of NATIVE HASH Sp. z o.o. of Jasionka
This document (the “Policy”) contains information concerning the Processing by NATIVE HASH Sp. z o.o. of Jasionka, Jasionka 954E, 36-002 Jasionka, entered into the Register of Businesses, a part of the National Court Register, by the District Court in Rzeszów, Division XII (National Court Register Cases), under number 0000778892, NIP (tax identification number): 5170398381, REGON (statistical number): 382932905, share capital: PLN 5,000.00, of the Personal Data of the persons using the NativeHash Platform available at http://nativehash.io and/or via the http://app.nativehash.io application (the “Platform”). NATIVE HASH Sp. z o.o. is the Personal Data controller (the “Controller”). This Policy is published in order to provide data subjects whose Personal Data is processed by the Controller with as much information as possible about the scope of the data Processed, the methods and principles of Processing, and their rights. The fundamental legal regulation concerning Personal Data protection is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”). By creating an Account on the Platform, each of the Users using the Services offered by the Controller accepts the provisions of this Policy and agrees to the way in which the Controller collects, stores, uses, and protects Personal Data. Provision of Personal Data is voluntary, but necessary to use the Services provided via the Platform. If the User refuses to provide the Controller with specific Personal Data that is required, it will be impossible to execute an agreement with the Controller and the Controller will be unable to provide the User with the Services he offers. This Policy applies to every NativeHash website, irrespective of how the User accesses that website, when the User uses the Services, registers an Account, provides information via an online form, updates information on his or herAccount, or otherwise corresponds with the Controller in connection with the Services.
1) “Browser” shall mean the software used to view websites (e.g. Chrome, Firefox, Safari).
2) “Cookies” shall mean the text files placed by the server on the device on which a Browser is running. Cookies constitute IT data and include, but are not limited to, the text files stored on the User’s end device (e.g. in the memory of a computer) and related to the use of the Platform.
3) “Third Country” shall mean a country that is not a member state of the European Economic Area.
4) “Personal Data” shall mean any information relating to a natural person identified or identifiable in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
5) “Profiling” shall mean any form of automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
6) “Platform” shall mean NativeHash.
7) “Services” shall mean the services provided by the Controller to the Users via the Platform, which consist in carrying out influencer marketing campaigns and/or making available the influencer search engine.
8) “Processing” shall mean any operation or set of operations which is performed on Personal Data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
9) “Users” shall mean the persons using the Services provided by the Controller via the Platform.
10) “Account” shall mean an individual User profile created by him or her on the Platform as a result of the registration process.
II. LEGAL BASES, PURPOSES, PRINCIPLES, AND DURATION OF PROCESSING DATA
1. The Users may provide the Controller with Personal Data when using the Platform or filling out the forms available on the Platform (e.g. in order to register), through any exchange of information with the Controller by phone, e-mail, or in any other way, as well as when reporting problems related to the functioning of the Platform.
2. The Controller shall Process Personal Data in order to:
a) perform the rights and obligations resulting from the agreement executed between the User and the Controller (Article 6.1.b of the GDPR), register and manage an individual Account on the Platform, as well as to provide the User with the information and the Services requested by him or her, which is necessary to carry out mutual contractual obligations, for the time necessary to perform the agreement; after agreement completion, Data shall be stored for the time necessary to demonstrate that the obligations under the agreement have been carried out, until the lapse of the deadlines specified in legal regulations on archiving. The Controller shall store the User’s Personal Data for as long as this is in compliance with the applicable legal regulations and necessary for and relevant to the activities of the Controller. After the end of the Processing period, Personal Data shall be immediately erased or anonymized;
b) provide the User with information concerning the Services by e-mail and/or text messages and/or any and all other means of communication, as well as collect payments from the User, which is related to the performance of the mutual rights and obligations resulting from the agreement executed between the User and the Controller (Article 6.1.b of the GDPR), for the time necessary to perform the agreement; after agreement completion, Data shall be stored for the time necessary to demonstrate that the obligations under the agreement have been carried out, until the lapse of the deadlines specified in legal regulations on archiving;
c) enable the User to personalize his or her profile on the Platform; in that case, Data shall be Processed with the User’s consent (Article 6.1.a of the GDPR) until the consent has been withdrawn;
d) ensure that the Controller provides the Services in accordance with the applicable legal regulations, as well as with the terms and conditions of provision of the Services and this Policy, which is necessary to carry out mutual contractual obligations (Article 6.1.b of the GDPR), for the Controller to comply with his statutory obligations (Article 6.1.c of the GDPR), and to exercise and defend claims resulting from the agreement (Article 6.1.f of the GDPR), for the time necessary to perform the agreement; after agreement completion, Data shall be stored for the time necessary to demonstrate that the obligations under the agreement have been carried out, until the lapse of the deadlines specified in legal regulations on archiving; in the case of the Controller carrying out statutory obligations, Personal Data shall be Processed for time necessary to carry out these obligations; in the case of exercising and defending claims under the agreement, for the time necessary to carry out the Controller’s legitimate interest or until the User makes a reasoned objection;
e) provide the Users with marketing materials and the information, instructions, and guidelines necessary to facilitate the provision of the Services; in that case, data shall be Processed with the User’s consent (Article 6.1.a of the GDPR) and/or due to the Controller’s legitimate interest consisting in improving the Services and carrying out direct marketing (Article 6.1.f of the GDPR), for the time necessary to carry out the Controller’s legitimate interest or until the User makes a reasoned objection, and in the case of direct marketing, until an objection is made;
f) manage the Platform and solve the problems related to Platform use, analyze data, test, and carry out research, analytical, and supervisory works; in that case, the basis for Processing the User’s Personal Data shall be a legitimate interest of the Controller consisting in ensuring the security of the Services and improving the functions available on the Platform (Article 6.1.f of the GDPR); in that case, Personal Data shall be Processed for the time necessary to carry out the Controller’s legitimate interest or until the User makes a reasoned objection;
g) improve the Platform and the Services and ensure that their contents are provided to the Users in an appropriate manner, in particular taking into account the devices by means of which the Users use the Platform, which constitutes a legitimate interest of the Controller (Article 6.1.f of the GDPR); in that case, Personal Data shall be Processed for the time necessary to carry out the Controller’s legitimate interest or until the User makes a reasoned objection;
h) ensure that using the Services available on the Platform is secure, which is necessary to carry out mutual contractual obligations; establish, exercise, or defend claims under the agreement (Article 6.1.b of the GDPR), for the Controller to carry out his statutory obligations (Article 6.1.c of the GDPR), or constitutes a legitimate interest of the Controller (in order to ensure the security of the Services) (Article 6.1.f of the GDPR), for the time necessary to perform the agreement; after agreement completion, the Data shall be stored for the time necessary to demonstrate that the obligations under the agreement have been carried out, until the lapse of the deadlines specified in legal regulations on archiving; in the case of the Controller carrying out statutory obligations, Personal Data shall be Processed for time necessary to carry out these obligations; in the case of ensuring security, for the time necessary to carry out the Controller’s legitimate interest or until the User makes a reasoned objection;
i) carry out other statutory obligations of the Controller, including but not limited to legal, accounting, tax, and reporting obligations, such as carrying out the financial settlements related to the Platform (Article 6.1.c of the GDPR), for the time necessary to carry out these obligations, in particular until the prescription periods for tax obligations have lapsed;
j) if voluntary and optional consents are granted (Article 6.1.a of the GDPR, Article 10 of the Polish Law of 18/07/2002 on the Provision of Electronic Services, and Article 172 of the Polish Telecommunications Law of 16/07/2004), the Data shall also be Processed for marketing purposes consisting in sending newsletters (e-mailing), in order to perform the agreement for the sending of newsletters and to promote the Services, including electronic Services, also on the basis of separate consents granted by e-mail or during a telephone conversation, until the consent has been withdrawn. The Controller shall store the User’s Personal Data for as long as this is in compliance with the applicable legal regulations and necessary for the purpose of the Controller’s activities.
3. The Controller shall process the following Personal Data provided by the User:
a) Data required to register an Account and use the Services, including:
- first and last name,
- last name at birth,
- nickname(s) and account name(s) in social media,
- identity card number,
- PESEL (Polish national identification number) and date of birth,
- bank account number,
- PayPal account name,
- e-mail address,
- address of residence/correspondence address,
- company name,
- address data of the company,
- tax identification number (in the case of Users who are entrepreneurs, as this is necessary for the purpose of settlements),
- tax office name,
- phone number.
All of the above fields are obligatory. If this information is not provided, the Controller is unable to provide the User with access to the Services.
b) information concerning accounting operations or financial transactions, including those carried out via the Platform or in any other way (this includes the User’s payment card Data and bank account Data);
c) Data concerning access to the Platform and the resources used by the User;
d) Data and information the Controller may require from the User when problems with using the Platform are reported.
4. With regard to Personal Data regarding the User's visits to the Platform, the Data Controller may (if it is required and he obtained the User's consent for this purpose) obtain data on devices and networks used by the User to access the Services. This data may include: User's IP address, login data, type and version of the web browser, types and versions of plugins used by web browsers, operating system and platform, advertising identifier, information about visits, including the URL of the site on which the link leading to the Platform was clicked, searched or viewed products, data download errors, time of visits to specific pages, interactions with other pages, number of subscribers, number of profile views, number of views of published content, number of fans' reactions to published content (comments and other reactions) , amount of published content, audience demographics (age, gender, language).
5. In connection with the provision of the Services, Personal Data will be shared with other entities and external recipients, including but not limited to the Controller’s service providers, banks, entities providing payment, accounting, and legal services, courier companies, trusted clients and business partners, and the entitled state authorities; if required under the applicable legal regulations, with the organizational entities of the Prosecution Office, the Police, the President of the Polish Personal Data Protection Office, the President of the Polish Office of Competition and Consumer Protection, and the President of the Polish Electronic Communication Office; as well as with subcontractors, if any activities requiring Personal Data Processing are commissioned to them. The Controller guarantees an appropriate level of security and confidentiality with respect to Personal Data Processing.
6. The Controller hereby announces that Personal Data will be shared with external recipients if:
a) this is necessary in order to use the services of an external entity;
b) this is necessary in connection with the agreements executed with external entities;
c) this is necessary to provide the Services correctly;
d) this is required under the applicable legal regulations;
e) this is necessary to defend the Controller’s rights or claims, in connection with a pending lawsuit;
f) a threat to life, health, property, or security has occurred.
7. The Controller’s registered office is in Poland and, in principle, he does not transfer Personal Data to Third Countries or to international organizations that do not belong to the European Economic Area (EEA); however, considering the fact that the Controller’s operations cover Third Countries, it might happen that the Controller’s business partners service providers, e.g. those providing services related to servers, hosting, or software, will be located in a Third Country. In this case, the User’s Personal Data will be transferred outside of the European Economic Area. All such transfers of Personal Data shall take place on the basis of the standard contractual clauses adopted by the European Commission that ensure an adequate level of protection in accordance with the applicable legal regulations.
8. In accordance with the applicable legal regulations and if this is required, after receiving consent from the User, the Controller may use the information provided by the User in order to carry out direct marketing activities and send newsletters electronically. With respect to marketing communications sent electronically, the User may at any time withdraw his or her consent by means of clicking the “Unsubscribe” link in the received newsletter.
III. AUTOMATED PROCESSING OF PERSONAL DATA
The Controller uses Personal Data for the purposes of automated decision-making, including through profiling, considering the information contained in Cookies. Profiling will affect the functionality and quality of the Platform, the contents of the specific User’s profile, the contents of the offer dedicated to the specific User, and on proposing actions to the User that increase his or her activity on the Platform. Furthermore, Profiling shall be carried out in order to achieve the goals specified in section II of this Policy.
IV. RIGHTS OF USERS
1. According to the GDPR, the User shall have the following rights with respect to Personal Data Processing:
a) the right to access Personal Data (including the right to receive information specifying which Personal Data is processed by the Controller and to receive a copy of his or her Personal Data);
b) the right to demand that Personal Data is corrected, updated, or rectified;
c) the right to demand that Personal Data be erased if it is incomplete, out-of-date, false, or has been collected in violation of legal regulations, or is not necessary to achieve the purpose for which it has been collected; irrespective of the above, the User shall have the right to delete his or her Account on the Platform (which is not equivalent to erasure of Personal Data);
d) the right to file a complaint with the supervisory authority dealing with Personal Data protection, i.e. the President of the Polish Personal Data Protection Office (e.g. if the User believes that Personal Data Processing violates the GDPR or other Personal Data protection regulations);
e) the right to demand that the Processing of Personal Data is limited;
f) the right to object to the Processing of Personal Data if processing takes place on the basis of the Controller’s legitimate interest or for the purposes of direct marketing. If Personal Data is Processed on the basis of consent, the User shall have:
g) the right to withdraw consent at any time. The User shall have the right to withdraw any consent given to the Controller so far. Consent withdrawal produces effects as of the moment of withdrawal. Consent withdrawal shall not affect the lawful Processing carried out by the Controller prior to the withdrawal;
h) the right to transfer Personal Data.
2. In order to exercise the above rights, the User may contact the Controller via the communication channels specified in this Policy.
2. Cookies are used to:
a) allow the Users to navigate the website and use its basic functions;
b) recognize the User during his or her next visit to the website;
c) personalize and improve the functions offered to the User;
d) continue the User’s session;
e) determine the number of persons using the Platform and obtain information about the way in which the Platform is used;
f) remember the login data on the Platform;
g) adjust the contents of the Platform to the User’s individual preferences (e.g. the layout of the website);
h) compile anonymous statistics allowing the Controller to improve the functionality of the Platform.
3. The Controller uses two types of Cookies: session Cookies, which are deleted at the end of the User’s Browser session, and permanent Cookies, which remain on the User’s device after the end of the Browser session, until they have been deleted. The Platform uses the following types of Cookies (unless specified otherwise):
a) necessary Cookies, which are of crucial importance and allow Users to navigate the Platform and use its functions, such as access to secure areas. Without these Cookies, the Platform cannot be displayed properly;
b) performance Cookies, which collect information on how the Users use the Platform, which of its sections they visit most often, and whether they receive error messages. Data collected by means of these Cookies is anonymous and serves the sole purpose of improving the functioning of the Platform;
c) functional Cookies, which register the choices made by Users (such as remembering login data). These files may also be used to remember the changes made by the User;
d) the Platform uses Google Analytics, which tracks User traffic on all sub-pages through Cookies. Information obtained through this tool is not shared with other entities and is used exclusively for statistical purposes and to improve the usability of the Platform.
4. There are cases when the software used to browse websites (the Browser) permits, by default, the storage of Cookies on the end device. Cookie settings may be modified at any time. In particular, these settings may be changed in such a way as to block automatic processing of Cookies or that a message is displayed every time they are placed on the User’s device. Restrictions in terms of using Cookies may affect certain functionalities available on the Platform. Cookies may also be used by the partners and advertisers that work with the Controller.
5. Cookies may be removed from the User’s device by means of the Browser, which also allows for disabling them. Detailed information concerning Cookies settings and their deletion by the user is available on the official websites of the providers of Browsers, in the “Help” section, and at https://jakwylaczyccookie.pl/jak-wylaczyc-pliki-cookies/.
VI. PERSONAL DATA SECURITY
The Controller has implemented technical and organizational measures that guarantee the protection of the Personal Data Processed, which are relevant to the threats and categories of Data covered with protection; in particular, the Controller has secured Data against its sharing with unauthorized persons, Processing in violation of statutory regulations, as well as changes, loss, damage, and destruction. The Personal Data of Users collected by the Controller is stored on servers secured against unauthorized use, in accordance with the relevant legal requirements. The Controller has implemented the relevant measures and the highest security and confidentiality standards in order to ensure that Personal Data is Processed in a secure manner that guarantees, primarily, that access to Data is granted exclusively to the authorized persons and only to the extent that is necessary in view of the tasks of these persons. The Controller shall take any and all actions in order to make sure that the entities he works with guarantee the use of the relevant security measures in every case of Processing Personal Data at the request of the Controller. These security measures include:
a) securing Data against unauthorized access;
b) frequent software updates;
c) access to an individual Account on the Platform is possible only after logging in with the login and password; passwords are confidential and stored in a database in the form of hashes;
d) firewalls and Personal Data encryption in databases;
e) controls with respect to access to information;
f) an SSL (Secure Socket Layer) certificate; communication between the User’s device and the servers is encrypted using the SSL protocol.
At the same time, the Controller announces that using the Internet and electronic Services may entail specific ICT threats, such as the existence and operation of online worms, spyware and malware, including computer viruses, as well as exposure to cracking and phishing. In order to obtain detailed and professional information with respect to online security, the Controller recommends consulting entities specializing in this type of IT services.
VII. CONTACT DATA
In the event of any questions and doubts concerning Personal Data Processing or should the User wish to exercise a specific right, he or she may send the relevant query to the Controller and contact the Controller in the following form: by e-mail: email@example.com
VIII. AMENDMENTS TO THIS POLICY
This Policy is an appendix to the Terms and Conditions of Service of Native Hash Sp. z o.o., is available on the Platform (https://nativehash.io), and is sent to each User at his or her request. The Controller shall attempt to make sure that this Policy is updated to reflect any changes to legal regulations, case law, and guidelines issued by the authorities responsible for Personal Data Processing; an introduction of a code of best practices (if the Controller is bound by any such code); or any change in the technologies, methods, purposes, or legal bases for Personal Data Processing. If any major changes are made to this Policy, the Controller will publish the relevant information on the Platform (https://nativehash.io). The Controller reserves the right to amend this Policy at any time. This shall take place by means of publishing the new version of the Policy and specifying its effective date.
On 25th May 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on its free movement (the so-called GDPR) entered into force.
Therefore, we present the "Information clause on the processing of personal data" in NATIVE HASH Sp. z oo with its registered office in Jasionka, address: Jasionka 954E, 36-002 Jasionka, which was based on the provisions of applicable law, concluded contracts, and the consent granted.
INFORMATION CLAUSE ON THE PROCESSING OF PERSONAL DATA
Referring to the requirements indicated in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC ( General Data Protection Regulation "GDPR Regulation"), we would like to inform you about the rules of processing your personal data, as well as your rights in this respect.
The following rules apply from 25th May 2018.
1) The Controller of your personal data is NATIVE HASH Sp. z o.o. based in Jasionka, address: Jasionka 954E, 36-002 Jasionka.
2) At NATIVE HASH Sp. z o.o. there is a designated Data Protection Officer with whom you can contact in all matters regarding the processing of personal data and the exercise of rights related to data processing via e-mail, by sending a message to the e-mail address firstname.lastname@example.org;
3) The personal data Controller shall process your personal data on the basis of applicable law, concluded contracts, and also on the basis of the consent granted.
4) We also inform you that your personal data is processed for the purpose / purposes of:
a) fulfillment of legal obligations incumbent on NATIVE HASH Sp. z o.o. based in Jasionka, address: Jasionka 954E, 36-002 Jasionka
b) implementation of contracts concluded with contractors of NATIVE HASH Sp. z o.o. based in Jasionka, address: Jasionka 954E, 36-002 Jasionka;
c) in other cases, your personal data is processed only on the basis of previously granted consent to the extent and for the purpose specified therein.
5) Referring to the processing of personal data for the purposes referred to in point 3, the recipients of your personal data may be:
a) public authorities and entities performing public tasks or acting on behalf of public authorities, to the extent and for the purposes that result from the provisions of generally applicable law;
b) other entities - on the basis of relevant agreements signed with NATIVE HASH Sp. z o.o. based in Jasionka, address: Jasionka 954E, 36-002 Jasionka
6) Your personal data will be kept for the period necessary to achieve the goals set out in point 3, and after that time for the period required by the provisions of generally applicable law.
7) In accordance with the GDPR Regulation, in connection with the processing of your personal data, you have the following rights:
a) the right to access personal data, including the right to obtain a copy of this data;
b) the right to request rectification (correction) of personal data - if the data is incorrect or incomplete;
c) the right to request the deletion of personal data (the so-called right to be forgotten), if:
• the data is no longer necessary for the purposes for which it was collected or otherwise processed,
• the data subject has objected to the processing of personal data,
• the data subject has withdrawn consent to the processing of personal data, which is the basis for data processing and there is no other legal basis for data processing,
• personal data is processed unlawfully,
• personal data must be removed in order to comply with the legal obligation;
d) the right to request the restriction of the processing of personal data - if:
• the data subject questions the accuracy of the personal data,
• the processing of data is unlawful and the data subject opposes the deletion of data, requesting its restriction instead,
• The Controller no longer needs the data for his purposes, but the data subject needs it to establish, defend or pursue claims,
• the data subject has objected to the processing of the data until it has been established whether the legitimate grounds of the controller override the grounds of objection;
e) the right to transfer data - if the following conditions are jointly met:
• data processing takes place on the basis of an agreement concluded with the data subject or on the basis of the consent expressed by that person,
• the processing is carried out by automated means
f) the right to object to the processing of data - if the following conditions are jointly met:
• there are reasons related to your particular situation, in the case of data processing on the basis of a task carried out in the public interest or in the exercise of public authority by the Data Controller,
• processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, except where these interests are overridden by the interests or fundamental rights and freedoms of the data subject that require protection of personal data, in particular when the data subject is a child.
8) In situations where the processing of personal data takes place on the basis of the person's prior consent to the processing of personal data, in accordance with art. 6 sec. 1a of the GDPR Regulation, you have the right to withdraw this consent at any time. The withdrawal does not affect the compliance of the processing, which was carried out on the basis of consent before its withdrawal, with the applicable law.
9) In the event of learning about unlawful processing of your personal data at NATIVE HASH Sp. z o.o. based in Jasionka, address: Jasionka 954E, 36-002 Jasionka, you have the right to lodge a complaint with the supervisory authority competent in matters of personal data protection.
10) If the processing of personal data takes place on the basis of the consent of the data subjects, providing your personal data to the Data Controller is voluntary.
11) Please be advised that providing your personal data by you is obligatory if the basis for the processing of personal data is a legal provision or an agreement concluded between the parties.
12) At the same time, we would like to point out that your personal data may be processed in an automated manner and then they will not be profiled.
Pursuant to Article 13 (1) and (2) of the General Data Protection Regulation of 27 April 2016 (GDPR), I would like to inform you that:
1. The Controller of your personal data is NATIVE HASH Sp. z o.o. based in Jasionka, at Jasionka 954E, 36-002 Jasionka
2. At NATIVE HASH Sp. z o.o. there is a designated Data Protection Officer with whom you can contact in all matters regarding the processing of personal data and the exercise of rights related to data processing via e-mail, by sending a message to the e-mail address email@example.com;
3. Your personal data will be processed for marketing purposes based on your consent, in accordance with the legal basis - art. 6 section 1a of the GDPR and based on the legitimate interest of the PDA - Article 6. section 1f of GDPR.
4. Your personal data will be transferred to the company dealing with maintaining our accounts on social networks and websites, the company dealing with the implementation of advertising campaigns on the Google, Youtube, Instagram, Facebook, Tiktok networks and the hosting company.
5. Your personal data will not be transferred to countries outside the European Union.
6. Your personal data will be processed until your consent is revoked.
7. You have the right to access your data and the right to rectify, delete, limit processing, the right to transfer data and withdraw consent at any time, and if the basis for processing is a legitimate interest, you have the right to object
8. Providing your personal data by you is voluntary and contractual.
9. You have the right to lodge a complaint with the President of the Data Protection Office when you think that the processing of personal data violates the law.
10. Your data will not be processed in an automated manner or in the form of profiling.