Privacy policy
The Privacy Policy (hereinafter: “Policy”) contains information about the processing of your personal data in connection with the use of the Internet Service “SECNewgate Central and Eastern Europe”, operating at the following Internet address: http://www.secnewgatecee.com (hereinafter: “Website”).
Personal data controller
Your personal data Controller is SEC NEWGATE CEE spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw (registered office address: ul. Wiejska 17 lok. 9, 00-480 Warsaw), entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw, XIII Economic Division of the National Court Register under KRS number: 0000879140, holding NIP: 5213918339, REGON number: 387909319, holding share capital of PLN 6,450.00 (six thousand four hundred and fifty zlotys) paid in full (hereinafter: “Controller”).
In all matters related to the processing of personal data, you may contact the Controller by e-mail at: hello@secnewgate.com.
Personal data protection measures
The Controller applies modern organizational and technical safeguards to ensure the best possible protection of your personal data and ensures that it processes it in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: “GDPR”), the Data Protection Act of 10 May 2018 and other data protection legislation.
Information on personal data processed
The use of the Website requires the processing of your personal data. Below you will find detailed information about the purposes and legal grounds for the processing, as well as the duration of the processing and the obligation or voluntariness to provide it.
Cel przetwarzania | Przetwarzane dane osobowe | Podstawa prawna |
Handling of enquiries submitted by clients (including inquiries made by email or through the forms provided) | first and last name mail address mailing address telephone number other data contained in the message to the Controller | Article 6(1)(f) of the GDPR (processing is necessary for the Controller’s legitimate interest, in this case to respond to an enquiry received) |
The provision of the above-indicated personal data is voluntary, but necessary in order to receive a response to an enquiry (failure to provide such data will prevent you from receiving a response). The Controller will process the above-indicated personal data until an objection is successfully raised or the purpose of the processing is achieved (whichever occurs first). | ||
Cel przetwarzania | Przetwarzane dane osobowe | Podstawa prawna |
Establishment and assertion of or defence against claims | 1) name and surname /company name 2) e-mail address 3) address of residence /registered office 4) PESEL number 5) NIP number | Article 6(1)(f) of the GDPR (processing is necessary for the purposes of the Controller’s legitimate interest, in this case to establish, assert or defend against claims that may arise in connection with the performance of Agreements concluded with the Controller) |
Provision of the above-indicated personal data is voluntary, but necessary in order to establish, assert or defend against claims that may arise in connection with the performance of Agreements concluded with the Controller (failure to provide such data will result in the Controller’s inability to undertake the said activities). The Controller will process the above-indicated personal data until the expiry of the statute of limitations for claims which may arise in connection with the performance of Agreements concluded with the Controller. |
Cel przetwarzania | Przetwarzane dane osobowe | Podstawa prawna |
Fulfillment of data protection obligations | 1) name and surname, 2) contact details you have provided (e-mail address; mailing address; telephone number) | Article 6(1)(c) of the GDPR (processing is necessary for the fulfillment of a legal obligation incumbent on the Controller, in this case obligations under data protection legislation) |
Provision of the above-indicated personal data is voluntary, but necessary for the Controller to properly perform its duties under data protection legislation, including the exercise of rights granted to you by the GDPR (failure to provide such data will result in the inability to properly exercise the said rights). The Controller will process the above-indicated personal data until the expiry of the statute of limitations for claims for breach of data protection regulations |
Cel przetwarzania | Przetwarzane dane osobowe | Podstawa prawna |
Administration of the Website | 1) IP address, 2) server date and time, 3) web browser information, 4) information about the operating system. The above data is saved automatically in the so-called server logs every time the Website is used (administering it without the use of server logs and automatic saving would not be possible). | Article 6(1)(f) of the GDPR (processing is necessary for the Controller’s legitimate interest, in this case to ensure the proper functioning of the Website) |
The provision of the above-indicated personal data is voluntary, but necessary in order to ensure the proper functioning of the Website (failure to provide such data will prevent proper functioning of the Website). The Controller will process the above personal data until an objection is successfully raised or the purpose of the processing is achieved. |
Cel przetwarzania | Przetwarzane dane osobowe | Podstawa prawna |
Analysis of your activity on the Website | 1) the date and time of your visit, 2) the IP number of your device, 3) type of operating system of the device, 4) approximate location, 5) type of Internet browser, 6) time spent on the Website, 7) sub-pages visited and other actions taken on the Website | Article 6(1)(f) of the GDPR (processing is necessary for the Controller’s legitimate interest, in this case to obtain information about your activity on the Website) |
The provision of the above-indicated personal data is voluntary, but necessary in order for the Controller to obtain information about your activity on the Website (failure to provide such data will result in the Controller’s inability to obtain the said information). The Controller will process the above-indicated personal data until you successfully raise an objection or the purpose of the processing is achieved. |
Cel przetwarzania | Przetwarzane dane osobowe | Podstawa prawna |
Maintaining the Administrators’ profiles on Facebook, Instagram, LinkdedIn and X (collectively, the “Sites”) | the name of your profile;the data you put on your profile as “public”. | Article 6(1)(f) of the GDPR (processing is necessary for the Controller’s legitimate interest, in this case to maintain profiles on the Services) |
Provision of the above-indicated personal data is voluntary, but necessary in order for you to use the Controller’s profile on a given Service (the consequence of failure to do so will be the inability to use the Administrator’s profile). The Controller will process the above-indicated personal data until you successfully object or the purpose of the processing is achieved. The Controller informs you that it processes personal data processed for the purpose described above only with respect to your use of the Controller’s profile, and with respect to your other use of: 1. Facebook and Instagram – your personal data is processed by Meta Platforms Ireland Limited based on the terms and conditions and privacy policy established by it; 2. the LinkedIn service – your personal data is processed by LinkedIn Ireland Unlimited Company based on the terms and conditions and privacy policy established by it; 3. service X (Twitter) – your personal data is processed by X Corporation based on the terms of service and privacy policy established by it; You should address any questions or claims arising from your remaining use of the Sites directly to the above-mentioned entities. |
Profilowanie
The Controller will not process your personal data by automated means or profiling.
Recipients of personal data
The following third parties working with the Controller will be the recipients of the personal data:
- a website provider;
- a hosting companies;
- a company that provides IT/technical services to the Controller;
- companies that provide tools for analyzing activity on the Website (including Google Analytics);
- a company providing accounting services;
- a company providing legal services.
In addition, personal data may also be transferred to public or private entities if such an obligation arises from generally applicable law, a final and non-appealable court judgment or a final and non-appealable administrative decision.
Transfer of personal data to a third country
In connection with the Controller’s use of services provided by Google LLC or Meta Platforms Ireland Limited, your personal data may be transferred to the following third countries: UK, Canada, USA, Chile, Brazil,Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia and Australia. The basis for the transfer of data to the aforementioned third countries is:
– in the case of the UK, Canada, Israel, Japan and South Korea, decisions of the European Commission finding an adequate level of protection for personal data in each of the aforementioned third countries;
– in the case of the USA, Commission Implementing Decision (EU) 2023/1795 of 10 July 2023 pursuant to Regulation(EU) 2016/679 of the European Parliament and of the Council, finding an adequate level of protection for personal data provided under the EU-US data protection framework;
– in the case of Chile, Brazil, Saudi Arabia, Qatar, India, China, Singapore, Taiwan (Republic of China), Indonesia and Australia ,contractual clauses providing an adequate level of protection, in line with the standard contractual clauses set out in Commission Implementing Decision (EU)2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council.
You may obtain a copy of data transferred to a third country from the Controller.
Rights
In relation to the processing of personal data, you have the following rights:
- the right to be informed which personal data pertaining to you are processed by the Controller and to receive a copy of such data (the so-called right of access). The issue of the first copy of the data is free of charge, for subsequent copies the Controller may charge a fee;
- if the data processed become outdated or incomplete (or otherwise incorrect) you have the right to request rectification;
- in certain situations you may request the Controller to delete your personal data, e.g. when:
- the Controller no longer needs the data for the purposes communicated by it;
- you have effectively with drawn your consent to data processing – unless the Controller is entitled to process the data on another legal basis;
- the processing is unlawful;
- the need to delete the data arises from a legal obligation on the Controller;
- where your personal data is processed by the Controller on the basis of your consent to the processing or for the purpose of performing an Agreement with the Controller, you have the right to transfer your data to another controller;
- where your personal data is processed by the Controller on the basis of your consent to the processing, you have the right to withdraw that consent at any time (withdrawal of the consent does not affect the lawfulness of the processing carried out on the basis of the consent before its withdrawal);
- if you consider that the processed personal data is incorrect, its processing is unlawful, or the Controller no longer needs certain data, you may request that for a certain, necessary period of time (e.g. to verify the correctness of the data or to assert claims) the Controller refrain from performing any operations on the data, but only store them;
- you have the right to object to the processing of your personal data based on the Controller’s legitimate interests. If you successfully lodge an objection, the Controller will stop processing your personal data for the aforementioned purpose;
- you have the right to lodge a complaint with the President of the Personal Data Protection Office if you consider that the processing of your personal data violates the provisions of the GDPR.
Cookies
- The Controller hereby informs that the Platform uses “cookies” installed on your terminal device. These are small text files that can be read by the Controller’s system as well as by systems belonging to other entities whose services are used by the Controller (e.g. Facebook, Google).
- The Controller uses cookies for the following purposes:
- to ensure the proper functioning of the Website – using cookies, the Website may function efficiently, it is possible use its functions and move conveniently between the various subpages;
- to enhance the user experience of the Website – thanks to cookies, it is possible to detect errors on certain subpages and continuously improve them;
- to keep statistics – cookies are used to analyse how users use the Website. This makes it possible to constantly improve the Website and adapt its operation to the preferences of its users;
- to carry out marketing activities – with cookies, the advertising directed to users by the Controller may be tailored to their preferences.
- The Controller may place both permanent and temporary (session) files on your device.Session files are usually deleted when you close your browser, whereas closing your browser does not delete permanent files.
- Information about the cookies used by the Controller is displayed in the panel at the
bottom of the Website. Depending on your decision, you can enable or disable cookies of each category (except for essential cookies) and change these settings at any time.[C5]
5. The data collected through cookies do not allow the Controller to identify you.
6. The Controller uses the following cookies or tools that use them:
TOOL | PROVIDER | FUNCTIONS AND SCOPE OF DATA COLLECTION | PERIOD OF OPERATION |
Essentials cookies | Controller | moove_gdpr_popup This cookie stores your cookie consent preferences. It is necessary to manage your data protection compliance settings (e.g. GDPR) on the site. pll_language a cookie that stores the language selected by the user. This is necessary for the site’s functionality to ensure display in the user’s preferred language. The operation of essential cookies is necessary for the proper functioning of the Website, so you cannot disable them. Thanks to these cookies (which collect, among other things, your device’s IP number), it is possible, among other things, to inform you of cookies operating on the Website | Most of the essential cookies are session cookies, but some remain on your terminal equipment for a period of 12 months or until they are deleted; |
Performance (analytical) and marketing cookies | Google LLC (Google Analytics) | _ga Google Analytics cookie, which is used to distinguish between users and sessions. It helps to collect statistical data about how the site is used, which is not necessary for the basic functioning of the site. _ga_JRTYEQDH7Z A specific instance of the Google Analytics tracking cookie that tracks user interactions within a session. Like the one above, it is used to analyze user behavior on the site, which is helpful in optimizing the site, but not essential to its functioning. Performance (analytical) and marketing cookies help us grow and adapt to your needs. They allow us to measure the number and time of visits, analyze traffic and its sources, collect signals whether you receive messages about the occurrence of errors on the site. They also help us study the popularity of pages and forms, learn about your preferences and, based on this data, improve the functioning and performance of the site. The information collected by these cookies is aggregated, and is statistical in nature. | Up to 1 year or until they are removed (whichever comes first) |
7. Through most commonly used browsers, you can check whether cookies have been installed on your terminal device, as well as delete installed cookies and block the Website from installing them in the future. However, disabling or restricting the use of cookies may cause quite serious difficulties in the use of the Website, e.g. in the form of having to log in to every subpage, longer loading time of the Website, restrictions in the use of certain functions.
Final provisions
o the extent not covered by the Policy, the generally applicable data protection regulations shall apply.
The Policy shall be effective as of 2025.
Information on the processing of personal data
Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: “GDPR“), we kindly inform you that:
- The Controller of personal data of an individual participating in correspondence conducted by e-mail (hereinafter: “Addressee”) is SEC NEWGATE CEE spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw (registered office address: ul. Wiejska 17 lok. 9, 00-480 Warsaw), entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw, XIII Economic Division of the National Court Register under KRS number: 0000879140, holding NIP: 5213918339, REGON number: 387909319, holding share capital of PLN 6,450.00 (six thousand four hundred and fifty zlotys) paid in full (hereinafter: “Controller”).
- In all matters related to the processing of personal data, the Addressee may contact the Controller by e-mail at the following address: hello@secnewgate.com.
- The Controller may process the Addressee’s personal data for the following purposes:
- establishing and maintaining business contacts with the Addressee or the entity on whose behalf the Addressee contacts the Controller – on the basis of Article 6(1)(f) of the GDPR (processing is necessary for purposes arising from the Controller’s legitimate interest in establishing and maintaining business contacts);
- concluding an agreement between the Addressee and the Controller and its performance – pursuant to Article 6(1)(b) of the GDPR (processing is necessary for the conclusion and performance of the contract);
- concluding of a contract between the entity on whose behalf the Addressee contacts the Controller and the Controller and its performance – on the basis of Article 6(1)(f) of the GDPR (the processing is necessary for purposes arising from the Controllers legitimate interest, which is to ensure proper communication conducted for the purpose of concluding or performing a contract);
- fulfilling the obligations incumbent on the Controller under the provisions of the GDPR (m.in. creating registers and records) – pursuant to Article 6(1)(c) of the GDPR (processing is necessary for the Controller to comply with a legal obligation);
- establishing claims, pursuing them or defending them – pursuant to Article 6(1)(f) of the GDPR (processing is necessary for the purposes of the legitimate interest of the Controller, which is the protection of the Controller’s legal interests).
- The provision of personal data by the Addressee is voluntary, but the provision of data such as:
- name and surname;
- official position/function performed;
- e-mail address;
- telephone number;
– is necessary to carry out the activities indicated in point 4 above (failure to provide the above data will result in the inability to carry out the above activities).
- The Addressee’s personal data will not be used for automated decision-making, including profiling.
- In connection with the Controller’s use of services provided by Google LLC, Microsoft Corporation, Asana Inc., Pipedrive Inc., Zoom Technologies (which is the recipient of the Addressee’s data), the Addressee’s personal data may be transferred to the following third countries: Great Britain, Canada, USA, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia and Australia. The basis for the transfer of data to the above-mentioned third countries are:
- in the case of the United Kingdom, Canada, Israel, Japan and South Korea, decisions of the European Commission determining the adequacy of the level of protection of personal data in each of the above-mentioned third countries;
- for the USA, Commission Implementing Decision (EU) 2023/1795 of 10 July 2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council establishing an adequate level of protection of personal data as provided under the EU-US data protection framework;
- for Chile, Brazil, Saudi Arabia, Qatar, India, China, Singapore, Taiwan (Republic of China), Indonesia and Australia, adequacy contractual clauses in line with the standard contractual clauses set out in Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
The Addressee may obtain from the Controller a copy of the data transferred to a third country.
- Odbiorcami danych osobowych Adresata będą:
- group entities (related by equity or personality);
- a firm providing accounting services to the Controller;
- a law firm providing legal services to the Controller;
- a company providing data hosting services to the Controller;
- a company providing e-mail services to the Controller;
- a company that provides IT services to the Controller;
- a company providing remote communication tools;
- entities to which the Controller has a legal obligation to provide data.
- The Addressee’s personal data will be stored:
- for the duration of the contract – in the case of personal data that is processed for the purpose of entering into and performing the contract;
- until the expiry of the limitation periods – in the case of personal data that is processed for the purpose of establishing, pursuing and defending against claims;
- until the objection is effectively lodged or the purpose of the processing is achieved – in the case of personal data that the Controller processes due to its legitimate interest.
- In connection with the processing of the Addressee’s personal data by the Controller, the Addressee has certain rights:
- the right to be informed about what personal data concerning the Addressee is processed by the Controller and to receive a copy of this data (the so-called right of access). The issuance of the first copy of the data is free of charge;
- if the processed data becomes outdated or incomplete (or otherwise incorrect), the Addressee has the right to request their rectification;
- in certain situations, the Addressee may ask the Controller to delete their personal data, e.g. when:
- the data will no longer be needed by the Controller for the purposes of which he or she has informed;
- The Addressee has effectively withdrawn its consent to the processing of data – unless the Controller has the right to process the data on a different legal basis;
- the processing is unlawful;
- the necessity to delete the data results from a legal obligation incumbent on the Controller;
- the right to transfer data to another Controller – this applies only to the Addressee’s data that are processed on the basis of a contract and in an automated manner;
- the right to object to the processing of the Addressee’s personal data for the purposes of the legitimate interests of the Controller;
- if the Addressee considers that the personal data being processed is incorrect, the processing is unlawful, or the Controller no longer needs specific data, it may request that for a specified period of time (e.g. to verify the correctness of the data or pursue claims), the Controller does not perform any operations on the data, but only stores them;
- The Addressee has the right to lodge a complaint with the President of the Personal Data Protection Office if it considers that the processing of its personal data by the Controller violates the provisions of the GDPR or other provisions on the protection of personal data.