This Privacy Policy was drawn up based on the legal provisions in force, in particular the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, hereinafter referred to as “GDPR”.

Liftone highly respects your privacy. Therefore, in order to use the app Facegroovin’ we extract and process data only to the extent necessary to ensure proper and safe use of the app, maintain its reliability and development, so that it could be even better. Data are processed in a mobile and central app only to the extent necessary for its proper operation, whilst data are not transmitted to other entities without your consent, except as described below. In particular, we don’t register and don’t extract from a mobile device any picture from the device camera. Data are processed on servers located in Poland, in data centers secured in accordance with the applicable data protection standards, and data can be accessed only by persons we have authorized. For the purposes of analyzing the app use and development, we use anonymized data. Data transmission all the way from the device to our infrastructure is encrypted in accordance with the current data transmission security requirements. However, we don’t have any influence on security of the device on which you are using Facegroovin’. In order to prevent data from being stolen from a mobile device, remember about its proper configuration, especially the protection against unauthorized access, the settings of access to camera and microphone, and about not installing apps from unknown or unreliable sources and avoiding the use of unknown internet connections (e.g. public hot spots).

PERSONAL DATA

1. Data controller

The controller of personal data is Liftone Sp. z o.o. having its registered office in Szczecin, address: Pelikana 23 apt. 6 (71-698 Szczecin), entered into the Register of Entrepreneurs maintained by the District Court in Szczecin-Centrum in Szczecin, XIII Commercial Division of the National Court Register under the number KRS 0000814242, NIP 8513243539, the share capital of which amounts to PLN 5,000.00, e-mail: help@facegroovin.com, hereinafter referred to as: the “Controller”).

2. Categories of the personal data being processed

The Controller collects the personal data of:

• Facegroovin’ app users:  first name, contact details (email, phone no.) login, password in an encrypted form, age brackets, skin type, benefits the customer expects from the use of the app, date and time of using the app, session length, exercise type/name, saved pictures, selected music, settings of the app. 
• Website users Facegroovin’: IP address, server date and time, information about the operating system, the web browser, its version and language settings, the sites from which the customer was redirected, name of the requested web page or file;
• Persons corresponding through the contact form: first name, e-mail address, correspondence content, date, time and technical information related to the correspondence sent;
• Persons who have made an appointment in the treatment room: name, surname, contact details, appointment times, services ordered, time of order and technical information relating to the order;
• Newsletter recipients:: e-mail address, web browser type, newsletter recipient’s IP address;

- hereinafter referred to collectively as „Users”..

3. Data gathered and processed in the app

In order to enable the use of Facegroovin’, the app (mobile app and Facegroovin’ server) processes the following personal data: first name, address, age, skin type, the area of the body being exercised, preferences relating to the target and selection of exercises and music, the subscribed workout plans, time, frequency and intensity of using the app, the use of specific exercises, music and videos, chats with trainers and their contents, linkage with the Google, Apple, Facebook, Spotify, Instagram accounts. If you initiate communication with a trainer using the chat integrated with the app, the content of any such communication will be processed. These data are gathered in the local app and in the central app located on our servers. Profiling will be carried out on the basis of statistics from use of particular elements of the app in order to suggest sets of exercises tailored to you.

The local app also uses access to the mobile device camera, however this access is used only to enable the function of virtual mirror, which makes it possible to observe your own face during workout. This picture is not transmitted outside the mobile device and is not saved anywhere.

For the purposes of analyzing how the app is used, developing and adjusting it to the needs, we also extract statistical, anonymized data, not interlinked with any specific person, such as the number of displays of particular sessions, the number of views of individual programs, the phrases searched, statistics of purchased subscriptions, statistics of the time of using the app and other statistical data mentioned below in the description of particular analytical plug-ins.

4. Making personal data available

To provide the possibility to purchase the app, pay for the subscribed workout plans and gift cards, to log in, use music, sign up for newsletter, chat and push messages, to follow on Instagram, as well as to ensure smooth operation and development of the app, certain personal data are made available to our partners providing the said services:

• Google Play – purchase of the app, payments for subscription plans and gift cards and logging in. The use requires a registered Google account. Google may collect information related to a/m functions, including information about time, device, location and frequency of using it. For details on the data processed by Google go to: link.

• Apple Store – purchase of the app, payments for subscription plans and gift cards and logging in. The use requires a registered Apple account. Apple may collect information related to a/m functions, including information about time, device, location and frequency of using it. For details on the data processed by Apple go to: link.
• Facebook – logging in to the app. The use requires a registered Facebook account. Facebook may collect information related to a/m functions, including information about time, device, location and frequency of using it. For details on the data processed by Facebook go to: link.
• Spotify – use of music. If you are using the option of selecting music from outside the standard set provided by Facegroovin’, you must be a registered user of Spotify Premium. In this case the apps will exchange information relating to the music used. For details on the data processed by Spotify go to: link.
• Instagram – logging in to the app. The use requires a registered Instagram account. Instagram may collect information related to a/m functions, including information about time, device, location and frequency of using it. For details on the data processed by Instagram go to: link.
• OneSignal – if you enable the option of receiving notifications about new programs and news, the data necessary to send the information such as name, email address will be provided to OneSignal. For details on the data processed by OneSignal go to: link.
• Sentry – a plug-in enabling the transmission of app error logs, required for ensuring stability and development of the app. It extracts and analysis many technical data of the device, the app, connections, etc. necessary to ensure proper functioning of the app and to determine the cause of any possible errors. For details on the data processed by Functional Software Inc. go to: link.
• Booksy - an application for ordering appointments to our beauty salon. Ordering appointments in the beauty salon is done through an external application Booksy, in which you must first register. Booksy acts as a controller of your personal data, processing data such as: name, surname, email address, phone number. Booksy uses your data for the purposes of ordering services, advertising, marketing and profiling users for such purposes.
  In the case of ordering a visit to our beauty salon, Liftone Sp. z o.o. is the controller of the data entrusted within the framework of making a booking, while Booksy International Sp. z o.o. is the processor.        
  You can find detailed information about the processing of personal data by Booksy here: https://booksy.com/pl-pl/p/privacy and the terms of use of the application can be found here:
• Google Analytics and Google Tag Manager – tools that make it possible to collect anonymous statistical data about use of the app (number of launches of the app, movements between tabs, selection of tales on a display, start of a training, the fact of watching the whole video, the fact of recommending the app, as well as the user’s country and region, the operating system, mirror mode, source of music used during training, etc. which serve for collection of knowledge about how the app is used for the purpose of even better adjustment to the needs and development of the app. The said data are anonymous and not associated with any specific user.
  
• Mailerlite and freshmail – your email is provided for the purpose of dispatch of the newsletters ordered.
• Entities providing us with infrastructure supply and technical support services ensuring the functioning of the app, hosting of servers and data transmission. A/m entities or their subcontractors comply with the conditions ensuring data processing security and they process data on the basis of agreements concluded with us and on an instruction from us.

5. Purposes, time and legal basis for data processing
   a) Facegroovin’ – the app

In case of purchase of access to the app via Google Play or Appstore by concluding an agreement for the provision of services by electronic means with the Controller, the user provides first name, e-mail address or data interlinked with Facebook, Google or Apple app.

Data provided by the user in connection with the conclusion of an agreement for the provision of services by electronic means with the Controller, are processed for the purpose of the performance of the agreement - ensuring a possibility to use the app and the services provided with the use of the app (Article 6 Par. 1 (b) GDPR) and billing for the services provided (Article 6 Par. 1 (c) GDPR).

Data provided in connection with setting up an account in the Facegroovin’ app and while using it will be processed for the period of realization of the agreement for the provision of services by electronic means on the user’s device and in the app on the Facegroovin’ server, and subsequently for a period not longer than 6 months or until the expiration of the period of limitation for claims under the concluded agreement. The Controller will store the documentation with the user’s personal details relating to billings for use of the app for a period of 5 years counting from the end of the financial year in which the tax liability arose.

b) The website Facegroovin’

In case of use of the website, we process the data necessary for proper operation of the website www.facegrovin.com and the data related to inquiries sent to the server, which comprise IP address, server date and time, information about the operating system, the web browser, its version and language settings, the sites from which the customer was redirected, name of the requested web page or file. The data saved in server logs are not associated with any specific person and form only an auxiliary material serving for administration of the app and the server, and they are not disclosed to anyone except the persons authorized to administer the server. For the purposes of smooth operation of the website, its development, analysis of use of the website and adjusting its functionalities to user needs, the website uses cookies, analytical technologies and social media plug-ins, which will be discussed individually.

c) Contact form

In case of contact with the Controller through the contact form, the user provides first name, email address and the inquiry content. Providing personal data is voluntary but necessary to make contact.

Data provided through the contact form are used for the purpose of contact with the user. The legal basis for the processing of such data is consent given by the user (Article 6 Par. 1 (a) GDPR) for contact by means of electronic communication in response to the initiated contact, and our legitimate interests (Article 6 Par. 1 (f) GDPR) in responding to inquiries relating to our services and products. Furthermore, depending on the purpose of contact, the basis may be taking actions towards conclusion of an agreement (Article 6 Par. 1 (b) GDPR). After the contact is ended, the legal basis for data processing is the legitimate interest of the Controller (Article 6 Par. 1 (f) GDPR) in the form of archiving of correspondence for the purposes of demonstrating its course in the future, in particular for the purposes of demonstrating the user’s consent for contact and the defense of any potential user’s claims. Data are stored for the time necessary to respond to inquiries, to keep records of correspondence, when this results from its character, and for the time necessary to ensure the defense of claims.

d) Newsletter and notifications

If the user wants to sign up for newsletter or notifications, the user provides his or her email address by checking the signup option box during registration and using the newsletter signup form. Providing personal data is voluntary but necessary to sign up for newsletter or notifications.

Data provided when signing up are used for the purpose of sending newsletters or notifications containing information and news about care and our new products and services. The legal basis for the processing of such data is our legitimate interest – (Article 6 Par. 1 (f) GDPR), which is the marketing of our own products and services.

Data provided when signing up will be processed for the time of functioning of the service, unless the user explicitly objects by unchecking the box for selection of the option to sign up for newsletter or notifications in the app, clicking on the “Resignation” link in the newsletter or by writing to the address help@facegroovin.com. Nevertheless, resigning from the receipt of newsletter or notifications doesn’t lead to data removal from the Controller’s database. User data will be still stored in the Controller’s system for the time of using the app and for the time necessary for defense of any possible claims relating to sending of newsletter or notifications, in particular for the purposes of demonstrating the consent given by the user, which constitutes the Controller’s legitimate interest (Article 6 Par. 1 (f) GDPR).

The Controller attaches to each newsletter a JavaScript pixel, i.e. a file the size of which is one pixel, which is extracted while opening the newsletter from the Controller’s server. Data acquired as part of this extraction are related to the browser used by newsletter recipient, the click ID that provides information about the email address of newsletter recipient and the IP address of the same. The information is used for the purpose of statistical research on whether newsletters are opened, when they are opened and which links are clicked on. The information can be in technical terms assigned to particular newsletter recipients. Nevertheless, the Controller warrants that he doesn’t observe single users. The Controller uses the analyses of afore-mentioned data only for the improvement of his own products and services through recognition of user habits and for the adjustment of the content to their needs. The legal basis for the processing of such data is the legitimate interest of the Controller (Article 6 Par. 1 (f) GDPR), which is the marketing of our own products and services.

e) Making appointments in the beauty salon

When you book appointments with our beauty salon we process your: name, surname, email address, mobile phone.

The legal basis for the processing of such data is taking actions to order a service (Article 6 Par. 1 (b) GDPR). Data will be stored for the time necessary to perform the service, demonstrate its proper performance and for the time necessary to ensure the defense of claims.

6. Server logs

Use of the app or of the website is connected with a transmission of technical data to the server on which the app is stored and with recording them in the server logs. Logs are recorded and stored on the server.

Logs contain among others: time of using the app or the website, the functions in use, customer station data, technical data of the connection, information about errors occurred during the performance of the service.

The above data are used only for the purposes of administration of the app or the website. The content of such data is not disclosed to anyone except the persons authorized to administer the app and the server.

7. Data recipients and processors

The User’s data may be processed by subcontractors of the Controller, i.e. entities the Controller uses to process data and provide services for the benefit of the User, namely:

• Netizens Sp. z o.o. Maintenance, security and support services for Facegroovin’ app;
• CLOUD4YOU sp. z o.o., address: Poleczki 23 02-822 Warszawa – provision of server infrastructure;
• Netia SA, address: Poleczki 23 02-822 Warszawa – provision of infrastructure in Datacenter Netia for Cloud4You servers;
• Support Online sp. z o.o., address: Poleczki 23 02-822 Warszawa – providing server support services and ensuring security for server access infrastructure;
• Google Ireland Limited Gordon House, Barrow Street Dublin 4, Ireland – for the purpose of using Google, as part of G-Suite package, including the possibility to download the app, log in to the app and the services: Google Analytics, Google Search Console and Google Tag Manager ;
• Facebook Ireland Ltd. 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland – for the purpose of logging in to the app, using statistical and marketing services of the tool “pixel” of the social networking site Facebook and for the purpose of using the Instagram;
• Apple Distribution International Limited Hollyhill Industrial Estate Hollyhill, Cork Ireland – for the purpose of providing the possibility to download and log in to the app;
• Spotify AB Regeringsgatan 19 111 53 Stockholm – for the purpose of integration with the website and providing the possibility to use music through access to Spotify account;
• Booksy International sp. z o. o., Łucka 2/4/6 Street, U 4, 00-845 Warsaw, KRS: 0000515914, NIP 9512381607, rodo@booksy.com - to make reservations for appointments at the surgery, change them, receive reminders and pay for them.
• OneSignal 2850 S Delaware St #201, San Mateo, CA 94403, the United States – for the purpose of sending notifications;
• Mailerlite Mindaugo str. 1A-57, LT-03108 Vilnius, Lithuania and Freshmail Al. 29 Listopada 155 c 31-406 Kraków – for the purpose of sending newsletters;;
• Functional Software Inc. 132 Hawthorne Street, San Francisco, CA 94107– the Sentry app for the purpose of logging errors in the app;

• commissioned parties or subcontractors engaged to create and operate the app, to provide technical support and administrative support or to perform services for the Controller.

8. Data transfer to third countries and international organizations

User data being processed in relation to the app will not be transferred outside the area of the European Union to third countries, and if this situation occurs they will be transferred only to areas where user’s rights are protected in accordance with the principles laid down in GDPR, mostly to processors providing technologies that support the app, who apply data protection mechanisms consistent with GDPR, including the approved standard contractual clauses.

Due to the use of Google service, including analytical apps, “pixel” tool of the social networking site Facebook and the Apple app, the User’s data may be transferred to the United States of America (USA) in relation to their storage on American servers.

The companies: Apple, Google and Facebook process the personal data entrusted by data exporters based on Standard contractual clauses approved by EC and thus guarantee an appropriately equivalent level of data protection, as required under the provisions of the European Union law.

9. User’s rights:

Users have the following rights:

1. the right of access to their data, i.e. to obtain a confirmation whether the personal data concerning him or her are being processed,
2. the right to data rectification, i.e. to request for rectification of any personal data concerning him or her being incorrect,
3. the right to request for erasure of his or her personal data,
4. the right to request for restriction of his or her personal data,
5. the right to object to data processing,
6. the right to data portability.

The scope of each of a/m rights and the situations in which they can be used is determined by the general binding legal regulations, in particular the GDPR.

To receive answers to questions concerning the protection of personal data or the exercise of a/m rights you may contact the Controller via the electronic mail address help@facegroovin.com..

10. The right to withdraw the consent

If data are processed based on the User’s consent, the User has the right to withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal. 

11. Lodging a complaint with the supervisory authority

The User has the right to lodge a complaint with the supervisory authority engaged with the protection of personal data, when he or she considers that the processing is in breach of the legal regulations and the controller fails to react properly to his or her requests. At the address: https://uodo.gov.pl/pl/83/155 the User may find information how to lodge a complaint with the President of the Office of Personal Data Protection.

COOKIES, SOCIAL NETWORKING TOOLS AND SERVER LOGS

1. What are cookies?

1. The website Facegroovin’ uses first-party cookies and third party cookies. Cookies are small text files sent by web server and stored by browser’s computer software. When browser reconnects the page, the site recognizes type of the device from which user makes the connection. Parameters allow reading the information they contain only to the server that created them. Cookies facilitate the use of previously visited sites. The information gathered in them concern IP address, type of used browser, language, type of operating system, provider of internet services, information on time and date, approximate location and information sent to the site via the contact form.
2. The data collected serve for monitoring and checking how users use the website, so as to improve the functioning of the site, ensuring more effective and trouble-free navigation. We monitor user information using Google Analytics tool, which records user behavior on the page. Cookies identify users, which makes it possible to adjust the site content used by them to their needs. Memorizing user preferences, they enable appropriate matching of the ads addressed to them. We use cookies to guarantee the highest standard of comfort of our service and the data collected are used only for the purpose of optimization of actions.
3. Two elementary types of cookies are used within the Website: session cookies and persistent cookies. Session cookies are temporary files, which are stored until logging out of the website (by going to another internet site, logging out or shutting off the web browser. Persistent cookies are stored on the User’s terminal equipment for the time specified in cookies parameters or until the User removes them.ą w urządzeniu końcowym użytkownika do czasu ich usunięcia przez użytkownika lub przez czas wynikający z ich ustawień.
4. On our sites we use the following cookies:

1. “strictly necessary” cookies which make it possible to use the services available on the website, e.g. authentication cookies used for services that require authentication within the website.
2. cookies which serve for the provision of security as regards the authentication within the website;
3. “performance” cookies which make it possible to collect information on how internet pages of the website are used;
4. “functionality cookies” which make it possible to “remember” settings chosen by the user and to personalize the user interface, e.g. as regards chosen language or region, from which the user comes, font size, appearance of internet site etc.;
5. “advertising cookies” which make it possible to provide users with advertisements whose content is more adjusted to their interests.

5. The User may manage cookies settings using a web browser. The majority of currently available web browsers provide general information about cookies, make it possible to see what cookies the user has, to remove them all or each of them individually, as well to block or authorize cookies for all internet sites or those selected individually. In addition, it is usually possible to disable advertising cookies of third parties. Remember that once cookies are removed or disabled certain or all visited internet sites (of their functions) may not work properly or so effectively.
6. Adjusting cookies settings using a web browser, except for removing or disabling each cookie separately, will cause that the changes apply to all visited internet sites, not just on this one. Remember that once cookies are removed or disabled certain or all visited internet sites (of their functions) may not work properly or so effectively. 
7. Information concerning settings of web browsers is provided in browser menu (help) or on the website of its manufacturer.

More detailed information about cookies is available at the website ciasteczka.org.pl..

2. What technologies are used by the website?

1. Google Analitics

The website uses analytic cookies of the tool Google Analytics on the basis of the Controller’s legitimate interest (Article 6 Par. 1 (f) GDPR), which consists in making statistics and analyzing them for the purpose of its optimization.

A cookie of Google Analytics generates the following information concerning the use of that internet site: browser type/version, the operating system in use, URL address (of the website previously visited), IP address, time of sending an inquiry to the server.

Google Analytics automatically gathers information about use of the website. The Controller uses the function of user’s IP address anonymization before forwarding it (the so-called IP masking). Google Analytics anonymizes the address as soon as technically feasible, at the earliest stage of the data collection network. After the IP anonymization it’s no longer possible to interlink the IP address with the user.

Information generated in cookies is sent to the Google server in the USA and stored there. An anonymized IP address is not interlinked with other Google data. Such information is also provided to third parties, if required by law or if third parties process the data to order.

Google Analytics removes its statistical data after 24 months. Reports drawn up on the basis of Google Analytics contain no reference to person.

The user may find more information concerning data processing by Google Analytics at the address: https://support.google.com/analytics/answer/6004245 

The User may disable the activity measured by Google Analytics by installing a website plug-in, which is available at the address: https://tools.google.com/dlpage/gaoptout 

2. Google Search Console (GSC)

We are using the platform Google Search Console, a tool intended for checking of website status, its visibility and optimization. We perform actions in this scope basing on our legitimate interest in the form of optimization of our internet sites (Article 6 Par. 1 (f) GDPR). This lets us monitor a site, its status of indexing by Google search engine and optimize its visibility in the web. Thanks to this, we obtain information about state of the website, its positioning, we may troubleshoot for errors occurring on the website, browse statistics of indexing by Google crawlers, analyze internal and external links to the website, eliminate defective links, analyze visibility of the website according to various key words, number of views, number of clicks, to receive notifications in case of virus infection or errors on the website. GSC performs its activity using data not interlinked directly with specific user visiting the website.

For more information about the functioning of Google Search Console go to: link.

3. Google Tag Manager

We are using the tool Google Tag Manager provided by Google Ireland Limited. With the use of Google Tag Manager we control our advertising campaigns and your use of our sites. We perform actions in this scope basing on our legitimate interest in the form of marketing of own products and services and optimization of our internet sites (Article 6 Par. 1 (f) GDPR).

By the occasion of visits on our website, a Google cookie is automatically saved on your device, which file with the help of a pseudonymized ID and based on the sites you visit makes it possible to display interest-based advertisements, control their effectiveness and other actions relating to the control of your behavior on the website.

Further data processing takes place only when you authorized Google to connect the browsing history and use of the app with your account and to use information from your Google account to personalize the ads displayed on internet sites. If in this case during your visit on our website you are logged in to your Google account, Google will use your data together with Google Analytics data to create and define a list of target groups for remarketing purposes on various devices. For this purpose Google temporarily connects your personal data with Google Analytics data to create target groups.

You may deactivate the cookies used for remarketing in your Google account settings: https://adssettings.google.com. Furthermore, in cookies settings from the level of our website you may disable the use of cookies for remarketing purposes.

If you are interested in the details of data processing as part of Google Tag Manager, we encourage you to read Google privacy policy: https://policies.google.com/privacy.

4. Google Maps

On our website we are using Google Maps by Google Inc. Google Ireland Limited to specify our locations and make it easier to determine the route to our locations. When you are using Google Maps, your data are transmitted to Google and stored on Google servers.

Google maps is an internet map service provided by Google. Thanks to Google Maps you can search accurate locations of cities and addresses, monuments, accommodation facilities or businesses in the Internet with the use of a computer, tablet or app. If businesses are presented in Google My Business, apart from location you are provided with additional information about the business. In order to show the road to the target, map fragments of a given location can be integrated with the website using HTML code.

For Google Maps to be able to offer full services, your business must register and store data about you. They include the passwords entered, your IP address, as well as, depending on your device settings, approximate or accurate geographical coordinates. If you are using the route planning function, the initial address entered will be also saved. Data are stored within the Google Maps website. We have no influence on it, we may only inform you about it. Since we have integrated Google Maps with our website, Google places at least one cookie (name: NID) in your browser. That cookie stores data relating to user behavior. Google uses such data mostly to optimize its own services and provide personalized ads.

Google stores some data for a specified period of time. In case of other data, Google offers only an option of manual removal. The company anonymizes also information (such as advertising data) in server logs, removing part of IP address and information from cookies after 9 or 18 months.

Thanks to automatic removal of the data concerning location and activity, made available in 2019, information about location and activity in the web / app - depending on your decision - is stored for 3 or 18 months, and then erased. The said data can be manually erased from the history with the use of Google account. If you want to completely disable registration of your location, you must pause the session “Web & App Activity” on Google account. Click on the option Data and personalization and then click on the option Activity controls. Here you can turn activities on and off. You can also deactivate, remove or manage single cookies in your browser.

If you are interested in the details of data processing as part of Google Maps, we encourage you to read Google privacy policy: https://policies.google.com/privacy.

5. Facebook Pixel

The website Facegroovin.com is using the so-called Facebook pixel on the basis of the Controller’s legitimate interest (Article 6 Par. 1 (f) GDPR), which consists in making statistics and analyzing them for the purpose of optimization of marketing activities and marketing of own products and services.

Facebook pixel in administered by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Facebook joined the program Privacy Shield and uses the approved standard contractual clauses and thus guarantees proper level of personal data protection, as required by the provisions of the European Union law.

Facebook pixel collects information whether the user of an internet site is registered in Facegroovin’ app.

In addition, with the pixel’s help, Facebook may designate visitors of an internet site as a target group of advertisements - the so-called “Facebook-Ads”. Facebook pixel is installed on the website, so that Facebook-Ads could be displayed only to the Facebook users who showed interest also in the Controller’s online offer or who are characterized by certain traits (e.g. interests in specific subjects or products, determined on the basis of visited internet sites), which the Controller send to Facebook – the so-called Custom Audiences. With the use of Facebook pixel the Controller wants to ensure that Facebook-Ads correspond to the potential interest of users.

Facebook pixel helps the Controller analyze efficiency of advertisements on Facebook for the purposes of statistical and market research, when he can see whether users after clicking on a Facebook ad were redirected to the Controller’s website - the so-called Conversion.

Facebook Inc. is an individual controller of the website user’s personal data, who processes the website user’s personal data regardless of the Controller’s purposes and legal basis for processing. Facebook Inc. will process the website user’s data depending on the Facebook terms read by that user and the consents given to Facebook.

The User may prevent his or her data from being gathered by Facebook pixel on the website by changing browser settings (see point 3 below).

6. Social networking tools.

On our internet sites we are using plug-ins and other social networking tools made available by social media sites such as Facebook or Instagram. The legal basis for use of plug-ins is Article 6 sec. 1 (f) GDPR.

There are Facebook icons on the website with links to service providers’ plug-ins. Clicking on them results in direct connection with servers of social networking site administrators (service providers). If you don’t click on the icons, the plug-ins are still inactive and as long as they are not clicked on they don’t transmit any data to providers of the sites..

The plug-in content is directly transmitted by a given service provider to your browser and is integrated with the website. Thanks to this integration, service providers receive information that your browser has displayed our website, even if you don’t have your profile on the site of a given service provider or you are not currently logged in. Such information (together with your IP address) is sent by your browser directly to a given service provider’s server (some servers are located in the USA) and stored there.

If you have logged in to one of the social networking sites, the service provider will be able to directly assign a visit on our website to your profile on a given social networking site.

If you are using a plug-in, e.g. by clicking on the button “Like” or “Share”, relevant information will be also sent directly to the server of a given service provider and will be saved there.

Furthermore, the information will be published in a given social networking site and will be visible for persons added as your contacts. The purpose and scope of data gathering and their further processing and use by service providers, as well as the possibility to contact and your rights in this regard and the possibility to make settings ensuring the protection of your privacy are described in privacy policies of particular service providers.

•        Facebook – https://www.facebook.com/legal/FB_Work_Privacy,

•        Instagram – https://pl-pl.facebook.com/help/instagram/196883487377501.

We don’t have any influence on the data being gathered and the data processing processes and we don’t know the full scope of data gathering, the purposes of processing and storage periods. We are not in the possession of information about the removal of data gathered by plug-in supplier. Plug-in supplier records the data collected in the form of user profile and uses them for advertising purposes and for the purposes of market research or optimization of his internet site in respect of user’s preferences.

Such analysis (comprising also the users not logged in to the service of plug-in supplier) is carried out to tailor ads to user interests and to inform other social networking site users about activities on our website. The user has the right to object to the creation of such user profiles, whereas in order to exercise this right he or she should contact the plug-in supplier.

Through the use of plug-ins we offer users a possibility to interact with social networking sites and with other users, which lets us improve our offer and make it more attractive for the user.

If you want social networking sites to assign the data collected during visits on our website directly to your profile on a given site, you must log out of that site before visiting our website. You can also completely disable loading of plug-ins on the website by using appropriate extensions for your browser, e.g. disabling scripts.

7. Links to third party sites, embedded content of other sites.

Links to third party sites can be used on our internet sites. Liftone Sp. z o.o. is not in control of any such site and is not liable for the processing of personal data there. Please read the privacy policies posted thereon before using any such site and before providing any personal data.

On our internet sites we are also using embedded content of other sites, e.g. Google Maps. Use of materials embedded on the website involves a transmission of data such as your IP, data of the device you are using, operating system, web browser, etc. to the websites of providers of such materials, same as use of any such website.

4. Server logs

Using the website is connected with a transmission of inquiries to the server on which the website is stored and with recording them in the server logs. Logs are recorded and stored on the server.

Logs contain: time of receipt of an inquiry, time of responding; name of customer’s station; information about errors that occurred during the realization of http transaction; URL address of the website visited by the user, when the website was entered through a link; information about user’s browser , its language and version, information about the operating system and its interface; IP address.

SAFEGUARDING YOUR PERSONAL DATA

We make every endeavor to ensure security of the processed personal details.

We are using, among others, the following measures to ensure data security:

• safeguarding data against unauthorized access,
• safeguarding data against being taken by an unauthorized person, manipulation, damage or destruction,
• we allow only persons having an authorization issued by us to process personal data,
• carrying out checks to ensure that personal data are processed correctly and keeping records of the persons authorized to process personal data,
• making sure that the persons authorized to process such data or the processors acting for us keep them in secret, also after implementation of the Service,
• keeping the documentation required by law describing how the entrusted personal data are processed and the technical and organizational measures that ensure the protection of such data processing,
• ensuring that IT and telecommunication systems and equipment used for the processing of personal data are secured in accordance with the standards adopted in the industry. Our infrastructure is located in data processing centers that use the highest security standards, and connections with remote users, including with user apps, are properly secured and encrypted.

CHANGES TO THE PRIVACY POLICY

This Privacy Policy can be changed, when the need or obligation to make changes results from the development of app functionalities, technological progress, amendments to relevant legal regulations or changes in the scope of data processing by the Controller.

This Privacy Policy was published on: 01 June 2021.