Action Audit Privacy Policy
GENERAL PROVISIONS
- This privacy policy applies to the principles of processing personal data when using any services, content, functionality, technology or functions of the System and all related websites it offers ("Service").
- The Administrator of personal data contained in the website is Ruby Logic Poland Sp. z o.o. ul. pl. Żwirki i Wigury 9A/5, 43-300 Bielsko-Biała, NIP 5472228121, entered into the Register of Entrepreneurs of the Disctrict Court Register in Bielsko-Biała, 8th Commercial Division of the National Court Register under the KRS number: 0000933511 ("Administrator").
- The Administrator can be contacted in writing using the above address or by e-mail:
- The Administrator complies with the principles of applying appropriate technical and organizational measures specified in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("GDPR"), including in particular those relating to the appropriate protection of personal data against unlawful access, modification or destruction of data by unauthorized persons.
- The Administrator reserves the right to change this Privacy Policy at any time, in particular due to changes in the functionality of the System or changes in applicable legal provisions.
- Any capitalized terms not defined in the Privacy Policy have the meaning given to them in the System Regulations.
CATEGORIES, PURPOSES AND BASIS OF PROCESSING
action-audit.com Website
In this policy, we provide information on the processing of personal data in relation to natural persons who are:
- clients, including potential clients of the Administrator (hereinafter referred to as "Contractors")
- employees, statutory representatives, attorneys or representatives of Contractors
- other persons contacting the Administrator (does not apply to the Administrator's employees), including via the contact form on our website
- users who subscribe to the newsletter service
The scope of data is limited to that necessary to conclude and execute contracts with the Contractor and includes:
- name and surname
- email address
- phone number
Personal data provided by Contractors will be processed for the following purposes and on the following bases:
- in order to communicate with Contractors and respond to messages received from Contractors, e.g. from contact forms available in the System, which constitutes the legitimate interest of the Administrator (Article 6 letter f of the GDPR),
- for the purpose of offering goods and services by the Administrator, which constitutes the legitimate interest of the Administrator in the form of the possibility of conducting direct marketing (Article 6, paragraph 1, letter f of the GDPR),
- in order to fulfil the legal obligations incumbent on the Administrator, in particular for accounting and tax purposes, in connection with possible inspections or inquiries, court proceedings, etc. (Article 6, paragraph 1, letter c of the GDPR),
- in the event of receiving data from another Contractor, which may occur if this data is processed for the purpose of executing an order (data transferred in the course of order execution), which constitutes the legitimate interest of the Administrator (Article 6, paragraph 1, letter f of the GDPR),
- in order to determine, pursue or defend against claims, for archival and evidentiary purposes to secure information in the event of a legal need to prove facts, including fulfilling the accountability obligation resulting from the GDPR, as well as to ensure the security of traffic and services, and to counteract abuse and fraud, which constitutes the legitimate interest of the Controller (Article 6 paragraph 1 letter f of the GDPR),
- in other cases, where the possibility of expressing consent to the processing of personal data is provided for, the data will be processed to the extent and for the purpose expressed in the content of the consent (Article 6, paragraph 1, letter a of the GDPR). If the Contractor has consented to receiving marketing communications to the e-mail address and telephone number, the legal basis will also be Article 10 of the Act of 18 July 2002 on the provision of services by electronic means and Article 172 of the Act of 16 July 2004 - Telecommunications Law.
Providing data is voluntary, but in some cases it is necessary, e.g. when concluding a contract. Failure to provide personal data results in the inability to fully use the services of the website, the inability to contact the Administrator via the "Contact" tab and the inability to receive information about special offers and promotions offered on the website. Personal data left on the website will not be sold or made available to third parties, in accordance with the provisions of the Personal Data Protection Act.
Web services app.action-audit.com and app.plandzialan.pl
In this policy, we provide information on the processing of personal data in relation to natural persons who are:
- users of the System (hereinafter referred to as "Users")
The Administrator will process the following categories of data of Users using the System:
- User's name and surname,
- User's email address,
- User's telephone number,
- User's IP address,
- data regarding User's behavior on our websites, browser type and version, unique device identifier.
Personal data provided by Users will be processed for the following purposes and on the following bases:
- for purposes related to the use of the System's functionalities (Article 6 letter b of the GDPR),
- in order to communicate with Users and respond to messages received from Users, e.g. from contact forms available in the System, which constitutes the legitimate interest of the Administrator (Article 6 letter f of the GDPR),
- for purposes related to the User's use of the System, account management in the System, provision of technical support, i.e. for the purposes of performing the agreement on the use of the System or to take action at the User's request before concluding the agreement (Article 6, paragraph 1, letter b of the GDPR),
- in order to fulfil the legal obligations incumbent on the Administrator, in particular for accounting and tax purposes, in connection with possible inspections or inquiries, court proceedings, etc. (Article 6, paragraph 1, letter c of the GDPR),
- in the event of receiving data from another User, which may occur if the data is processed for the purpose of fulfilling an order (data provided in the course of order fulfillment), which constitutes the legitimate interest of the Administrator (Article 6, paragraph 1, letter f of the GDPR),
- in order to determine, pursue or defend against claims, for archival and evidentiary purposes to secure information in the event of a legal need to prove facts, including fulfilling the accountability obligation resulting from the GDPR, as well as to ensure the security of traffic and services, and to counteract abuse and fraud, which constitutes the legitimate interest of the Controller (Article 6 paragraph 1 letter f of the GDPR),
- for the purpose of offering goods and services by the Administrator, which constitutes the legitimate interest of the Administrator in the form of the possibility of conducting direct marketing (Article 6, paragraph 1, letter f of the GDPR),
- in other cases, where the possibility of expressing consent to the processing of personal data is provided for, the data will be processed to the extent and for the purpose expressed in the content of the consent (Article 6, paragraph 1, letter a of the GDPR). If the User has consented to receiving marketing communications to the e-mail address and telephone number, the legal basis will also be Article 10 of the Act of 18 July 2002 on the provision of services by electronic means and Article 172 of the Act of 16 July 2004 - Telecommunications Law.
Providing data is voluntary, but in some cases it is necessary, e.g. when concluding a contract. Failure to provide personal data results in the inability to fully use the services of the website, the inability to contact the Administrator via the "Contact" tab and the inability to receive information about special offers and promotions offered on the website. Personal data left on the website will not be sold or made available to third parties, in accordance with the provisions of the Personal Data Protection Act.
Pulse Mobile App
In this policy, we provide information on the processing of personal data in relation to natural persons who are:
- users of the Pulse mobile application (hereinafter referred to as "Pulse Users")
The Administrator will process the following categories of data of Pulse Users using the System:
- Pulse User's first and last name,
- Pulse User's email address,
- Pulse User's phone number,
- Pulse User's IP address,
- Pulse User's company name
The personal data provided by Pulse Users will be processed for the following purposes and on the following bases:
- for purposes related to the use of the System's functionalities (Article 6 letter b of the GDPR),
- in order to communicate with Pulse Users and respond to messages received from Pulse Users, e.g. from contact forms available in the System, which constitutes the legitimate interest of the Administrator (Article 6 letter f of the GDPR),
- for purposes related to the User's use of the System, account management in the System, provision of technical support, i.e. for the purposes of performing the agreement on the use of the System or to take action at the request of the Pulse User before concluding the agreement (Article 6, paragraph 1, letter b of the GDPR),
- in order to fulfil the legal obligations incumbent on the Administrator, in particular for accounting and tax purposes, in connection with possible inspections or inquiries, court proceedings, etc. (Article 6, paragraph 1, letter c of the GDPR),
- in the event of receiving data from another Pulse User, which may occur if this data is processed for the purpose of fulfilling an order (data provided in the course of order fulfillment), which constitutes the legitimate interest of the Administrator (Article 6, paragraph 1, letter f of the GDPR),
- in order to determine, pursue or defend against claims, for archival and evidentiary purposes to secure information in the event of a legal need to prove facts, including fulfilling the accountability obligation resulting from the GDPR, as well as to ensure the security of traffic and services, and to counteract abuse and fraud, which constitutes the legitimate interest of the Controller (Article 6 paragraph 1 letter f of the GDPR),
- for the purpose of offering goods and services by the Administrator, which constitutes the legitimate interest of the Administrator in the form of the possibility of conducting direct marketing (Article 6, paragraph 1, letter f of the GDPR),
- in other cases, where the possibility of expressing consent to the processing of personal data is provided for, the data will be processed to the extent and for the purpose expressed in the content of the consent (Article 6, paragraph 1, letter a of the GDPR). If the Pulse User has agreed to receive marketing communications to the e-mail address and telephone number, the legal basis will also be Article 10 of the Act of 18 July 2002 on the provision of services by electronic means and Article 172 of the Act of 16 July 2004 - Telecommunications Law.
Providing data is voluntary, but in some cases it is necessary, e.g. when concluding a contract. Failure to provide personal data results in the inability to fully use the services of the website, the inability to contact the Administrator via the "Contact" tab and the inability to receive information about special offers and promotions offered on the website. Personal data left on the website will not be sold or made available to third parties, in accordance with the provisions of the Personal Data Protection Act.
RIGHTS OF CONTRACTORS, USERS AND PULSE USERS
At any time, it is possible to withdraw consents granted on the website, including consent to the processing of personal data. Until then, the processing of data of the Contractor, User and Pulse User is lawful.
The Contractor, User and Pulse User have the right to:
- access to their data and receive a copy thereof,
- rectify (correct) your data,
- deletion of data, if permitted under the GDPR,
- restrictions on data processing to the extent permitted by the GDPR,
- object to the processing of data processed for the purpose of pursuing the legitimate interest of the Administrator or a third party, including direct marketing, and when processing is necessary for the Administrator to perform a task carried out in the public interest or to exercise public authority entrusted to the Administrator,
- data transfer under the conditions specified in the GDPR,
- file a complaint with the supervisory authority – if the Contractor, User or Pulse User believes that the Administrator is processing their data unlawfully, they may file a complaint in this matter with the President of the Personal Data Protection Office,
- withdrawal of consent to the processing of personal data – at any time the Contractor, User and Pulse User have the right to withdraw consent to the processing of such personal data that the Administrator processes on the basis of their consent; withdrawal of consent will not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.
DATA RECIPIENTS
The following persons may have access to the personal data of a Contractor, User or Pulse User:
- subcontractors of services - entities that we use to perform the contract,
- entities authorized to obtain data under applicable law, e.g. courts or law enforcement authorities - only in the event of receiving a request based on an appropriate legal basis.
We reserve the right to change the privacy policy of the service, which may be affected by the development of Internet technology, possible changes in the law on the protection of personal data and the development of our website. We will inform about any changes in a visible and understandable way. The Service may contain links to other websites. Such websites operate independently of the Service and are not supervised by Ruby Logic in any way. These websites may have their own privacy policies and regulations, which we recommend that you familiarize yourself with.
DATA STORAGE PERIOD
Personal data will be stored for the period necessary to achieve the purposes for which they were collected, i.e.:
- in the case of performance of contracts for a period in accordance with legal regulations (until the expiry of the deadlines for pursuing claims and until the expiry of the periods specified by law for storing accounting documents),
- in the case of data processed on the basis of the consent of the Contractor, User or Pulse User - until the consent is withdrawn, with the proviso that if the Contractor, User or Pulse User withdraws the consent or deletes the data in the System, the Administrator may continue to process the data that is necessary for the performance of previously concluded contracts,
- if personal data are processed for the purpose of pursuing the legitimate interests of the Administrator or a third party referred to in this Privacy Policy, for the period until such interests are pursued or an objection to such processing is raised, unless the GDPR allows further processing of data,
- in the scope of fulfilling the legal obligation incumbent on the Administrator for the period and to the extent required by law, and after that time for the period resulting from the provisions of law or for the pursuit of the legitimate interests of the Administrator, including for securing and pursuing any claims.
COOKIE POLICY
Our website uses so-called cookies, which enable the use of all the functions on our website. These files are saved in the device's memory and do not cause any changes to the device's settings. At any time, you can delete cookies in your browser settings and block their use in the future. Our website uses cookies to provide you with the greatest possible convenience when using the website, to enable the use of all its functions, for statistical and marketing purposes and to remember information about your session. You can change the settings for Cookies in your web browser. Failure to change these settings means that you accept the Cookies used here.
The website uses performance cookies, which are used to collect information about how the website is used to make it work better, and functional cookies, which allow it to "remember" user settings (e.g. language, font size). The Service uses the following cookies:
- Session cookie - session cookies are created when the Contractor, User and Pulse User browses the page. After closing the browser, these files are deleted.
- Persistent cookies - persistent cookies are not deleted when the browser is closed and remain on the user's device for a specified period of time or without a validity period.
- HttpOnly cookie - HttpOnly cookies can only be used via HTTP or HTTPS, they cannot be read by javascript, among others. They increase security.
- Secure cookie - secure cookies can only be used over HTTPS, they provide an encrypted connection.
- Third-party cookies - third-part cookies are cookies placed by external entities used by the service. They can be used for advertising purposes.
We use the data we collect using cookies to tailor our site to your needs. Once we obtain statistical information from them, they are permanently deleted from our systems.
Most browsers allow you to control cookies through settings that can be adjusted to reflect your consent to the use of cookies. In addition, most browsers allow you to review and delete cookies, including the ActionAudit cookie. To learn more about browser settings, please refer to the documentation provided by your browser manufacturer.
CONTACT
If you have any questions regarding our privacy policy, please contact us via the Contact page.