf, such as
payment processing, IT
and system administration, hosting, research and analytics, marketing, customer support, and
data enrichment.
- - Professional Advisers, including lawyers, auditors, insurers, and other professional advisers.
- - Regulators and Authorities, including tax authorities, courts, and governmental bodies to
comply with our
legal and regulatory obligations.
- - Business Partners, including third parties with whom we partner to offer joint marketing and
promotional
activities.
- - Acquirers and Merger Parties, in connection with any merger, sale of company assets,
financing, or acquisition
of all or a portion of our business by another company.
- - Compliance with Legal Obligations: We may also disclose your personal data to third parties
when required by
law or in order to comply with legal obligations, including responding to requests from law
enforcement
authorities and court orders.
How do we protect your personal data?
We take the security of your personal data seriously and implement appropriate technical and
organizational
measures to safeguard it. We limit access to your personal data to those employees, agents,
contractors, and other
third parties who have a legitimate need to know. We have procedures in place to deal with any
suspected data breach
and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long will we retain your personal data?
We will only retain your personal data for as long as necessary to fulfill the purposes for which it
was collected,
including satisfying any legal, accounting, or reporting requirements. To determine the appropriate
retention period
for personal data, we consider the amount, nature, and sensitivity of the personal data, the
potential risk of harm
from unauthorized use or disclosure of your personal data, the purposes for which we process your
personal data, and
whether we can achieve those purposes through other means.
How can you manage your personal data?
You have certain rights with respect to your personal data, subject to local Data Protection
Legislation. These
rights may include:
- - Access: You have the right to request a copy of the personal data we hold about you.
- - Correction: You have the right to request correction of any incomplete or inaccurate personal
data we hold
about you.
- - Erasure: You have the right to request the deletion or removal of your personal data when
there is no
compelling reason for us to continue processing it.
- - Restriction: You have the right to ask us to suspend the processing of your personal data in
certain
circumstances.
- - Object: You have the right to object to the processing of your personal data where we are
relying on a
legitimate interest (or those of a third party) and there is something about your particular
situation that makes
you want to object to processing on this ground.
- - Data Portability: You have the right to request the transfer of your personal data to you or
to a third party
in a structured, commonly used, machine-readable format. Note that this right only applies to
automated
information that you initially provided consent for us to use or where we used the information
to perform a
contract with you.
- -Withdraw Consent: If you have given your consent to the processing of your personal data, you
have the right to
withdraw your consent at any time.
Information about data subject rights.
According to the GDPR, the data subject has the following rights:
- - Right to access (Article 15);
- - Right to rectification (Article 16);
- - Right to erasure (Article 17);
- - Right to restriction of processing (Article 18);
- - Right to object to processing (Article 21);
- - Right to data portability (Article 20).
Information about the right to object.
If processing is based on lit. (a) of Article 6(1) GDPR (consent) or Article 9(2) related to special categories of personal data, i.e., based on the data subject's consent, we inform you that you have the right to withdraw your consent at any time. However, the withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.
These rights can also be exercised with our organization: office@ocas.pl.
Information about the appeals procedure.
The user has the right to lodge a complaint with the supervisory authority, which in the Republic of Poland is the President of the Office for Personal Data Protection, if the user believes that the processing of their data violates the provisions of the GDPR.
Automated decision-making and profiling.
OCAS IT does not undertake any measures regarding automated decision-making (e.g., creditworthiness analysis) or profiling (e.g., information about the preferences or behavior of the data subject) within the meaning of Article 22 of the GDPR.
How can you contact us?
If you have any questions about this Policy or would like to exercise any of your rights, please
contact us using
the following contact details:
- - OCAS IT Sp. z o.o.
- - Website: [ocas.pl]
- - Address: Sw. Mikolaja street 30/31/1C, 50-043 Wroclaw, Poland
- - Email: office@ocas.pl
Changes to this Privacy Policy
We may update this Policy from time to time to reflect changes in our practices, technologies, legal
requirements,
and other factors. We will notify you of any material changes by posting the updated Policy on our
Websites and
updating the "Last Updated" date at the beginning of this Policy. We encourage you to check this
page regularly to
stay informed about how we collect, process, and protect your personal data
Effective Date: [14.12.2022]