Privacy Policy Monterail

How do we process your personal data?

When as a natural person you contact us or use our services, regardless of whether you act on your behalf or on behalf of another entity (e.g. our client, supplier, etc.), or when we have obtained your personal data from other sources (e.g. from publicly available industry websites or when your personal data has been disclosed to us as a contact for the purpose of execution of the contracts), we start to process your personal data. We approach all information about you responsibly and in accordance with the law - in particular with GDPR. Your privacy is important to us. This policy explains what personal data we collect and how we process them. It also explains how our website uses cookies.

I. Basic concepts

Data controller - Monterail Sp. z o. o. with its registered office in Wrocław, at 27-29 Oławska Street, 50-123 Wrocław, Poland, registered with the Register of Entrepreneurs of the National Court Register maintained by the District Court in Wrocław-Fabryczna, VI Commercial Division of the National Court Register, under entry number KRS 0000357415, NIP [taxpayer ID] 778-147-18-20, REGON [enterprise ID] 301447685, share capital: PLN 5.000, contact email: gdpr@monterail.com.

Personal data - all information that we process related to you. For example: first name and last name, email address, payment details etc;

Processing – all operations that we perform on your personal data. This includes e.g.: collecting, storage, updating, sending correspondence, analysing in order to issue an invoice, and erasure;

GDPR  - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/E

II. Whose personal data do we collect?

We may process your personal data, if:

  1. you are our potential or current client or supplier;

  2. you are an entity (or you are providing services to an entity), that we want to advertise or sell our services to;

  3. you are providing services / work for our client or supplier or to an entity, that uses our services or products developed by us (you act on behalf of them e.g. as their employee, associate, representative);

  4. you are interested in actions that we undertake (e.g. as part of contact with media).

Information that we DO NOT collect - children

We do not knowingly solicit personal information of children under the age of 18. We do not knowingly collect personal information of and from children under the age of 18. If we learn that a child under the age of 18 has provided us with personal information without parental consent, we will take steps to delete it.

III. When we may process your personal data?

We may process your personal data received directly from you or from other sources. Therefore your personal data may be processed:

  1. If you have provided us with your personal data via various means of communication or via contact forms or registration forms (e.g. by sending us an inquiry / offer, via email, by telephone or via our website, by registering to an event organized by us);

  2. If you sign up for our newsletter or download any content from our website;

  3. In the case of conclusion or performance of a contract, including in cases when your personal data has been provided to us as contact data for the purpose of proper performance of the above contract;

  4. If we have received your personal data from other source (e.g. from an entity that is our contractor / client, during events or from publicly available sources / websites).

V. How long do we process your data?

We process personal data only for the time necessary to achieve the purpose(s) for which it was originally collected, after which it will be deleted, except to the extent that it is necessary for us to continue to process it for the purpose of compliance with legal obligations to which we are subject or for another legitimate and lawful purpose. 

As a rule, personal data processed on the basis of our legitimate interest are processed until the objection to processing or the fulfilment of the purpose for which it has been processed. If you are not our contractor, we store data gathered only in connection with our current communication, depending on the category of each information - for a period of several weeks (some cookies) to the maximum of 3 years (more specific inquires and conversations, which may be important for our future contact).

Data processed on the basis of the consent are processed until its withdrawal or fulfilling the purpose, for which it has been granted.

Data related to the performance of a contract that we have concluded are stored for the duration of the contract and usually for a period of maximum 7 years after its termination, what results from the tax regulations and limitation period of some claims.

The above periods may be extended, as appropriate, in the event of any possible claims and court proceedings - for the duration of these proceedings and their settlement, and also if we are obliged to further processing of such data to meet legal obligations.

VI. Who has access to your personal data?

Your personal data will only be accessed by duly authorized employees or associates of Monterail, who are obliged to maintain them in secrecy and not to use them for purposes other than those for which Monterail obtained such data, and entities which support us in providing services such as email marketing platforms, IT service providers or contact tools (communicators), legal and consulting services providers, insurance providers.

All these persons and entities have access only to the personal data that are necessary to perform specific actions by them.

It is possible that some of the entities that provide us with solutions may be based outside the European Economic Area (EEA). In each case of data transmission outside the EEA, we apply all required safeguards, including standard data protection clauses adopted pursuant to decisions of the European Commission, we conclude data processing agreements that meet the requirements of the GDPR and in the case of data transmission to the US, we verify the participation of our partners in the Privacy Shield program (more: https://www.privacyshield.gov/) and their compliance with other relevant laws. You have right to access the list of such recipients and a copy of the security measures we apply for the transfer of personal data to third countries by contacting us at gdpr@monterail.com.

We may also be required to provide specific information to public authorities for the purposes of proceedings conducted by them. In this case, any information are provided only if there is a proper legal basis for it.

VII. What are the “cookies” files and similar technologies? How and in what purpose do we use them?

What are cookies and other similar technologies?

Cookies are small data files that are stored on your device (computer, phone, etc.) when you browse our website. We use cookies and other similar technologies, including pixel tags, to recognise you as a returning user, to improve the quality of our service, to collect statistical data, and also for marketing purposes. We also process them to analyse the popularity and effectiveness of our offers and content. These cookies enable the website to recognise the user's device and display the content accordingly, customising it to the user's specific preferences. 

Cookies usually contain the name of the website from which they originate, the length of time they are stored on your device and a unique number. Cookies can store, among others, the following information: (i) IP address; (ii) unique cookie identifier, cookie information and information about whether your device, as a visitor to our website, has software to access certain features; (iii) unique device identifier and device type; (iv) domain, browser type and language, (v) operating system and system settings; (vi) country and time zone; (vii) previously visited websites; (viii) information about your interaction with our website, such as content you have viewed and the preferences you have indicated; and (ix) access times and referring URLs.

Not all information collected through cookies would be considered personal data under the GDPR. However, if you have provided your personal data to us in the past, for example, by contacting us via a contact form, cookies can sometimes be linked directly to your data, for example, by linking ID numbers in cookies with other information related to you. 

 

What are cookies and other similar technologies?

We use cookies and other similar technologies in order to ensure that our website works properly and to perform its key functions. 

Notwithstanding the above, depending on the extent of cookie use to which you consent, we may – with your consent – track how visitors use the website to understand their preferences. We also use cookies to obtain aggregated data about site traffic and site interactions, to identify trends and obtain statistics so that we can improve our website. This also enables us to customise the content of our website and to present you with advertisements tailored to your preferences, even off our website. 

We use two types of cookies on our website: session cookies, which remain stored on your device until you leave our website or turn off your software (web browser), and permanent cookies, which remain on your device for the time specified in the parameters of the cookies or until they are manually deleted in your web browser.

We use the following types of cookies on our website:

  1. necessary (technical) cookies – they include cookies that are essential for the proper functioning of the website and to enable the website to function properly;

  2. preference cookies – they enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in;

  3. statistical cookies – they are used to analyse user behaviour within the website, for statistical and analytical purposes (to improve the website performance); they help us achieve our legitimate objectives of improving the way our website works, for example, by ensuring that visitors to our website can easily find what they are looking for;

  4. marketing cookies – they are used to analyse the behaviour of our website users in order to match their interests and preferences with the advertising content displayed to them, both on and off our website.

Detailed information on the cookies that we use (including information on their provider, file type, their function and how long they are stored) can be found in the “Manage cookies” or similar section on the cookie banner – you can open it at any time by clicking HERE.

 

Third-party cookies?

Detailed information on the cookies that we use (including information on their provider, file type, their function and how long they are stored) can be found in the “Manage cookies” or similar section on the cookie banner – you can open it at any time by clicking HERE.

We may also work with other companies in respect of their marketing (advertising) or analytical activities. Cookies from these entities may also be stored on your device for that purpose. These are called “third-party cookies”. 

The aforementioned entities may become controllers of your Personal Data in connection with the use of their cookies on our website. For more information on the cookies of these entities, please refer to their privacy policies. For a list of third-party cookies and the entities that provide them, and information on the privacy policies of these entities, see the cookie banner, which you can open by clicking HERE

 

Managing cookies

You can change the way cookies are used at any time by managing the consents you have given in the privacy settings on our website or in your browser. To do so, you need to change your privacy settings on our website or in your browser. In particular, you may withdraw consent you have previously given, however, this will not affect the lawfulness of any action taken on the basis of your consent before its withdrawal. 

If you wish to manage your cookie consents on our website, we provide a tool for this purpose. Its interface shows all types of cookies with their description and also allows you to decide which types of cookies you accept. You can easily change these settings at any time using the dedicated functionality available under the “Managing cookies” button. It is displayed at the bottom of the page at all times when you use our website. You can also see or manage your cookie settings by clicking HERE at any time.

Most browsers also provide functions for viewing and deleting cookies. Please remember that disabling or blocking certain cookies may prevent or significantly hinder the proper functioning of our website, for example by slowing it down.

Browser producers provide help pages on how to manage cookies in their products. You can find more information below

Google Chrome
Internet Explorer
Mozilla Firefox
Safari (Desktop)
Safari (Mobile)
Android Browser
Opera
Opera Mobile

For other browsers, please consult the documentation that your browser manufacturer provides.

VIII. Contact details of Monterail and Data Protection Officer

The data controller of your personal data is Monterail Sp. z o.o. with its registered seat in Wrocław.
Address: 27-29 Oławska Street, 50-123 Wrocław, Poland
Contact e-mail address: gdpr@monterail.com
Data protection officer – Mateusz Borkiewicz. Direct contact to DPO: gdpr@monterail.com

IX. What are your rights regarding the processing of your personal data by Monterail?

Please note that the instructions given below are only a recommendation, not a requirement.

  1. Access to your personal data
    You may ask us at any time for access to your personal data, in order to check what data about you we process and to obtain detailed information regarding:

    1. whether we are processing your personal data,

    2. for what purpose,

    3. what categories of data we are processing,

    4. who is the recipient of your data,

    5. what is the planned duration of processing (if possible), and if we are not able to say, the criteria for determining that duration,

    6. if the personal data has not been given by you – all available information about the source of the data.

  2. Right to rectify the personal data

    If, in your opinion, information about you is or has become inaccurate or incomplete, you have the right to demand that data is rectified or made complete.

  3. Right to erasure of the personal data
    In certain situations, GDPR gives you the “right to be forgotten.” You can invoke this right if we are still processing your personal data, particularly in the following cases:

    1. the personal data is no longer vital for the purposes for which it was collected or otherwise processed;

    2. you revoked consent to the processing of personal data and there is no other legal basis for continuing to process it;

    3. you object to the processing of your personal data when there are no overriding, legitimate grounds for processing;

    4. you object to the processing of your personal data for marketing purposes;

    5. your data is processed in a manner that violates the law;

    6. the law requires that we erase your data.

  4. Right to restriction of processing

    You can demand that we limit processing of your personal data when:

    1. you question the correctness of personal data we are processing – for a period of time that allows us to determine the correctness of that data;

    2. the processing of your personal data violates the law, but you prefer that processing be restricted rather than the data be erased;

    3. we no longer need your personal data for the purposes of processing, but you need it for establishing, pursuing, or defending legal claims;

    4. you have objected to the processing of your personal data – only until the dispute has been resolved.

    Effective submission of a request for restriction of processing personal data, will limit the actions taken by us on the data indicated by you and in the scope of particular operations/purposes to necessary minimum - basically only to storage.

  5. Right to data portability

    You have the right to receive your data in a commonly-used format that can be read by a computer, and also to have your data sent to another data controller.

    You may invoke this right, if:

    1. processing is done on the basis of your consent or a contract; and

    2. processing is done in an automated manner.

  6. Right to object

    In certain situations, you have the right to object to some operations we perform on your personal data. You may invoke you right:

    1. when processing of your personal data is based on Article 6(1)(e) GDPR that is, when processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Monterail, including profiling, on grounds relating to your particular situation;

    2. when processing of your personal data is based on Article 6(1)(f) GDPR that is, when processing is necessary for the purposes of the legitimate interests pursued by Monterail or by a third party, including profiling, on grounds relating to your particular situation;

    3. when personal data are processed for direct marketing purposes, at any time and to the extent that it is related to such direct marketing;

    4. when we process your personal data for purposes related to scientific or historical studies, or for statistical purposes, on grounds relating to your particular situation.

    Remember, however, that when despite of your objection we conclude that there are important, legitimate grounds for processing that override your interests, rights and freedoms, or the basis for establishing, pursuing or defending claims, we will continue to process your personal data encompassed by the objection. If you disagree with such an assessment of the situation, you can exercise your right to file a complaint with the relevant public authority (more information below).

  7. Complaints to the relevant public authority

    In connection with our actions as the data controller of your personal data, you have the right to file a complaint to the relevant data protection authority.

    If you would like to file a complaint to the data protection authority, you can find list of local authorities responsible for data protection across the EU and their contact details at: https://edpb.europa.eu/about-edpb/board/members_en

    In Poland this function is performed by President of the Personal Data Protection Office (PUODO). A detailed description of the complaint procedure is available on the website maintained by PUODO at: https://uodo.gov.pl/pl/83/155.

Last update: 12.06.2023