PRIVACY POLICY
On the basis of what legal provisions are or may be processed your personal data?
1. "Personal data" - means any information relating to an identified or identifiable
natural person ("data subject"); an identifiable natural person is a
person who can be directly or indirectly identified, in particular on the basis
of an identifier such as name and surname, identification number, location
data, internet identifier or one or more specific physical, physiological,
genetic, mental factors, economic, cultural or social identity of a natural
person,
2. "Processing" - means any operation or set of operations which is performed on
personal data or on sets of personal data, whether or not by automated means,
such as collection, recording, organization, structuring, storage, adaptation
or alteration, retrieval, consultation, use, disclosure by transmission,
dissemination or otherwise making available, alignment or combination,
restriction, erasure or destruction,
3. "Controller" - means the natural or legal person, public authority, agency or
other body which, alone or jointly with others, determines the purposes and
means of the processing of personal data; where the purposes and means of such
processing are determined by Union or Member State law, the controller or the
specific criteria for its nomination may be provided for by Union or Member
State law,
4. "Joint
controller(s)" - Joint controller(s)
occurs when at least two Controllers jointly determine the purposes and means
of processing, they are Joint controllers (art. 26 GDPR),
5. "Supervisory authority" - means an independent public authority which is established by a
Member State,
6.
"Recipient" - means a natural or
legal person, public authority, agency or another body, to which the personal
data are disclosed, whether a third party or not. However, public authorities
which may receive personal data in the framework of a particular inquiry in accordance
with Union or Member State law shall not be regarded as recipients; the
processing of those data by those public authorities shall be in compliance
with the applicable data protection rules according to the purposes of the
processing,
7. "Processor" - means a natural or legal person, public authority, agency or other
body which processes personal data on behalf of the controller,
8. "Third
party" - means a natural or legal
person, public authority, agency or body other than the data subject,
controller, processor and persons who, under the direct authority of the
controller or processor, are authorized to process personal data,
9. "Third
country" - an entity outside the EEA
(European Economic Area) to which personal data is disclosed,
10. "Consent" - of the data subject means any freely given, specific, informed and
unambiguous indication of the data subject's wishes by which he or she, by a
statement or by a clear affirmative action, signifies agreement to the
processing of personal data relating to him or her,
11. "Privacy
Policy" - this document, presenting
information on the principles of personal data processing in accordance with
the substantive scope indicated in art. art. 13 GDPR - information clause
regarding the processing of personal data,
12. "Cookies Policy" - information on the use of cookies on the website run by the
Controller. The Cookie Policy is available on the Controller's website,
13. "GDPR" - Regulation (EU) 2016/679 of the European Parliament and of the Council
of 27 April 2016 on the protection of individuals with regard to the processing
of personal data and on the free movement of such data, and repealing Directive
95/46 / EC (General Data Protection Regulation: https://www.uoou.cz/obecne-narizeni-o-ochrane-osobnich-udaju-gdpr/ds-3938/p1=3938
Who does this Privacy Policy apply to?
This Privacy Policy
(hereinafter referred to as PP) applies to the processing of personal data of
natural persons.
Who is the
Controller?
Please be advised that Controller is 1C Publishing s.r.o, Karla Engliše 3221/2,
Smíchov, 150 00 Praha 5, Tax No.: CZ26688417,
Contact details to
the Controller
Please send inquiries
regarding the protection of personal data to the Controller by traditional mail
to the above-mentioned address or by e-mail to the address: dpo@1cpublishing.eu.
Data Protection
Officer
Please be advised
that the Controller has not appointed a Data Protection Officer. Inquiries
regarding the protection of personal data should be directed to the Controller
by traditional mail to the Controller's address or by e-mail to the following
address: dpo@1cpublishing.eu.
Information about
Joint controllers
1. Please be advised that the Controller runs a
fanpage(s) on Facebook (https://www.facebook.com/1CCompany).
2. Please be advised that in connection with running a
fanpage on FB, there is co-administration (Article 26 of the GDPR). The Joint
controllers with regard to personal data processed on the fanpage are or may
be:
1) 1C Publishing s.r.o.,
2) Facebook Ireland Limited, with its registered office
at 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland,
3. Please be advised that the Joint controllers made
common arrangements. Information on co-administration and responsibilities is
available at: https://www.facebook.com/legal/controller_addendum,
4. Please be advised that regardless of the arrangements
made between the Joint controllers, the data subject may exercise his rights
under the GDPR with respect to each of the data, Controllers separately,
5. Contact details to the Data Protection Officer:
1) please be informed that the Controller 1C Publishing
s.r.o. did not appoint the Data Protection Officer. Inquiries regarding the
protection of personal data should be directed to the Controller by traditional
mail to the Controller's address or by e-mail to the following address dpo@1cpublishing.eu,
2) contact details to the Data Protection Officer on
behalf of Facebook Ireland Limited are available at: https://cs-cz.facebook.com/privacy/explanation,
6. We hereby inform that due to the co-administration, the supervisory
authorities competent for the Controllers are:
1) for 1C Publishing s.r.o, - Úřad pro ochranu osobních
údajů, contact to the supervisory body is available at: https://www.uoou.cz/vismo/o_utvar.asp?id_u=10&p1=1059,
2) for Facebook Ireland Limited - Data Protection
Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland: https://www.dataprotection.ie/.
For what purposes is
or can your personal data be processed?
Personal data is or may be processed for the following
purposes:
We hereby inform that depending on the purpose of
processing, the scope of the indicated personal data may change.
How long will personal data be processed in accordance
with the storage limitation principle (personal data retention)?
Please be advised that personal data are or may be
processed for the period of:
|
No. |
Purpose of processing |
Lawfulness of processing |
Processing period |
|
1. |
Personal data processed for contact purposes -
replying to received correspondence |
1) art. 6 (1) f) GDPR - processing is
necessary for the purposes of the legitimate interests pursued by the
controller, |
1) until an objection to the processing is
submitted, 2) for a period of 10 years for internal
administrative purposes, |
|
2. |
Personal data processed in order to prepare and
present an offer in relation to own products and services |
1) art. 6 (1) a) GDPR - consent of the data subject, 2) art. 6 (1) f) GDPR - processing is necessary for
the purposes of the legitimate interests pursued by the controller, |
1) until the consent is withdrawn, 2) until an objection to the processing is
submitted, 3) for an indefinite period, |
|
3. |
Personal data processed for the purpose of sending
commercial information in relation to own products and services by electronic
means |
1) art. 6 (1) a) GDPR - consent of the data subject, 2) art. 6 (1) f) GDPR - processing is necessary for
the purposes of the legitimate interests pursued by the controller, |
1) until the consent is withdrawn, 2) until an objection to the processing is
submitted, 3) for an indefinite period, |
|
4. |
Personal data processed for the purpose of sending
marketing information in relation to own products and services by telephone
in the form of a voice call |
1) art. 6 (1) a) GDPR - consent of the data subject, 2) art. 6 (1) f) GDPR - processing is necessary for
the purposes of the legitimate interests pursued by the controller, |
1) until the consent is withdrawn, 2) until an objection to the processing is
submitted, 3) for an indefinite period, |
|
5. |
Personal data processed for the purpose of
Newsletter |
1) art. 6 (1) a) GDPR - consent of the data
subject, 2) art. 6 (1) f) GDPR - processing is
necessary for the purposes of the legitimate interests pursued by the
controller, |
1) until the consent is withdrawn, 2) until an objection to the processing is
submitted, 3) for an indefinite period, |
|
6. |
Personal data processed in connection with the
process related to the submission of offers (in response to inquiries) |
1) art. 6 (1) a) GDPR - consent of the data subject, 2) art. 6 (1) f) GDPR - processing is necessary for
the purposes of the legitimate interests pursued by the controller, |
1) for the duration of the offer, 2) until the consent is withdrawn, 3) until an objection to the processing is
submitted, 4) for a period of 10
years for internal administrative purposes, |
|
7. |
Personal data processed in connection with the
process related to the technical support for product using |
1) art. 6 (1) f) GDPR - processing is
necessary for the purposes of the legitimate interests pursued by the
controller, |
1) during the suport 2) minimum 3 years after the support is
closed, |
|
8. |
Personal data of participants processed in
connection with the organization and participation in organized conferences |
1) art. 6 (1) a) GDPR - consent of the data subject, 2) art. 6(1) b) GDPR - processing necessary to
conclude and implement the provisions of the contract (acceptance of the
provisions of the Regulations) 3) art. 6 (1) c) GDPR - legal regulations (in the
case of paid conferences), 4) art. 6 (1) f) GDPR - processing is necessary for
the purposes of the legitimate interests pursued by the controller, |
1) until the consent is withdrawn, 2) for the duration of the contract, 3) for the period resulting from legal provisions, 4) until an objection to the processing is
submitted, 5) for a period of 10 years for internal
administrative purposes, |
|
9. |
Personal data of participants processed in
connection with the organization and participation in the organized Webinar |
1) art. 6 (1) a) GDPR - consent of the data subject, 2) art. 6 (1)b) GDPR - processing necessary to
conclude and implement the provisions of the contract (acceptance of the
provisions of the Regulations), 3) art. 6 (1) c) GDPR - legal regulations (in the
case of paid conferences), 4) art. 6 (1) f) GDPR - processing is necessary for
the purposes of the legitimate interests pursued by the controller, |
1) until the consent is withdrawn, 2) for the duration of the contract, 3) for the period resulting from legal provisions, 4) until an objection to the processing is
submitted, 5) for a period of 10 years for internal
administrative purposes, |
|
10. |
Personal data processed in connection with the
process related to the Blog |
1) art. 6 (1) a) GDPR - consent of the data
subject, |
1) until users stop using the Blog, |
|
11. |
Personal data processed in connection with the
process related to the Forum |
1) art. 6 (1) a) GDPR - consent of the data
subject, 2) art. 6 (1) b) GDPR - processing necessary
to conclude and implement the provisions of the contract (acceptance of the
provisions of the Regulations), 3) art. 6 (1) f) GDPR - processing is
necessary for the purposes of the legitimate interests pursued by the
controller, |
1) until the consent is withdrawn, 2) until users stop using the Forum, 3) for the period resulting from legal provisions, 4) for a period of 10 years for internal
administrative purposes, |
|
12. |
Personal data processed in connection with
participation in competitions |
1) art. 6 (1) b) GDPR - processing necessary
to conclude and implement the provisions of the contract (acceptance of the
provisions of the Regulations), 2) art. 6 (1) c) GDPR - legal regulations (in
the case of paid conferences), 3) art. 6 (1) f) GDPR - processing is
necessary for the purposes of the legitimate interests pursued by the
controller, |
1) for the duration of the competitions, 2) for the period of 6 years after the competitions, 2) for a period of 10 years for internal
administrative purposes, |
|
13. |
Personal data processed in connection with age
confirmation |
1) art. 6 (1) c) GDPR - legal regulations, 2) art. 6 (1) f) GDPR - processing is
necessary for the purposes of the legitimate interests pursued by the
controller, |
1) until an objection to the processing is
submitted, 2) for the period resulting from legal provisions, |
|
14. |
Personal data processed in connection with the
exercise of rights in the field of personal data protection |
1) art. 6 (1) c) GDPR - legal provisions, 2) art. 6 (1) f) GDPR - processing is necessary for
the purposes of the legitimate interests pursued by the controller, |
1) for the period resulting from legal provisions
(for an indefinite period) 2) until an objection to the processing is
submitted,
|
Please be advised that the given periods of personal
data processing for individual processing purposes may change, among others, as
a result of amendments to the law or internal organizational changes.
Under what circumstances is the provision of personal
data a statutory or contractual requirement or a requirement necessary to enter
into a contract?
Please be advised
that providing personal data is:
Processing of personal data based on the consent of the data subject
Please be advised that in the case of processing
personal data based on the consent of the data subject (Article 6 (1) (a) of
the GDPR):
|
No. |
Purpose of processing |
Lawfulness of processing |
Art. 6 (1) a) GDPR |
|
1. |
Personal data processed in order to prepare and
present an offer in relation to own products and services |
1) art. 6 (1) a) GDPR - consent of the data subject |
The data subject has the right to withdraw
their consent at any time. Withdrawal of consent does not affect the
lawfulness of processing based on consent before its withdrawal. Withdrawal
of the consent granted should be reported to the e-mail address: dpo@1cpublishing.eu |
|
2. |
Personal data processed for the purpose of sending
commercial information in relation to own products and services by electronic
means |
1) art. 6 (1) a) GDPR - consent of the data subject,
|
|
|
3. |
Personal data processed for the purpose of sending
marketing information in relation to own products and services by telephone
in the form of a voice call |
1) art. 6 (1) a) GDPR - consent of the data subject, |
|
|
4. |
Personal data processed for the purpose of
Newsletter |
1) art. 6 (1) a) GDPR - consent of the data
subject |
|
|
5. |
Personal data processed in connection with the
process related to the submission of offers (in response to inquiries) |
1) art. 6 (1) a) GDPR - consent of the data subject, |
|
|
6. |
Personal data of participants processed in
connection with the organization and participation in organized conferences |
1) art. 6 (1) a) GDPR - consent of the data subject, |
|
|
7. |
Personal data of participants processed in
connection with the organization and participation in the organized Webinar |
1) art. 6 (1) a) GDPR - consent of the data subject, |
|
|
8. |
Personal data processed in connection with the
process related to the Blog |
1) art. 6 (1) a) GDPR - consent of the data
subject, |
1) is voluntary, and failure to provide
personal data will result in the inability to use the Blog |
|
9. |
Personal data processed in connection with the
process related to the Forum |
1) art. 6 (1) a) GDPR - consent of the data
subject, |
1) is voluntary, and failure to provide
personal data will result in the inability to use the Forum |
The processing of personal data based on the legitimate interest pursued by the Controller (processing is necessary for the purposes of the legitimate interests pursued by the controller)
Please be advised
that in the case of processing personal data based on the legitimate interest
pursued by the Controller (Article 6 (1) f) of the GDPR processing is necessary
for the purposes of the legitimate interests pursued by the controller):
|
No. |
Purpose of the processing |
Lawfulness of the processing |
Art. 6 (1) f) GDPR |
|
1. |
Personal data processed for contact purposes -
replying to received correspondence |
1) art. 6 (1) f) GDPR - processing is
necessary for the purposes of the legitimate interests pursued by the
controller, |
The legitimate interest of the controller is
the processing of personal data in order to answer the received
correspondence, inquiries - ongoing contact with the data subject, |
|
2. |
Personal data processed in order to prepare and
present an offer in relation to own products and services |
1) art. 6 (1) f) GDPR - processing is necessary for
the purposes of the legitimate interests pursued by the controller, |
A legally legitimate interest is considered to
be a binding relationship, including a business relationship, an ongoing
contract with the data subject and data processing for internal
administrative purposes, also in relation to the exercise of the rights of
data subjects in connection with the possibility of exercising the rights of
persons to whom data concern and provided for by law (e.g. documenting withdrawal
of granted consent), |
|
3. |
Personal data processed for the purpose of sending
commercial information in relation to own products and services by electronic
means |
1) art. 6 (1) f) GDPR - processing is necessary for
the purposes of the legitimate interests pursued by the controller, |
A legally legitimate interest is considered to
be a binding relationship, including a business relationship, an ongoing
contract with the data subject and data processing for internal
administrative purposes, also in relation to the exercise of the rights of
data subjects in connection with the possibility of exercising the rights of
persons to whom data concern and provided for by law (e.g. documenting
withdrawal of granted consent), |
|
4. |
Personal data processed for the purpose of sending
marketing information in relation to own products and services by telephone
in the form of a voice call |
1) art. 6 (1) f) GDPR - processing is necessary for
the purposes of the legitimate interests pursued by the controller, |
A legally legitimate interest is considered to
be a binding relationship, including a business relationship, an ongoing
contract with the data subject and data processing for internal
administrative purposes, also in relation to the exercise of the rights of
data subjects in connection with the possibility of exercising the rights of
persons to whom data concern and provided for by law (e.g. documenting
withdrawal of granted consent), |
|
5. |
Personal data processed for the purpose of
Newsletter |
1) art. 6 (1) f) GDPR - processing is
necessary for the purposes of the legitimate interests pursued by the
controller, |
A legally legitimate interest is considered to
be a binding relationship, including a business relationship, an ongoing
contract with the data subject and data processing for internal
administrative purposes, also in relation to the exercise of the rights of
data subjects in connection with the possibility of exercising the rights of
persons to whom data concern and provided for by law (e.g. documenting
withdrawal of granted consent), |
|
6. |
Personal data processed in connection with the
process related to the submission of offers (in response to inquiries) |
1) art. 6 (1) f) GDPR - processing is necessary for
the purposes of the legitimate interests pursued by the controller, |
A legally legitimate interest is considered to
be a binding relationship, including a business relationship, an ongoing
contract with the data subject and data processing for internal
administrative purposes, also in relation to the exercise of the rights of
data subjects in connection with the possibility of exercising the rights of
persons to whom data concern and provided for by law (e.g. documenting
withdrawal of granted consent), |
|
7. |
Personal data processed in connection with the
process related to the technical support for product using |
1) art. 6 (1) f) GDPR - processing is
necessary for the purposes of the legitimate interests pursued by the
controller, |
The legitimate interest of the controller is
the processing of personal data in order to the technical support for product using |
|
8. |
Personal data of participants processed in
connection with the organization and participation in organized conferences |
1) art. 6 (1) f) GDPR - processing is necessary for
the purposes of the legitimate interests pursued by the controller, |
The legitimate interest of the controller is
the processing of personal data in order to administrative issues related to
running the conferences, for administrative and internal management issues
also in case of the claims - if applicable |
|
9. |
Personal data of participants processed in
connection with the organization and participation in the organized Webinar |
1) art. 6 (1) f) GDPR - processing is necessary for
the purposes of the legitimate interests pursued by the controller, |
The legitimate interest of the controller is the
processing of personal data in order to administrative issues related to
running the Webinar, for administrative and internal management issues also
in case of the claims - if applicable |
|
10. |
Personal data processed in connection with the
process related to the Forum |
1) art. 6 (1) f) GDPR - processing is
necessary for the purposes of the legitimate interests pursued by the
controller, |
The legitimate interest of the controller is the
processing of personal data in order to administrative issues related to
running the Forum, for administrative and internal management issues also in
case of the claims - if applicable |
|
11. |
Personal data processed in connection with
participation in competitions |
1) art. 6 (1) f) GDPR - processing is
necessary for the purposes of the legitimate interests pursued by the
controller, |
The legitimate interest of the controller is the
processing of personal data in order to administrative issues related to running
the competitions, for administrative and internal management issues also in
case of the claims - if applicable |
|
12. |
Personal data processed in connection with age
confirmation |
1) art. 6 (1) c) GDPR - legal regulations, 2) art. 6 (1) f) GDPR - processing is
necessary for the purposes of the legitimate interests pursued by the
controller, |
A legally legitimate interest is the possibility of
exercising the rights of persons to whom data concern and provided for by law
and demonstrate the compliance with the GDPR regulations, |
|
13. |
Personal data processed in connection with the
exercise of rights in the field of personal data protection |
1) art. 6 (1) f) GDPR - processing is necessary for
the purposes of the legitimate interests pursued by the controller, |
A legally legitimate interest is to the
exercise of the rights of data subjects in connection with the possibility of
exercising the rights of persons to whom data concern and provided for by law and demonstrate the
compliance with the GDPR regulations, |
Disclosure of
personal data by the Controller
We hereby inform that
personal data is or may be disclosed by the Controller:
1) disclosed to data recipients providing services to the
Controller pursuant to art. 28 GDPR – Data Processing Agreement.
Depending on the purpose of personal data processing, the categories of data
recipients may be: IT infrastructure providers (software and hardware), website
hosting, tools for conducting meetings, conferences, online webinar, external
recruiting companies. The list of the processors to whom the Controller
entrusts the processing of personal data is available at the request of the
data subject,
2) disclosure of data to recipients cooperating with
the Controller. Depending on the purpose of personal data processing, the
categories of recipients to whom personal data may be disclosed are entities
operating in the field of audits, postal services, courier services, law
offices. We would like to inform you that after disclosing personal data, the
data recipient becomes the Controller. The list of recipients to whom the
Controller discloses personal data is available at the request of the data subject,
3) disclosure of data to recipients who are public /
state authorities. Depending on the purpose of personal data processing,
the categories of data recipients may be such bodies as the Tax Office, Police,
courts, the Supervisory Authority or other entities to which the Controller
discloses personal data under applicable law. Please be advised that after
disclosing personal data, their recipient becomes the Controller of the data.
The list of recipients to whom the Controller discloses personal data is available
at the request of the data subject,
4) disclosure of personal data to third parties.
The list of third parties to whom the Controller discloses personal data is
available at the request of the data subject.
Transferring personal data to a third country (i.e. outside the EEA)
1.
Please be advised
that personal data may be transferred to a third country, i.e. outside the EEA.
In the event of transferring personal data outside the European Economic Area,
such transfer may only take place on the terms set out in Chapter V of the
GDPR:
1)
pursuant to art. 45
GDPR - transfer based on an adequacy decision,
2)
pursuant to art. 46
GDPR - transfer subject to appropriate safeguards, including the use of
standard data protection clauses adopted by the European Commission,
2.
We hereby inform that
the transfer of personal data outside the EEA may involve the risk of not
ensuring sufficient security of personal data. In the event of a risk related
to the transfer of personal data outside the EEA, the Controller provides such
information in this Privacy Policy,
3.
Please be advised
that the list of entities outside the EEA to which the Controller discloses
personal data is available at the request of the data subject,
4.
List of entities that
may transfer personal data outside the EEA, which may not provide sufficient
protection of personal data provided for in the GDPR:
|
No. |
The name of the entity |
Link to information |
The risk related to the transfer of data
outside the EEA and the negative effects that may arise for the data subject |
|
1. |
Facebook |
1) unauthorized
access to data, 2) loss of control
over your data, 3) no possibility
of exercising the rights under the GDPR, 4) other, negative effects indicated in recital (75)
of the preamble to the GDPR: material and non-material effects, |
|
|
2. |
LinkedIn |
1) unauthorized
access to data, 2) loss of control
over your data, 3) no possibility
of exercising the rights under the GDPR, 4) other, negative effects indicated in recital (75)
of the preamble to the GDPR: material and non-material effects, |
|
|
3. |
Twitter |
1) unauthorized
access to data, 2) loss of control
over your data, 3) no possibility
of exercising the rights under the GDPR, 4) other, negative effects indicated in recital (75)
of the preamble to the GDPR: material and non-material effects, |
|
|
4. |
YouTube |
1) unauthorized
access to data, 2) loss of control
over your data, 3) no possibility
of exercising the rights under the GDPR, 4) other, negative effects indicated in recital (75)
of the preamble to the GDPR: material and non-material effects, |
|
|
5. |
Google |
1) unauthorized
access to data, 2) loss of control
over your data, 3) no possibility
of exercising the rights under the GDPR, 4) other, negative effects indicated in recital (75)
of the preamble to the GDPR: material and non-material effects, |
|
|
6. |
Google Maps |
1) unauthorized
access to data, 2) loss of control
over your data, 3) no possibility
of exercising the rights under the GDPR, 4) other, negative effects indicated in recital (75)
of the preamble to the GDPR: material and non-material effects, |
What are the rights of the data subject?
We would like to
inform you about the right to request the Controller to exercise the following
rights:
1)
the right to access
personal data relating to the data subject,
2)
the right to rectify
personal data,
3)
the right to delete
personal data (erasure of personal data),
4)
the right to limit
the processing of personal data (restriction of processing),
5)
the right to object
to the processing,
6)
the right to transfer
data (the right to data portability),
7)
the right to receive
a copy of your personal data,
8)
the right to lodge a
complaint with the supervisory body.
Please be advised
that due to the individual purposes of processing listed in this Cookie Policy,
the exercise of the rights of data subjects may be fully or partially limited,
e.g. due to applicable law, which obliges the Controller to process them. Please send inquiries regarding the protection of
personal data to the Controller by traditional mail to the above-mentioned
address or by e-mail to the address: dpo@1cpublishing.eu.
Who is the supervisory authority?
1. We would like to inform you about the right to lodge a
complaint to the supervisory body, i.e. to the - Úřad pro ochranu osobních
údajů, contact to the supervisory body is available at: https://www.uoou.cz/vismo/o_utvar.asp?id_u=10&p1=1059,
2. In the case of co-administration with Facebook Irland
Limited, we would like to inform you that the supervisory body is Data Protection
Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland (as
amended): https://www.dataprotection.ie/.
Information on automated decision making, including
profiling
Please be advised
that by entering the Controller's website, you are not subject to automated
decision making, including profiling. Information on the data cookies used by
the Controller is available in the Cookie Policy available on the website as a
separate document: https://www.1cpublishing.eu/cookies
What is the source of the data?
1) come directly from the data subject,
2) come indirectly from the data subject. The source of
personal data may be publicly available registers. Personal data may come from
a legal entity that provides personal data of persons designated on behalf of
the legal entity to represent it or to contact it, or to implement the
provisions concluded between the parties.
What scope of personal data is processed?
The Controller processes personal data to the extent
necessary to achieve the purposes of processing indicated in the Privacy
Policy. In accordance with the principle of minimization, we process only the
scope of personal data necessary to achieve the purpose of processing.
How do we secure
personal data?
Please be advised that in order to protect privacy and
personal data, the Controller has implemented appropriate physical, technical,
organizational and legal measures to ensure the security of personal data
processing and to ensure the implementation of the rights and freedoms of
natural persons.
Processing of personal data using social media or
platforms
a)
Facebook,
b)
LinkedIn,
c)
Twitter,
d)
YouTube,
e)
Steam store,
f)
Discord,
2. Please be noted that the Controller is responsible for
the processing of personal data only to the extent to which he decides about
the purposes and means of processing personal data via the fanpage,
3. Please be advised that using the above-mentioned
fanpage, information on the processing of personal data is available at the
following links:
|
No. |
Entity name |
Link to information |
|
1. |
Facbook |
|
|
2. |
LinkedIn |
|
|
3. |
Twitter |
|
|
4. |
YouTube |
|
|
5. |
Steam
store |
https://store.steampowered.com/privacy_agreement |
|
6. |
Discord |
https://discord.com/privacy |
References
to other sites
1. Please be advised that the website of the Controller
may contain references to other websites (e.g. business partners cooperating
with the Controller).
2. Please be advised that the Controller is not
responsible for the processing of personal data of other websites. Information
on the processing of personal data is made available by the Controllers to
which the abovementioned websites belong.
Processing of personal data via sales platforms
1. Please be advised that the Controller, as part of
cooperation with such sales platforms as Amazon or Allegro, may process
personal data in connection with the offer of products and services.
2. Information on the processing of personal data to the
extent to which the Controller determines the purposes and means of the
processing of personal data, is available in the dedicated Privacy Policy
provided by the Controller on the sales platform - if applicable.
Personal data breach
notifications
We hereby inform that pursuant to Art. 34 GDPR, in the event of a breach of personal data protection that may result in a high risk of violation of the rights or freedoms of natural persons, the Controller shall notify the data subject of such a personal data breach without undue delay. Please be advised that pursuant to Art. 34 GDPR, personal data may be processed in connection with the personal data breach referred to above. Please be noted that the legal basis for the processing of personal data is art. 6 sec. 1 lit. c) GDPR. Please be advised that in the event of a personal data breach, the Controller will take all possible and available technical and organizational measures to meet the requirements set out in art. 33 and art. 34 GDPR.