General Data Protection Regulation

The following information constitutes a concise, understandable, and transparent summary of the information provided in the Privacy Policy regarding the Data Controller, the purpose and method of processing personal data, and your rights related to this processing, in the form required to fulfill the GDPR informational obligation. Details regarding the method of processing and entities participating in this process are available in the indicated policy.

Who is the data controller?

The Personal Data Controller (hereinafter referred to as the Administrator) is the company "Radioactive Rat Sp. z o.o.", operating at the address: ul. Jana Kazimierza 17/41, with the assigned tax identification number (NIP): 5272884263, and the assigned KRS number: 0000773763, providing electronic services through the Service.

How can you contact the data controller?

You can contact the Administrator in one of the following ways:

• Postal address - Radioactive Rat Sp. z o.o., ul. Jana Kazimierza 17/41

• Email address - [email protected]

• Telephone contact - +48 668 192 979

• Contact form - available at: /contact

Has the Administrator appointed a Data Protection Officer?

Under Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer.

For matters concerning data processing, including personal data, please contact the Administrator directly.

Where do we obtain personal data from, and what are their sources?

Data is obtained from the following sources:

• from the persons to whom the data relates

What is the scope of personal data processed by us?

The service processes ordinary personal data, voluntarily provided by the persons they concern
(e.g., name and surname, login, email address, phone number, IP address, etc.)

The detailed scope of processed data is available in the Privacy Policy.

What are the purposes of processing data by us?

Personal data voluntarily provided by Users are processed for one of the following purposes:

• Implementation of electronic services:
• Communication of the Administrator with Users regarding matters related to the Service and data protection.
• Ensuring the legally justified interest of the Administrator.

What are the legal bases for data processing?

The Service collects and processes User data based on:

• Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
  • Art. 6 sec. 1 lit. a
    the data subject has consented to the processing of his or her personal data for one or more specific purposes
  • Art. 6 sec. 1 lit. b
    processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract
  • Art. 6 sec. 1 lit. f
    processing is necessary for the purposes of the legitimate interests pursued by the administrator or by a third party
• Act of 10 May 2018 on the protection of personal data (Journal of Laws 2018, item 1000)
• Act of 16 July 2004 Telecommunications Law (Journal of Laws 2004, No. 171, item 1800)
• Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994, No. 24, item 83)

What is the legally justified interest pursued by the Administrator?

• For the purpose of potentially establishing, pursuing or defending against claims – the legal basis for processing is our legitimate interest (Art. 6 sec. 1 lit. f of GDPR) consisting of protecting our rights, including, but not limited to;
• For assessing the risk of potential clients
• For evaluating planned marketing campaigns
• For the implementation of direct marketing

For how long do we process personal data?

As a rule, the indicated personal data is stored only for the period of providing the service within the conducted service by the Administrator. They are deleted or anonymized within 30 days from the end of the service provision (e.g., deletion of a registered user account, unsubscribing from the Newsletter list, etc.)

In exceptional situations, to protect the legally justified interest pursued by the Administrator, this period may be extended. In such a case, the Administrator will store the indicated data, from the time of the request for their deletion by the User, no longer than for a period of 3 years in case of violation or suspicion of violation of the service's terms and conditions by the person to whom the data relates.

Who is the recipient of the data including personal data?

As a rule, the only recipient of the data is the Administrator.

However, data processing may be entrusted to other entities, implementing services on behalf of the Administrator to maintain the activity of the Service.

• Hosting companies, providing hosting services or related services for the Administrator

Will your personal data be transferred outside the European Union?

Personal data is transferred outside the European Union.
The transfer of data outside the EU is due to the use of services from entities located outside the EU borders, or as a result of publication due to the individual action of the User (e.g., posting a comment or entry), which will make the data available to any person visiting the service.
In the case of transferring or entrusting the processing of personal data outside the EU, such data is processed based on an agreement made between the Administrator and the Service Provider.

Will personal data be used for automated decision-making?

Personal data will not be used for automated decision-making (profiling).

What are your rights related to the processing of personal data?

• Right of access to personal data
  Users have the right to access their personal data, which is executed upon request to the Administrator.

• Right to rectification of personal data
  Users have the right to request the Administrator to promptly rectify personal data that is incorrect or/and to complete incomplete personal data, which is executed upon request to the Administrator.

• Right to erasure of personal data
  Users have the right to request the Administrator to promptly erase their personal data, which is executed upon request to the Administrator.
  
  For user accounts, the erasure of data involves the anonymization of data enabling User identification.
  
  In the case of the Newsletter service, Users have the option to independently erase their personal data using the link provided in each email message sent.

• Right to restriction of processing of personal data
  Users have the right to restrict the processing of personal data in cases specified in Art. 18 of the GDPR, including questioning the accuracy of personal data, which is executed upon request to the Administrator.

• Right to data portability
  Users have the right to obtain from the Administrator personal data concerning the User in a structured, commonly used, machine-readable format, which is executed upon request to the Administrator.

• Right to object to the processing of personal data
  Users have the right to object to the processing of their personal data in cases specified in Art. 21 of the GDPR, which is executed upon request to the Administrator.

• Right to lodge a complaint
  Users have the right to lodge a complaint with the supervisory authority responsible for the protection of personal data.