This privacy policy describes how we process information about you, including personal information and cookies, or “cookies”.

1. Document information

  1. This policy applies to the Website, operating under the url: 10senses.pl and 10senses.com
  2. The operator of the site and the Administrator of personal data is:  10 Senses sp. z o.o. KRS: 0000815355, NIP: 5272912887, REGON: 384918967, ul. Radziwie 5/18, 01-164 Warsaw.
  3. E-mail contact address of the operator: marek.zielinski@10senses.pl.
  4. The service provider is the Administrator of your personal data with respect to the data provided voluntarily on the Website. 
  5. The service provider operates the Website and is responsible for the proper provision of the Website’s Electronic Services. 
  6. The Website performs functions of obtaining information about users and their behavior in the following ways:  
  • Through voluntarily entered data in forms, which are entered into the Operator’s systems. 
  • By storing small files called cookies in the end devices.

2. General provisions

  1. This Privacy Policy of the Website is a measure implemented by the Administrator, the purpose of which is to define the actions taken by the Administrator with respect to the protection of personal data provided to the Administrator by Data Subjects and, moreover, to inform Data Subjects about the procedure in force in an enterprise run by the Administrator for dealing with personal data, including, in particular, the purposes and legal grounds for processing and the categories of recipients to whom personal data processed by the Administrator is further transferred, and the implementation by the Administrator towards Data Subjects of the information obligation arising from the content of Art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119 of 04.05.2016, p. 1, hereinafter referred to as “GDPR”) to the remaining extent. 
  2. The Service Provider shall exercise special care to protect the interests of data subjects, and in particular shall ensure that the data it collects are processed in accordance with the law; collected for specified, legitimate purposes and not subjected to further processing incompatible with those purposes; substantively correct and adequate in relation to the purposes for which they are processed; and stored in a form that allows the identification of data subjects for no longer than is necessary to achieve the purpose of the processing.
  3. This Website privacy policy is for informational purposes, which means that it is not a source of obligations for Website Service Recipients. 
  4. All words, phrases and acronyms appearing on this website and beginning with a capital letter (e.g., Service Provider, Website, Electronic Service) shall be understood in accordance with their definition, contained in the Terms and Conditions of the Website, available on the Website. 
  5. The Service Recipient’s personal data shall be processed in accordance with the GDPR and the Act of May 10, 2018 on Data Protection (hereinafter referred to as the Personal Data Protection Act) and the Act on Provision of Electronic Services of July 18, 2002 (Journal of Laws 2002 No. 144, item 1204 as amended). 

3. Aim and purpose of data processing

  1. In each case, the purpose, scope and recipients of data processed by the Service Provider shall result from the activities undertaken by the Client on the Website.
  2. The Administrator processes personal data concerning the Customer or his representatives for the following purposes: 
  • conclusion and execution of the contract for use of the Electronic Service,
  • performance of obligations under the law, including tax and accounting regulations,
  • the conduct of judicial, arbitration, administrative, judicial-administrative, enforcement and mediation proceedings,
  • documenting contractual relationships for evidentiary purposes for the period of the statute of limitations for claims related to them,
  • conducting direct marketing of services or goods offered by the Administrator, including through e-mail correspondence if its applicable,
  • handling complaints and claims arising from warranty rights.

    3. The Service Provider may process the following personal data of Service Recipients using the Website:

  • the first and last name of the Service Recipient,
  • e-mail address,
  • position of the Service Recipient,
  • business telephone number,
  • Name of the Cooperating Organization,
  • Name of the Branch of the Cooperating Organization

    4. The Service Provider also processes anonymized data, related to the use of the Website (e.g. number of Service Recipients) to generate statistics on the use of the Website. These data are aggregate and anonymous, i.e. they do not contain identifying characteristics of persons using the Website. Details of statistical analysis are described in Section 7 Statistical Analysis.

A. Information on forms

  1. The Website collects information voluntarily provided by the user, including personal information, if provided.
  2. The Website may record information about connection parameters (time stamp, IP address).
  3. The Website, in some cases, may record information to facilitate the association of data in the form with the e-mail address of the user completing the form.
  4. The data provided in the form is processed for the purpose resulting from the function of the specific form, such as registration of services, downloading materials or commercial contact, etc. Each time the context and description of the form clearly informs what it is used for.

4. Indication of Operators’ methods of personal data protection.

  1. The Administrator declares that it has implemented appropriate technical and organizational measures to ensure an adequate degree of security corresponding to the risks associated with the processing of personal data entrusted to it, as referred to in Article 32 of the GDPR. The Administrator shall regularly verify and update its technical and organizational measures so as to ensure an adequate degree of protection for the personal data entrusted to it.
  2. The Administrator declares that, in order to ensure the security of personal data processing, he has implemented a Personal Data Protection Policy. The Personal Data Protection Policy is a measure implemented by the Administrator in accordance with Article 24(1) and (2) of the GDPR, the purpose of which is to introduce in an enterprise run by the Administrator a procedure for handling personal data, based on which their processing by the Administrator will be carried out in accordance with the GDPR.
  3. The Administrator conducts regular audits of its business in the context of the use of personal data of customers and clients using, among others, the GoRODO.pl platform (https://www.gorodo.pl).
  4. The processing of personal data for the purposes indicated above in Section 3, paragraph 3 includes, in particular, their collection, modification, storage, viewing, updating, analysis, and archiving.
  5. Personal data entry sites are protected in the transmission layer (SSL certificate). This ensures that the personal data and login data entered on the site are encrypted on the user’s computer and can only be read on the target server.
  6. Personal data is stored in a database in the service of HubSpot Inc. which uses the following security measures, among others:
  • Two-factor authentication, which is an additional form of protection for logging into the Service
  • Continuous monitoring of the system 24x7x365
  • Performing regular backups
  • Encryption of data using TLS protocols (1.0, 1.1, and 1.2) and 2,048-bit keys
  • Regular audits to ensure compliance with EU-U.S. actual privacy framework, TRUSTe certification for Enterprise Privacy, among others,
  • Data centers ensure compliance with certifications including ISO 27001, SOC2 Type II

(More details on the security measures used by Hubspot Inc. are available at this link: https://www.hubspot.com/security)

    7. The Operator periodically changes its administrative passwords.

    8. In order to protect the data, the Operator regularly makes security copies.

    9. Protection against attacks provided by Jetpack. 

   10. An important element of data protection is regular updating of all software used by the Operator to process personal data, which in particular means regular updates of software components.

5. Hosting

The Service is hosted (technically maintained) on the server of the operator: ovhcloud.com 

6. Additional information regarding the use of personal data

  1. Personal Data concerning the Customer may be transferred to public administration authorities or to other persons or third parties – to the extent that and in cases in which the obligation to make them available is imposed on the Administrator by law. In addition, Personal Data concerning the Customer may also be transferred to entities performing accounting and bookkeeping and legal services for the Administrator under a separate agreement.
  2. Personal data concerning the Customer will be kept by the Administrator for the following period:
  • in the case of personal data for which the legal basis of their processing by the Administrator is the fact that it is necessary for the proper performance of the contract – until the statute of limitations for claims arising from the contract, 
  • in the case of personal data in relation to which the basis for their processing by the Administrator is the fact that it is necessary for the proper performance of the contract – until such time as that basis for processing has fallen away, in particular, until the statute of limitations for the Administrator’s claims and the Service Recipient’s claims arising from the legal relationship between them, the termination of the Administrator’s legal existence, or the final or conclusive determination or adjudication of, or satisfaction or defense of, the claim or other entitlement of the Administrator or the Service Recipient in judicial, arbitration, administrative, court-administrative, enforcement or mediation proceedings,
  • in the case of personal data in relation to which the basis for processing is that it is necessary for the fulfillment of legal obligations incumbent on the Administrator – until such basis for processing falls away, 
  • In the case of personal data processed on a basis of consent, until the revocation of such consent.

    3. Automated decision-making, including profiling for the purpose of providing services under the concluded agreement and for the purpose of direct marketing by the Administrator, may be undertaken in relation to you.

   4. Personal data for the purposes of conducting webinars are collected on the servers of ClickMeeting sp. z o. o., based in Gdańsk, Poland. More information about Clickmeeting’s Privacy Policy can be obtained here: https://clickmeeting.com/pl/legal.

    5. Personal data are stored on the servers of HubSpot Inc. As a first step, they are saved using Google Cloud Platform (GCP) infrastructure in the EU (Frankfurt region, Germany). They may be transferred to the U.S. in accordance with the GDPR directive under the terms of actual transfer framework. For more information, please visit the Privacy Policy page of HubSpot Inc. (https://legal.hubspot.com/privacy-policy) and here (https://knowledge.hubspot.com/account/hubspot-cloud-infrastructure-frequently-asked-questions).

7. Your rights regarding personal data

A. The right to information

  1. The Administrator, when obtaining personal data, shall provide the person from whom the data originated with all of the following information:
  • his/her identity and contact information and, when applicable, the identity and contact information of his/her representative,
  • where applicable, the contact information of the Data Protection Officer,
  • the purposes of processing the personal data, and the legal basis for the processing,
  • information about the recipients of personal data or categories of recipients, if any,
  • when applicable – information about the intention to transfer Personal Data to a third country or international organization,
  • the period for which the Personal Data will be retained and, where this is not possible, the criteria for determining this period,
  • information whether the provision of personal data is a statutory or contractual requirement or a condition for entering into a contract, and whether the data subject is obliged to provide such data and what are the possible consequences of failing to do so.

     2. If the Administrator plans to further process personal data for a purpose other than the purpose for which the personal data were collected, the Controller shall, prior to such further processing, inform the data subject of such other purpose and provide the data subject with any other relevant information.

B. A right to withdraw consent to the processing of personal data

The data subject has the right to withdraw consent to the processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

C. A right to access to personal data

  1. The Data Subject shall be entitled to obtain from the Controller confirmation as to whether Personal Data pertaining to him/her is being processed and, if so, shall be entitled to obtain access thereto and the following information:
  • the purposes of the processing;
  • the categories of Personal Data concerned;
  • information about the recipients or categories of recipients to whom the Personal Data has been or will be disclosed, in particular recipients in third countries or international organizations;
  • where possible, the intended period for which the personal data will be stored, and where this is not possible, the criteria for determining this period;
  • information about the right to request the Administrator to rectify, erase or restrict the processing of personal data, and to object to such processing;
  • information about the right to lodge a complaint with a supervisory authority;
  • if the personal data was not collected from the data subject – any available information about its source; 
  • information about automated decision-making, including profiling as referred to in Article 22 (1) and (4) of the GDPR, and – at least in those cases – relevant information about the principles of such decision-making, as well as the significance and anticipated consequences of such processing for the data subject.

     2. The Administrator shall provide the Data Subject with a copy of the Personal Data. For any subsequent copies requested by the Data Subject, the Administrator may charge a reasonable fee based on administrative costs. If the Data Subject requests a copy by electronic means, and unless the Data Subject indicates otherwise, the information shall be provided by common electronic means. 

D. A right to request rectification or deletion of personal data 

  1. The Data Subject shall have the right to request from the Administrator the prompt rectification of personal data concerning him/her that are inaccurate. Taking into account the purposes of the processing, the Data Subject has the right to request the completion of incomplete personal data, including by providing an additional statement. 
  2. The Data Subject shall be entitled to request from the Administrator the immediate erasure of personal data concerning him/her, and the Administrator shall be obliged to erase the personal data without undue delay if one of the following circumstances occurs: 
  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
  •  the data subject has withdrawn the consent on which the processing is based pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR and there is no other legal basis for the processing, 
  • the data subject objects under Article 21 (1) GDPR to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects under Article 21 (2) GDPR to the processing, 
  • the personal data have been processed unlawfully, 
  • the personal data must be erased in order to comply with a legal obligation under Union law or the law of a Member State to which the Administrator is subject, 
  • the personal data were collected in connection with the offering of information society services referred to in Article 8(1) of the GDPR. 

    3. The data subject’s rights indicated in Section 2 above shall not apply to the extent that the processing is necessary for the exercise of the right to freedom of expression and information, to establish, assert or defend claims, to comply with a legal obligation requiring processing under European Union law or the law of a Member State to which the Administrator is subject, or to perform a task carried out in the public interest or in the exercise of public authority vested in the Administrator, for reasons of public interest in the field of public health in accordance with Art. 9(2)(h) and (i) of the GDPR and Article 9(3) of the GDPR for archival purposes in the public interest, for scientific or historical research purposes, or for statistical purposes in accordance with Article 89(1) of the GDPR, insofar as the entitlement is likely to prevent or seriously impede the purposes of such processing. 

    4. The Administrator shall be obliged to provide the data subject with information on the rectification or erasure of personal data, unless   this proves impossible or requires a disproportionate effort. 

E. A right to restriction of processing of personal data

  1. The Data Subject has the right to request the Administrator to restrict the processing of his/her personal data in the following cases: 
  • The Data Subject questions the accuracy of the personal data – for a period of time that allows the Administrator to verify the accuracy of the personal data, 
  • the processing is unlawful, and the Data Subject objects to the erasure of the personal data, requesting instead the restriction of its use, 
  • The Administrator no longer needs the personal data for the purposes of the processing, but the data are needed by the Data Subject to establish, assert or defend claims, 
  • The data subject has objected to the processing under Article 21(1) of the GDPR – until it is determined whether the legitimate grounds on the part of the controller override the grounds for the data subject’s objection. 

     2. The Administrator is obliged to inform the data subject of the restriction of the processing of personal data, unless this proves impossible or requires disproportionate effort.

F. A right to portability of personal data 

  1. The data subject shall be entitled to receive in a structured, commonly used machine-readable format the personal data concerning him or her provided to the Administrator, and shall have the right to send such personal data to another controller without hindrance from the Administrator, where the processing is carried out by automated means and (a) based on the data subject’s consent or (b) is necessary for the performance of a contract. 
  2. In exercising the right set forth above, the data subject has the right to request that the personal data be sent by the Administrator directly to another controller, insofar as this is technically possible. This right shall not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of public authority entrusted to the Administrator. This entitlement shall also not adversely affect the rights and freedoms of others. 

G. A right to object and rights related to automated decision-making in individual cases 

  1. The data subject has the right to object at any time – on grounds relating to his or her particular situation – to the processing of personal data concerning him or her based on Article 6(1)(e) or (f) of the GDPR, including profiling under these provisions. The Administrator shall no longer be allowed to process such personal data, unless the Administrator demonstrates the existence of valid legitimate grounds for the processing overriding the interests, rights and freedoms of the data subject, or grounds for establishing, asserting or defending claims. 
  2. If personal data are processed by the Administrator for the purposes of direct marketing, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, including profiling, to the extent that the processing is related to such direct marketing. 
  3. If the data subject raises an objection to processing for direct marketing purposes, the personal data may no longer be processed for such purposes. 
  4. If personal data are processed for scientific or historical research purposes or for statistical purposes under Article 89(1) of the DPA, the data subject has the right to object – on grounds relating to his or her particular situation – to processing relating to his or her personal data, unless the processing is necessary for the performance of a task carried out in the public interest.
  5. The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision is necessary for the conclusion or performance of a contract between the data subject and the Administrator; is authorized by European Union law or the law of a Member State to which the Administrator is subject and which provides for appropriate measures to protect the rights, freedoms and legitimate interests of the data subject; or is based on the data subject’s explicit consent.

8. Logs 

Information of user behavior on the site may be subject to logging. This data is used to administer the site..

9. Anonimized statistical analysis 

  1. The Administrator uses Google Analytics and Universal Analytics services on the Website provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The data collected is processed by the aforementioned services in an anonymized manner (this is so-called exploitation data, which prevents the identification of the person) to generate statistics to help administer the Website. Detailed information on the operation of the above services is available here: www.google.com/intl/pl/policies/privacy/partners/. 
  2. The Operator also uses statistical analysis of website traffic, through Hubspot (Hubspot Inc. based in the USA). The data collected is processed through the above services in an anonymized manner (this is called exploitation data, which prevents identification of the person) to generate statistics to help administer the Website. Detailed information on the operation of the above services is available here: https://knowledge.hubspot.com/reports/analyze-your-site-traffic-with-the-traffic-analytics-tool 
  3. The Operator uses a solution to study user behavior by creating heat maps and recording behavior on the site. This information is anonymized before it is sent to the service operator so that the operator does not know which individual it relates to. In particular, typed passwords and other personal information are not recorded.

10. Cookie files 

  1. The Website uses cookies. 
  2. Cookies are IT data, in particular text files, which are stored in the Service User’s terminal equipment and are intended for use on the Website. Cookies usually contain the name of the website from which they originate, the time they are stored on the terminal equipment and a unique number. 
  3. The entity placing cookies on the Service User’s terminal equipment and accessing them is the Website Operator. 
  4. Cookies are used to carry out the purposes specified above under “9. Anonymized statistical analysis”; 

    5. The Website uses two main types of cookies: “session” (session cookies) and “permanent” (persistent cookies). “Session” cookies are temporary files that are stored on the User’s terminal equipment until the User logs out, leaves the website or shuts down the software (web browser). “Permanent” cookies are stored on the User’s end device for the time specified in the parameters of the cookies or until they are deleted by the User. 

    6. Web browsing software (web browser) usually allows the storage of cookies on the User’s final device by default. Users of the Website may change their settings in this regard. The web browser makes it possible to delete cookies. It is also possible to automatically block cookies detailed information on this subject is contained in the help or documentation of the Internet browser. 

    7. Restrictions on the use of cookies may affect some of the functionality available on the Website. 

    8. Cookies placed in the Service User’s terminal equipment may also be used by entities cooperating with the Website Operator, in particular this concerns companies: Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA), Twitter (Twitter Inc. based in the USA), HubSpot (HubSpot Inc. based in the USA).

11. Managing cookies – how in practice to give and revoke consent? 

  1. If you do not want to receive cookies, you can change your browser settings. We stipulate that disabling cookies necessary for authentication processes, security, maintenance of user preferences may hinder, and in extreme cases may prevent the use of the websites. 
  2. To manage your cookie settings, select the web browser you are using from the list below and follow the instructions:

Mobile devices: 

12. Final provisions

  1. The Website may contain links to other websites. The Service Provider urges you, when you go to other sites, to read the privacy policy established there. This privacy policy applies only to the Website. 
  2. In all matters related to the processing of personal data, including, in particular, matters related to the provisions of this privacy policy, the Service Recipient should contact the Administrator using the following contact details: 10 SENSES SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, e-mail address: marek.zielinski@10senses.pl.