1. General Provisions

1. General Provisions

1.1. This Privacy Policy is addressed to Users and other individuals who use the Web application available at hubeg.com (hereinafter application), who conclude service sale agreements with the Controller as part of their business operations or professional activities (B2B transactions).

1.2. The Policy determines the rules of collecting and processing personal data obtained by the Controller both at the stage of account registration in the application and use of application functions, and at the stage preceding the above activities.

1.3. The Policy is also applicable to the processing by the Controller of personal data of individuals who follow the Controller's profile at facebook.com and twitter.com, and in case of persons interested in being employed by the Controller – also at linkedin.com.

2. Personal Data Controller

The controller of personal data is CLINBIT Spółka z ograniczoną odpowiedzialnością, ul. Mogilska 35, 31-545 Kraków, KRS (National Court Register): 0000716258, NIP (tax identification number): PL6762544279. Controller's other contact details: e-mail: [email protected].

3. Legal Basis of Personal Data Processing

3.1. Your personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter GDPR).

3.2. The legal basis of personal data processing by the Controller is:

1. your consent (Article 6(1a) of GDPR);
2. the need to perform agreements concluded by you and the Controller and to take action prior to the conclusion of these agreements upon your request (Article 6(1b) of GDPR);
3. processing is necessary for the fulfilment of a legal obligation of the Controller (Article 6(1c) of GDPR),

3.3. You give your personal data based on items a and b voluntarily. However, your refusal to provide this data will make it impossible for you to use the application and services rendered by the Controller in an electronic form.

3.4. Your personal data may be processed in relation to a legitimate interest of the Controller for the purpose of securing and asserting claims and for direct marketing of services rendered by the Controller, e.g. via a newsletter (Article 6(1f) of GDPR).

4. Purposes and Scope of Personal Data Processing

4.1. The personal data you provide will be processed:

1. for the purpose and in the scope necessary in relation to the conclusion and performance of the agreement or to take action upon your request prior to the conclusion of the agreement (e.g. making an enquiry about an application via a contact form),
2. for the purpose of fulfilling a legal obligation of the Controller (arising out of the provisions regarding e.g. accounting and tax provisions),
3. for purposes arising out of legitimate interests of the controller (i.e. securing and asserting claims, marketing of own products and services),

4.2. In relation to the pursuing of the above objectives of data processing, the Controller will, in particular, process the following personal data of Clients (application Users): company name, first and last name of contact, e-mail address, telephone number, NIP (tax identification number), registered address or mailing address. The Controller will also process cookies and IP.

4.3. In relation to the performance of an agreement with the Client, the Controller will also process the following personal data of persons admitted by the entity to use the application (e.g. employees): first and last name, telephone number, e-mail address, IP, and cookies.

4.4. In relation to the performance of an agreement with the Client, the Controller will also process the data of persons who do exercises (i.e. persons who use the services of the Controller's Client). The scope of data processing depends on the person who enters data in the application, i.e. Client or Controller's authorized employee. It may include, in particular, first and last name, telephone number.

4.5. In the cases referred to above in sections 4.3 and 4.4., the Controller is bound by a personal data processing agreement with the Client in which the Controller is the Processor as referred to in Article 4(8) of GDPR.

5. Making Personal Data Available

5.1. Your personal data will be made available to the competent state authorities or third parties if such an obligation arises out of generally applicable provisions of law.

5.2. For the purpose of the proper performance of services, the Controller may make your personal data available to an entity which serves electronic or credit card payments, to a bank which keeps the Controller's bank account for the purpose of enabling payment for service, or to an accounting company. The Controller may also make your personal data available to entities which provide hosting services and entities from the IT industry which support the Controller in the proper performance of service, such as SMS gateway operator, entity providing e-mail services to the Controller, and entity providing technical support for the application.

5.3. The Controller processes personal data originating directly from you (data subjects). In the case of employees or persons providing services to the Controller's Clients pursuant to civil law contracts, your data may come from these Clients.

6. Data Protection

6.1. The Controller is obliged to protect your data collected when using the application, in accordance with applicable provisions and highest security and data protection standards.

6.2. The Controller will ensure personal data security thanks to the implemented technical and organizational measures which are aimed at preventing unlawful data processing and accidental loss, destruction and damage. The Controller will use every measure to make personal data:

1. correct and processed legally,
2. obtained only for specific purposes and will ensure that it will not be processed further in a way which is in contrast to these purposes,
3. adequate, proper and non-excessive,
4. accurate and up-to-date,
5. ensure that it will not be kept longer than necessary,
6. processed with the observance of the rights of data subjects, including the right to restrict disclosure,
7. kept safe,
8. not transferred without adequate protection.

6.3. Personal data filing systems are protected against third party access. Only the persons authorized by the Controller, trained in personal data protection and obliged to keep your personal data secret will be admitted to process your personal data.

6.4. Personal data collected for the purpose of the conclusion or performance of an agreement or fulfilment of the Controller's legal obligation is stored for a period necessary to: (1) secure or assert any claims arising out of the agreement, (2) perform the agreement (e.g. process complaints), (3) fulfil the Controller's legal obligation (e.g. arising out of accounting and tax provisions). Personal data is processed for marketing purposes and other purposes not mentioned above. It will be processed until withdrawal of the consent to the processing for this purpose or until objection is made. Data of employees and persons who do exercises will be processed for a limitation period of claims under the basic relationship between the Client and the Controller or until its independent removal from the application by the Client or another authorized person.

7. Rights

7.1. You have a right to request that the controller give you access to personal data, to have the data rectified, removed or its processing restricted, the right to transfer data, and the right to object to processing as well as the right to transfer data. You have a right to withdraw your previous consent to personal data processing at any time.

7.2. You have a right to obtain the following information from the Controller:

1. about the purpose, scope and method of personal data processing,
2. date from which your data is processed,
3. the source of your data,
4. recipients or categories of recipients to whom data is disclosed.

7.3. Furthermore, the Controller will, upon your request, complete, update and correct your personal data and suspend (temporarily or permanently) its processing or will delete this data if your data is incomplete, outdated, incorrect or has been collected with the breach of the act of law or is redundant for the purpose for which it has been collected.

7.4. Apart from that, in case your data is processed by the Controller for the purposes of direct marketing, you have a right to object, at any time, to personal data processing for marketing purposes, including profiling, in the scope in which such processing is related to direct marketing. In order to exercise the rights referred to in the preceding section, you are required to send the relevant request to the Controller via e-mail.

7.5. You have a right to complain to a supervisory authority if you find that the processing of personal data breaches the applicable provisions.

8. Change of Data

Should your personal data change, you are requested to update it on your own in the user account or notify the Controller of this fact via telephone or letter sent to the company's registered address or via e-mail to the Controller's address.

9. Cookies

9.1. The Controller declares that it uses cookies.

9.2. Cookies are files with information sent by the server and saved on your device (e.g. computer hard drive or telephone memory).

9.3. Data obtained using cookies does not allow the Controller to identify you but helps determine if the application has been visited using a specific device (which is not synonymous with information on application visitors) and what user preferences have been (what the user finds most interesting in the application).

9.4. The Controller uses internal cookies for:

1. ensuring the proper functioning of the application,
2. statistical purposes,
3. adapting the application to your preferences.

9.5. The Controller may save both permanent and temporary files on your device.

9.6. Temporary files are usually removed upon the closing of the browser but permanent files are not removed when the browser is closed.

9.7. Temporary files are used to identify the User as a signed-in user.

9.8. Permanent files are files which ensure specific functions not only in a given session but throughout the term of their storage on the device. Permanent files are used to collect information on your use of the application, including data on subsites visited by the User and potential errors, to verify the effectiveness of application advertising, to make the functioning of the application more effective using the registration of the occurring errors, to test various variants of application styles, to save User settings regarding user preferences, to show Users that they are logged in to the application.

9.9. The application uses Google Analytics, which uses cookie files saved on your device for the purposes of statistics of traffic in the application and its use.

9.10. For the advertising of the application and its services, the Controller uses on-line marketing and advertising tools. These tools may also use cookies saved on your device.

9.11. Cookies left on your device by the application may be removed at any time in accordance with your Web browser instructions.

9.12. There is an option to block access of cookies to your device by configuring the browser correctly but this may cause incorrect functioning of the application.

9.13. The Controller uses the server which automatically saves the data of the device you use to connect with the application, i.e. device type, browser used, IP of your computer, entry date and time, event description, event qualification, in server logs for the purposes of analyzing the functioning of the IT system.

9.14. Only persons authorized to administer the IT system have access to files with logs. Files with logs are used to create statistics of application traffic and occurrence of errors which make it impossible to identify you.

10. Final Provisions

It may occur necessary in the future to update the rules given in this Privacy Policy. You will be notified by the Controller of each amendment to the content of this Policy. The update of rules will be available on the website where the application is available.