You will not receive any unsolicited e-mail marketing messages from us. As the test administrator you can stop paying subscription at any time and without any hidden costs. Tests which you create on the website are only your property and they are not used anywhere else.
1. The Controller of Personal Data is Testportal Sp. z o.o. with its registered office at Szewska 9, 66-110 Babimost, Poland, European Union, VAT ID: PL9731017273.
2. Respecting your rights as personal data entities (persons who the data apply to) and respecting applicable rules of law, in particular the Resolution of the European Parliament and Council (EU) 2016/679 dated 27 April 2016 on protection of natural persons due to processing personal data and on free flow of such data and revocation of the directive 95/46/WE (general data protection regulation), hereinafter referred to as GDPR, the personal data protection act (hereinafter called the Act) and other relevant regulations on the personal data protection, we hereby undertake to keep your personal data secret and secured. All employees have been properly trained with regard to processing personal data, and our company as a Personal Data Controller has implemented suitable protective measures as well as technical and organizational means aimed at assuring top protection of personal data. We have implemented personal data protection procedures and policies in accordance with GDPR. Thanks to them, we can act legally and assure reliable data processing as well as execution of any rights which you are entitled to as persons who these data apply to. Additionally, if necessary, we cooperate with the supervisory body in the territory of the Republic of Poland, that is the Head of the Personal Data Protection Office (hereinafter referred to as HPDPO).
3. Any inquiries, petitions, complaints concerning personal data processing by our company (Personal Data Controller), hereinafter called Notifications, must be sent to the following e-mail address: firstname.lastname@example.org or in writing to the address of the Personal Data Controller, that is ul. Szewska 9, 66-110 Babimost. The Notifications shall explicitly specify the following items:
a) data of a person or persons who the Notification refers to,
b) event which caused the Notification,
c) demands and legal basis for such demands,
d) expected method of settling/solving the case.
4. On our Website we collect the following personal data:
a) data required to register the User and open the Account – e-mail address, password, first and last name, country of origin, time zone, type of entity (individual user/company). These data are required for proper configuration of the Account and contacting the User (if necessary),
b) data required in case of rendering services for the User or Respondent, which depending on the service or nature of the online Test may change – it can be e.g. place of residence or stay, date of birth, PESEL number, age, sex, NIP, telephone number, education, profession and data included in online Tests,
c) data required to carry out the complaint process – first and last name and e-mail address of the User or Respondent, IP address,
d) information arising from general principles of connection on the Internet, such as IP address (and other information included in system logs) used by the Internet Portal controller for technical purposes. IP addresses may also be used for statistical purposes, in particular to collect general data on demography (e.g. about region from which the connection was made),
e) to provide newsletter service – if you want to be informed about interesting events and commercial offers, you can sign up for a newsletter; it is voluntary and you can resign at any time; to subscribe, you just need to enter your e-mail address,
f) if it is necessary to issue a VAT invoice for the services rendered for the Users at a fee, it is necessary to enter a NIP number and your enterprise’s head office address.
5. Our Website is based on the Cookies technology in order to adapt to your needs. For this reason you can agree on the data your have entered to be remembered. Thanks to this, it will be possible to use them next time you visit our Website and you will not be required to re-enter them. Owners of other websites will not have an access to these data and information. If you however disagree to Website customization, we suggest that you disable cookies files in your website browser settings.
6. Your personal data are processed by our company, as a Personal Data Controller, for the purposes of the services rendered for you (that is persons who these data apply to) provided under the Website. In accordance with the principles of minimization, we process only those personal data which are required to achieve goals referred to in the preceding sentence.
7. With regard to Respondents’ personal data, the Controller processes personal data on the basis of the agreement concluded with the User. The data controller in this case is the User who collects data via online Tests.
8. We process personal data as long as it is necessary to achieve goals listed in the preceding point. The personal data may be processed longer than specified in the preceding sentence if such authorization or obligation imposed on the Personal Data Controller arises from specific rules of law or when our service is continuous (e.g. newsletter subscription).
9. The source of the Personal Data processed by the Controller are persons who these data apply to.
10. Your personal data are not disclosed to third countries, pursuant to GDPR.
11. No personal data are disclosed to third parties without an explicit approval of the person who these data apply to. The personal data may be disclosed without the aforesaid approval solely to public law entities, i.e. government bodies and administration units (e.g. tax authorities, law enforcement authorities and other entities authorized by applicable rules of law).
12. The personal data may be entrusted for the purposes of processing to the entities which process such data for our company being the Personal Data Controller. This being the case, as the Personal Data Controller we conclude the personal data processing agreement with the data processor. The processing entity processes the specific personal data solely for the purposes, to the extent and for purposes stipulated in the above-stated agreement, referred to in the preceding sentence. If we did not entrust your personal data for the purposes of processing, we would not be able to operate under the Website. As the Personal Data Controller, we entrust personal data to the entities:
a) who render hosting services for the web page which our Website is based on,
b) who render other services for us as the personal data controller, which are required for ongoing operation of the Website.
13. Personal data are not subject to profiling by the Personal Data Controller.
14. Pursuant to GDPR, every person whose personal data we process as the Personal Data Controller shall have a right to do the following:
a) access its personal data referred to in art. 15 GDPR – providing us with personal data, you have a right to view and access them; it does not mean however that you can have an access to all documents which contain your data because they may include confidential information; however you have a right to know what data and for what purpose we process and a right to gain a copy of your personal data; the first copy is granted free of charge but every other is subject to an administrative fee, pursuant to GDPR, corresponding to the costs of preparing the copy,
b) correct, supplement, update, edit personal data referred to in art. 16 GDPR – if your personal data have changed, please inform us as the Personal Data Controller about this so that the data we have collected comply with the facts and are up-to-date; also in the situation in which there have not been any changes to personal data but for some reasons these data are wrong or have been recorded improperly (e.g. due to a misprint), please report us about it in order to let us correct such data,
c) delete data (a right to be forgotten) referred to in art. 17 GDPR – in other words you have a right to require us to „delete” data we have collected as the Personal Data Controller and the right to request us as the Personal Data Controller to inform other controllers whom we have disclosed your data about a need to delete them. You may demand deletion of your personal data primarily when:
I. goals for which the personal data were collected have been achieved, for example we have completed the sales agreement concluded with you,
II. the basis for processing your personal data was the consent which was then withdrawn and there are no other legal bases for processing your personal data further, e.g. if you resign from newsletter subscription and otherwise resign from using our offer,
III. if you have raised an objection on the basis of art. 21 GDPR and you think that we do not have any legal bases for processing your personal data anymore,
IV. your personal data were processed illegally, that is for the purposes at variance with the law or without any basis for processing personal data – please remember that you need to present us with the basis for your request,
V. a need to delete your personal data arises from the rules of law,
VI. you are below the age of 13.
d) limit processing referred to in art. 18 GDPR – you may require our company to limit processing your personal data (which means that our company primarily stores your data until the case has been solved) if:
I. you question correctness of your personal data, or
II. you hold that we process your data without legal basis but also you do not wish us to delete these personal data (that means that you do not use the right referred to in the preceding letter), or
III. you have raised an objection referred to in (f) of this point, or
IV. your personal data are necessary to establish, investigate or defect claims, e.g. in court,
e) transfer data referred to in art. 20 GDPR – you have a right to obtain your data in the format allowing readout of these data at the computer and the right to send these data in such format to another controller; you shall be entitled to this right only when the basis for processing your data was the consent (e.g. newsletter subscription) or these data were processed automatically,
f) raise an objection to processing personal data referred to in art. 21 GDPR – you have a right to raise objection if you disagree on processing personal data which we have so far been processing for justified purposes in accordance with the rules of law,
g) not to be subject to profiling referred to in art. 22 with regard to art 4 point 4 GDPR – on our Website you will not be subject to automatic decision-making process or profiling pursuant to GDPR, unless you have given your consent in this respect; additionally, we will always inform you about profiling (if any),
h) lodge a complaint to a supervisory body (i.e. the Head of the Personal Data Protection Office) referred to in art. 77 GDPR – if you decide that we process your personal data illegally or otherwise violate the rights arising from commonly applicable rules of law with regard to personal data protection.
15. With reference to the right to delete data (the right to be forgotten), we wish to emphasize that GDPR holds that you do no have a right to exercise such right if:
a) processing of your personal data is required for use of the right to freedom of speech and information, e.g. if you have posted your data on blog, in comments, etc.,
b) processing of your personal data is required by our company to fulfill its legal obligations arising from the regulations – we cannot delete your data for the period in which we fulfill our obligations (e.g. tax obligations) imposed by the rules of law,
c) your data are processed for the purposes of investigating, establishing or defending claims.
16. If you wish to exercise your rights referred to in the preceding point, please use relevant sections on the Website. These sections let you delete your account and data collected on our Website. Alternatively please send an electronic message to our e-mail address: email@example.com.
17. Every violation of safety is documented, and if any of the events listed in GDPR or Act occurs, such violation of personal data protection principles is reported to persons who these data apply to and – if necessary – HPDPO.