PRIVACY POLICY



§ 1 General provisions


  1. This document (hereinafter also referred to as the "Policy") sets out the principles governing the processing of personal data by the Operator, in particular it also contains information on the scope of data stored and how they may be used. 

  2. Adam Anlauf conducting a sole proprietorship under the name DEPCORE Adam ANLAUF, Nowe Osiedle 2/54, 47-120 Zawadzkie, NIP: 7561851957, REGON: 160241082 (hereinafter also referred to as the "Operator") is the data controller of persons who are its customers or potential customers, i.e. the persons visiting the website and the persons having an account at www.yoomzy.com (Users). The Operator may process data as a processor or sub-processor on the basis and to the extent resulting from the personal data processing outsourcing agreement concluded with the customer. You may contact the Operator by e-mail at the address: adam@depcore.pl or by sending a letter by post to the address indicated in the first sentence.

  3. Operator processes personal data used during using of the plug-in available at www.yoomzy.com within the territory of the European Union, where the provisions of the GDPR apply. 

  4. Operator attaches particular importance to respecting the privacy of individuals whose data it processes, acting both as a controller and processor or sub-processor.

  5. Respecting the GDPR and the Act of 10 May 2018 on the protection of personal data, carefully selects and applies appropriate technical and organisational measures to ensure adequate protection of the processed data. In particular, the Operator secures the data against their access to unauthorised persons, as well as against their processing in violation of the applicable legal provisions. Operator shall exercise permanent control over the process of data processing and shall limit access to the data to the greatest possible extent, granting appropriate authorisations for data processing only if it is necessary for the proper conduct and use of the Service. Within the framework of the implemented Personal Data Security Policy and Instructions for Information System Management, the Operator informs about the following principles concerning protection of Users personal data.




§ 2 Collection of personal data


  1. Operator processes personal data of Users for the purpose of presentation of its products available through the website www.yoomzy.com or the conclusion and performance of the subject matter of an agreement. Information on the processing of personal data for these purposes shall be provided at the time of conclusion of a specific contract or at the request of the data subject prior to the conclusion of the contract or when User entering the website www.yoomzy.com. The legal basis is Article 6(1)(b) GDPR (in the case of the performance of an agreement) or (f) GDPR (in the case of the presentation of services at www.yoomzy.com). Providing data for processing is voluntary but necessary to conclude a contract, failure to process data using individual cookies may also affect the availability and presentation of services available at www.yoomzy.com.

  2. We process the personal data of employees and associates of our Users which we have obtained from them in order to enable us to perform the subject matter of the agreement concluded. This processing is limited to the necessary minimum. Information on the processing of personal data is provided at the time of conclusion of the contract or acquisition of the personal data. The legal basis is Article 6(1)(f) of the GDPR.

  3. Users personal data shall be processed until the execution of the contract, and thereafter may be processed when it is necessary to establish or assert claims or to defend against them. In addition, data will be processed for the period required by law (fulfillment of accounting and tax obligations).

  4. The personal data of employees and associates of our Users shall be processed for the period enabling the realisation of our legitimate interest, and afterwards it may be processed when it is necessary to establish or assert claims or to defend against them.

  5. Personal data may be disclosed to external entities, such as IT service providers, equipment repairers, advertising agencies, accounting offices, entities providing legal services.

  6. The www.yoomzy.com website Operator uses cookies to which the User has given their consent or has not objected during their first visit to the website or subsequent visits if User having deleted the settings concerning cookies from the browser settings. You can find out more about cookies here.

  7. During registering, it is required to provide the following data: first and last name, company name, e-mail address. When adding another user to the account it is required to provide the following data: name and surname, e-mail address, telephone number, department, website, which the user will integrate with the plugin available at www.yoomzy.com.

  8. Personal data is also collected to accept payments from Users. Payments are made using the external transaction system Stripe or Paypal. For this purpose, data collection includes information about credit or debit card number, bank account number, bank account holder or credit or debit card holder. 

  9. The Operator, acting as a processor, collects and processes personal data of the users of the User's website(s) on the basis and to the extent of the User's instructions under the agreement on entrusting the processing of personal data concluded by the Operator with the User who is the administrator of personal data processed with the use of the plugin provided by the Operator. 

  10. In the case of data processing as a processor or sub-processor on the basis and to the extent resulting from the personal data processing entrustment agreement concluded with the User, the User is the controller of such personal data or the processor, within the meaning of GDPR and shall be fully responsible in the case of lack of a legal basis for the processing of personal data entered into the Plugin or the processing of such data contrary to the purpose for which they were obtained or in breach of the principles indicated in Article 5 of GDPR.




§ 3 Rights of individual person


  1. Individual person whose data are processed by the Operator as the controller of such personal data has the right to obtain information about the processing of the data, including in particular the purposes and legal grounds for the processing, the scope of data possessed, the entities to which the data are disclosed, and the planned date of data erasure. He or she shall also have the right to obtain a copy of the data processed concerning him or her. 2.

  2. Individual person whose data is processed by the Operator as the controller of such personal data has the right to demand the removal of any inconsistencies or errors in the processed data, and to complete the data if it is incomplete.

  3. Individual person whose data are processed by the Operator as the controller of such personal data may request the erasure of data the processing of which is no longer necessary for any of the purposes for which they were collected

  4. Individual person whose data are processed by the Operator as the controller of such personal data may request the restriction of the processing of data concerning him/her. The Administrator shall then cease performing operations on the data, with the exception of such operations to which the individual has given his or her consent. The Administrator shall then also cease to store such data, in accordance with the retention rules adopted or until the reasons for the restriction of data processing cease to exist.

  5. Individual person whose data are processed by the Operator as the controller of such personal data has the right to object at any time to the processing of data which is carried out on the basis of a legitimate interest of the Administrator. The objection in this regard shall contain a justification. In case of data processing for marketing purposes, Individual person  who is the subject of the data has the right to object at any time to the processing of data in this regard without having to justify the objection.

  6. Individual person whose data are processed by the Operator as the controller of such personal data to the extent that the data are processed in an automated manner in relation to the concluded contract or the given consent - may request the Administrator to issue the data in a computer readable format. It is also possible to request the data to be sent to another entity, however, on condition that technical capacities of both the Administrator and the indicated entity exist in this respect.

  7. If the data are processed on the basis of expressed consent, inividual person whose data are processed by the Operator as the controller of such personal data, has the right to withdraw it at any time. The withdrawal of consent shall not affect the lawfulness of processing carried out before the withdrawal of consent.

  8. If it is determined that the processing of data is incompatible with the provisions of the GDPR or other regulations on personal data protection, Individual person  whose data is processed by the Operator as the controller of such personal data may lodge a complaint with the supervisory authority supervising the processing of personal data competent for the place of his/her habitual residence, place of work or place where the alleged infringement has been committed. In Poland, the supervisory authority is the President of the Office for Personal Data Protection.