PRIVACY POLICY
Processing of personal data by DBB Software Sp. z o.o.
1. Dictionary:
1.1. Data Controller - DBB Software Sp. z o.o. with its registered office in Cracow (address: aleja Powstania Warszawskiego 15, 31-539 Cracow, Poland) listed in the register of entrepreneurs of the National Court Register (KRS) under KRS number 0000926192, REGON 520168317, NIP 6772469438, tel. +48 694 769 312, email: in@dbbsoftware.com.
1.2. Personal Data – information about a natural person, already identified or identifiable through one or several specific factors determining physical, physiological, genetic, psychological, economic, cultural, or social identity, including image, voice record, contact details, localization data, information included in correspondence, and information gathered with recording or other similar technology.
1.3. Policy – this Policy of processing private data.
1.4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).
1.5. Data Subject – a natural person to whom personal data processed by the Administrator applies, e.g., a person who uses the Administrator’s services or who sends inquiries to them via email.
2. Processing of Personal Data by Data Controller:
2.1. The Data Controller, due to running economic activity, gathers and processes Personal Data in accordance with relevant legal regulations, including GDPR, and follows the principles outlined in these regulations.
2.2. The Data Controller:
2.2.1. Ensures transparency in data processing.
2.2.2. Always informs about data processing at the moment of collection, particularly regarding the purpose and legal grounds of processing, unless exempt under specific regulations.
2.2.3. Ensures that data is gathered only to the extent necessary for a given purpose and processed only for the required period.
2.3. While processing data, the Data Controller ensures its safety and confidentiality and provides data subjects access to information about the processing. If, despite security measures, a personal data protection breach occurs (e.g., "data leak" or loss), and such a breach could pose a high risk of violating legal or individual rights, the Data Controller will inform affected data subjects in accordance with legal regulations.
3. Contact with Data Controller and Data Protection Officer:
3.1. Contact with the Data Controller is possible via email: in@dbbsoftware.com or by mail at: DBB Software Sp. z o.o., al. Powstania Warszawskiego 15, 31-539 Cracow.
3.2. The Data Controller is not required to appoint a Data Protection Officer but has conducted an analysis on this matter.
4. Personal Data Safety:
4.1. To ensure data integrity and confidentiality, the Data Controller has implemented procedures that allow access to personal data only for authorized individuals and only to the extent necessary for their tasks. The Data Controller employs organizational and technical solutions to ensure all operations on personal data are logged and performed only by authorized individuals.
4.2. The Data Controller takes all necessary measures to ensure subcontractors and other cooperating entities also implement appropriate security measures when processing personal data on behalf of the Data Controller.
4.3. The Data Controller conducts regular risk assessments and monitors the adequacy of data protection measures. If necessary, additional security measures are implemented.
5. Purposes and Legal Grounds for Data Processing:
Precontractual Relationships, Contact for Collaboration, Contract Signing and Execution: Personal data is processed to enter into a contract, including identifying the Client, discussing collaboration terms, signing, and executing the contract. Legal basis: Article 6(1)(b) of GDPR.
Client and Partner Relationship Management, Service Provision: Personal data is processed for contract execution, company cooperation with software developers and IT specialists, data exchange, and invoicing. Legal basis: Article 6(1)(b) of GDPR.
Email and Regular Mail Correspondence: Personal data in correspondence is processed solely for communication and resolving related issues. Legal basis: Article 6(1)(f) of GDPR (legitimate interest).
Telephone Contact: If a person contacts the Data Controller by phone regarding non-contract-related matters, the Data Controller may request disclosure of personal data only if necessary to resolve the issue. Legal basis: Article 6(1)(f) of GDPR.
Social Media Profiles: The Data Controller processes data left by users visiting company profiles (comments, likes, identifiers). Processing is for profile engagement, brand promotion, and statistics. Legal basis: Article 6(1)(f) of GDPR.
Processing Personal Data of Employees, Contractors, or Clients: Personal data of persons engaged in contract execution (e.g., contact persons) is processed only to the extent necessary for contract performance. Legal basis: Article 6(1)(f) of GDPR.
Business Contact Data Collection: The Data Controller may collect personal data during business meetings or through business card exchanges to establish and maintain business relationships. Legal basis: Article 6(1)(f) of GDPR.
Contact Forms: Data provided via contact forms is processed to identify the sender and handle inquiries. Legal basis: Article 6(1)(b) of GDPR (contract performance) and Article 6(1)(a) (consent) for optional data.
Invoicing and Billing: Personal data is processed to the extent necessary for invoicing or billing. Legal basis: Article 6(1)(b) of GDPR.
Claims Related to Contract Execution: Personal data is processed only to the extent necessary for claim enforcement. Legal basis: Article 6(1)(f) of GDPR.
6. Data Recipients:
Service Providers: Personal data may be disclosed to IT service providers, accountants, couriers, marketing agencies, and legal advisors.
State Authorities: Personal data may be provided to courts, prosecutors, police, and regulatory authorities as required by law.
7. Data Transmission Outside the EEA:
Personal data is transferred outside the European Economic Area (EEA) only when necessary and with appropriate protection measures. Data subjects are informed at the time of data collection.
8. Data Retention Period:
The data retention period depends on the nature of the service and the purpose of processing. If processing is based on legitimate interest, data is retained until the interest is fulfilled or an objection is raised. If based on consent, data is processed until consent is revoked.
9. Data Subject Rights:
Data subjects have the right to:
Receive information about data processing.
Obtain a copy of their data.
Request correction or deletion of data.
Limit data processing.
Transfer data.
Object to data processing for marketing purposes.
Withdraw consent at any time.
File complaints with the supervisory authority.
10. Requesting Data Subject Rights Execution:
Requests can be submitted via:
Mail: aleja Powstania Warszawskiego 15, 31-539 Cracow.
Email: in@dbbsoftware.com.
Responses are provided within one month. If additional information is needed for identification, processing may be delayed.
11. Changes to the Privacy Policy:
This Policy is regularly reviewed and updated as needed. The current version has been in force since October 12, 2021.
