Respecting your rights as personal data subjects, and respecting the applicable law regulations, in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, we pledge to maintain the security and confidentiality of the personal data which we have obtained from you.
The controller of the Personal Data on the website under the address www.testportal.net, along with the websites which are related to it, hereinafter referred to as the Website, is Testportal spółka z ograniczoną odpowiedzialnością, with its registered office in Babimost, Poland, European Union, under the address Szewska 9, 66-110 Babimost, entered into the register of entrepreneurs of the National Court Register kept by the District Court in Zielona Góra, VIII Commercial Division of the National Court Register, under the number 0000512302, NIP (Tax Identification Number) 9731017273, REGON (National Business Registry Number) 081208720.
1. We collect the following personal data on our Website:
a) the data necessary for registering a User and for creating an Account – an e-mail address, password, name and surname, country of origin, time zone, type of entity (an individual user/a company). Such data is required for the correct configuration of an Account and for establishing contact with a User if need be,
b) data required in case of providing services to a User or to a Respondent, the catalog of which, depending on the service provided, or on the nature of an online Test, may change – this can be, e.g. residence or stay address, date of birth, PESEL (Polish citizen identification) number, age, sex, NIP (Tax Identification Number), phone number, education, profession, and the data contained within the online Tests,
c) data required to proceed with the complaint process – name and surname, as well as a User's or Respondent's e-mail address, the device's IP address, NIP (Tax Identification Number) - which we require from entrepreneurs and from those requesting an invoice and who have a NIP number,
d) information resulting from the general principles of Internet connections, such as an IP address (as well as other information contained within the system logs), which is used by the Website administrator for technical purposes. IP addresses may also be used for statistical purposes, this including in particular the collection of general demographic information (e.g. regarding the region from which the connection is made),
2. Providing the data mentioned above is necessary in cases specified therein, this including in particular:
a) in order to use the services which are offered on our Website,
b) in order to reply to your questions and to make it possible to get in touch via e-mail,
c) in order to proceed with voluntary registration (setting up an Account) on our Website; in such a situation, we store the data you have provided in order to make it easier for you to use the services available on our Website in the future until you deregister (delete your Account),
4. The personal data of the Users is processed by our company as the Personal Data Controller in order to proceed with the implementation of the services which we render for you (i.e. the persons whom the data concerns), and which are offered within the scope of the Website. Pursuant to the data minimization principle, we process only those personal data categories which are necessary to achieve the goals which have been discussed in the preceding sentence.
5. In relation to the personal data of the Respondents, the Controller is the entity processing the personal data on the basis of an agreement concluded with the User. In such a case, the Controller of the data is a User who is collecting data via online Tests. The Data Processing Agreement is available here.
7. We process the personal data for a period necessary to achieve the objectives mentioned in par. 1 and 2 above. Personal data may be processed for a longer period of time in case if such a right or obligation is imposed on us as the Controller, results from specific legal provisions, or from the Controller's legitimate interest specified in par. 9 let. c below (i.e. for the period of the termination of the claims, or the completion of the relevant proceedings, if these were started within the limitation period).
8. The source of the personal data processed by the Personal Data Controller are the persons the data concerns.
9. The following are the bases for the processing of your personal data:
a) art. 6 par. 1, let. b of the GDPR, i.e. the indispensability of the performance of the agreement, of which you are a party of, or to take action as per your request prior to concluding a contract, or
b) art. 6 par. 1 let. C of the GDPR, i.e. the necessity of fulfilling the legal obligations of the Controller, or
c) art. 6 par. 1 let. f of the GDPR, i.e. the legitimate interest of the Controller, which is the determination, investigation, or the defense of the claims until their expiration, or until the relevant proceedings are completed, if these have been initiated within this period, or
d) art. 6 par. 1 let. a of the GDPR, i.e. Your approval of the processing of the personal data for specific purposes, when any other legal grounds of the processing of personal data are not applicable.
10. The personal data is transferred by us to a third country, i.e. to the United States of America (Twilio Inc. and Zendesk Inc.) under the provisions of the GDPR. In a case when the personal data is transferred to a third country, or to an international organization, you will be notified about this fact in advance, and the Controller will apply the safeguards which have been mentioned in Chapter V of the GDPR.
11. We do not make any personal data available to third parties without the explicit consent of the person whom the data concerns. Without the consent of the person whom the personal data concerns, this data can be made available only to the bodies which are governed by public law, i.e. to the authorities and to the administration (e.g. tax authorities, law enforcement authorities, as well as to other entities which are authorized by the generally applicable provisions of the law).
12. In the case of the occurrence of the "like" button, or any other links, as part of the Applications to the Controller's accounts in social media, within the scope of data regarding in particular the IP or the Internet browser's identifier, in case the Controller uses any of the following products:
a) Facebook (e.g. Facebook, Messenger, Instagram) - the above data is processed on the basis of joint administration principles along with Facebook Ireland Ltd., with its registered office at the following address: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland,
b) Google (e.g. YouTube, Maps) - the above data is processed on the basis of joint administration principles along with Google Ireland Ltd., with its registered office at the following address: Barrow St, D04 E5W5, Dublin, Ireland (Google Building Gordon House).
c) LinkedIn - the above data is processed on the basis of joint administration principles along with LinkedIn Ireland Unlimited Company, with its registered office at the following address: Gardner House, 2 Wilton Place, Dublin 2, Ireland.
d) Twitter – the above data is processed on the basis of joint administration principles along with Twitter International Company, with its registered office at the following address: The Academy, 42 Pearse Street, Dublin 2, Ireland.
If, in the cases which have been described in this paragraph, there would be any transfer of personal data to third parties, this is done on the terms and conditions defined in par. 10.
13. The personal data may be entrusted for processing to the processors of such data on the behalf of our company as the Personal Data Controller. In such a situation, as the Personal Data Controller, we conclude an entrustment agreement with the processor for the processing of personal data. The processor processes the entrusted personal data only for the purposes, within the scope, and as per the goals indicated in the entrustment agreement, which has been referred to in the preceding sentence. Without entrusting your personal data for processing, we would not be able to proceed with our activities as a Website. As the Personal Data Controller, we entrust personal data to the following entities for processing:
a) those providing hosting services for the webpage our Website functions on,
b) those providing other services to us - services which are necessary for the continuous operation of the Website.
14. The personal data is not profiled by us as the Controller under the provisions of the GDPR.
15. Under the provisions of the GDPR, each person whose personal data we are processing as the Personal Data Controller, has the right to:
a) be informed about the processing of the personal data referred to in art. 12 of the GDPR,
b) have access to their personal data referred to in art. 15 of the GDPR,
c) correct, supplement, update, or rectify the personal data referred to in art. 16 of the GDPR,
d) delete the data (the right to be forgotten), referred to in art. 17 of the GDPR,
e) limit the processing referred to in art. 18 of the GDPR,
f) transfer the data referred to in art. 20 of the GDPR,
g) object to the processing of the personal data, which is referred to in art. 21 of the GDPR,
h) in the case of the legal basis referred to in par. 9 let. d above – the right to withdraw the consent at any time without any influence on the compliance with the processing right, which has been made on the basis of the consent prior to its withdrawal,
i) not be the subject of profiling, referred to in art. 22, in conjunction with art. 4 par. 4 of the GDPR,
j) lodge a complaint with a supervisory body (i.e. the President of the Personal Data Protection Office), referred to in art. 77 of the GDPR,
taking into consideration the principles of using and implementing these authorizations resulting from the provisions of the GDPR.
16. If you would like to exercise your rights referred to in the preceding paragraph, please use the correct tabs on the Website, which will allow you to delete your account and the data stored on our Website, or please send an e-mail message, or write to the correspondence address referred to in par. 18 below.
17. Any inquiries, requests and complaints regarding the processing of the personal data by the Controller, hereinafter referred to as the Requests, should be sent to the following e-mail address: firstname.lastname@example.org, or to email@example.com.
18. The content of such a Request should clearly indicate the following:
a) the data of the person or persons whom the notification concerns,
b) the event which is the reason for submitting the Request in question,
c) your requested action and the legal basis for the request,
d) the expected method of resolving your request.
19. Each identified security breach is documented, and in case any of the situations described in the provisions of the GDPR of the Act occurs, the persons such data regards are notified about a breach of the provisions of personal data protection, and – if this is applicable – the President of the Personal Data Protection Office is informed about this as well.