I. What data do we collect?
The scope of the data we process depends on the context of their collection and on the purposes of their processing.
If you are asked to give your Personal Data, you have the right to refuse. And if you decide against providing the data required to use a particular Service or Mobile App, you may be unable to use some of its elements or to order some Service plans.
1. Data you give us directly
We receive some data directly from you, for instance when you are filling out a contact form, managing the Account, filling out your profile details, enrolling on a webinar organised by Act&Match.
The Personal Data we receive from you include primarily first name, last name, e-mail address and other contact details.
You may also post various files and data during an Event held using our Service, which includes importing your contacts and building the list of Users – if you do this, we will process such data for you. For instance, if you want to present presentations during an Event, you must first add the file to the Service Account, and we must download the content of that file to allow you to display the presentation to the Participants during the Event.
2. Data received from third-party entities
We also receive data from third-party sources. They may include:
- social media and Google or Microsoft, for instance if you are giving us access to data in your mail account or social media network when you are creating an Account;
- the partners whom we work to deliver marketing content;
- publicly available sources, such as the Central Registration and Information on Business (CEiDG) database or the National Court Register (KRS);
- Participants of Events organised through the Service, whether you participate in them or organise them.
3. Data obtained automatically during the use of the Website or the Services
Whenever you use our Services, the Mobile App or the Website, also as an Event Participant, we record your visits and your interactions with Services, the Mobile App or the Website. They include data about your use of the Service, the Mobile App or the Website, the performance of our Services, the Mobile App and the Website, the functionalities you use, the Website pages your visit and the links or content you click, the setting you choose, the problems that arise during your use of the Services, the Mobile App or the Website. These activities are saved for instance in our system and application logs. In connection with the above activities, we may receive information about the URL address of the website from which you are coming and of the destination website when you leave the Website or stop using the Service. We also receive information about your IP address, the proxy server, the operating system, the web browser, general location data (not based on GPS).
Furthermore, when you contact us for troubleshooting or support, we collect detailed data connected with the incident you are reporting, including information about the condition and configuration of your device and Service at the moment of error occurrence and analysis.
We treat all the above information as Personal Data when they are tied to your Service Account or with other “hard data” that identify you directly. Otherwise such data are in principle non-personal data.
4. Cookies and similar technologies
Cookies represent a technology that saves data and collects them from the devices which you use to visit our Website or use the Service. Cookies are created automatically by the web browser you use and they can only be read by the site from which they come from.
II. How do we use your data? Your data and how we process them.
The rules that govern the processing of your data differ depending on whether you are our Customer or a Website or Mobile App User. The purposes, scope of the data we process and legal grounds of such processing vary. Below you will find information about the processed data in relation to the particular purposes for which we need them.
1. In order to provide services
We process your data because this is required for you to use the Service, the Mobile App or Website. In other words, for you to be able to register as a Customer, use the Mobile App or order our materials as a User, we must process your Personal Data because otherwise we would be unable to provide you with the service you request (necessity for contract performance or service provision).
Act&Match service provision includes the following actions: account creation and Customer authentication on the Website, as well as Service provision, rendering the Mobile App available and delivery of the content ordered by Users, also Users who do not have an account but use the Website, actions taken to provide Customer and User service, complaint examination, invoicing, fee collection, exercise of claims, if any, and Service quality control.
What data do we use and what for?
For Account creation and Customer or User authentication we use:
- Registration data (i.e. e-mail address, first name / business name, address, phone number) and your password (hashed).
To provide you with Service (i.e. once you have logged into the Account as our Customer or a person authorised by our Customer), we process the following data:
- Data specified in Account details.
- Personal Data contained in the content submitted or shared by the Customer through the Service or uploaded to the Account.
2. Legitimate business interests
We process data for purposes connected with our legitimate interests, depending on the types of ties between us and our Customers or Users.
What data do we use and what for?
a) For analytical and development purposes. To manage Service, Mobile App and Website use statistic, to improve and facilitate Service, Mobile App and Website use and to ensure the IT security of the Service, Website and Mobile App, we process the following data:
- E-mail address, if provided
- Data generated automatically in connection with your activity on the Website, the Mobile App or in the Service.
We believe that we have a legitimate interest in analysing the Service, Mobile App and Website performance, their use and the satisfaction of our Customers and Users. We also believe that the processing of such data is beneficial to our Customers and Users as our goal is to improve the Website performance and provide higher quality of Service and the Mobile App.
b) To the claim and defence of rights. If necessary, we process the following data for the establishment, pursuit, exercise or defence of legal claims in court and before other state authorities:
- Data specified in Account details.
- Data regarding Service, Mobile App or Website use insofar as required to establish a claim,
- Other data as required to prove the existence of a claim, including the extent and circumstances of damage.
We believe that we have a legitimate interest in data processing where required for us to claim damages in connection with Service, Mobile App or Website use that is unlawful or in violation of the Terms of Service or to defend against claims raised by Customers, Users or third parties.
c) To answer questions. To handle your questions, requests and complaints, if any, we may process the following data you have provided:
- Data specified in Account details.
- Data regarding your activity within the Service, the Mobile App or Website that are related to your question, request or complaint.
- Data included in the question, request or complaint and in the enclosed materials.
We believe that we have a legitimate interest in replying to the requests or questions you have submitted through the existing contact channels. We assume that the processing of such data is also beneficial for you because it allows us to properly assist and reply to your communications.
d) To check customer satisfaction and improve Services. We may process the following data to check the satisfaction from and facilitate and improve the use of the Service, Mobile App or Website:
- First name and e-mail address.
- Replies to our questions contained in surveys and forms used in the study.
We believe that we have a legitimate interest in checking whether our Customers and Users are satisfied and how we could improve the quality of the Website and our Services.
e) For fraud prevention. We may process the following data to prevent, detect and fight fraud and violations, to protect our Customers and Users from such fraud and to ensure network and information security:
- Data specified in Account details.
- Data regarding the activity on the Website, the Mobile App or in the Service insofar as required to analyse and verify a potential fraud or violation.
We believe that we have a legitimate interest in conducting the required verifications to detect and prevent potential fraud and violations. We understand that the processing of such data is beneficial for everyone, and in particular for you and your clients, because it helps us establish the measures to protect your and your recipients against transmission of malware, attempts to disrupt your Events or fraud attempts by third parties.
III. Who we disclose your data to
1. Data disclosure within the Service
Profile Page – the data on your profile page are fully visible outside the Service area (e.g. to users of third party search engines). We believe that default settings where the profile page is public are expected and beneficial for you, your Participants and invitees because this helps you promote your activity and planned Events online and the concerned parties obtain the required information about you and your planned public Events. You may decide about the availability of your profile website at any time and about the visibility of some of its parts through your Account settings.
Events – if you participate in an Event organised through the Service, your first and last name, if you provided it during registration for the event, as well as any information you provide on chat during the Event chat may be visible to other Participants of the Event. Additionally, if you are a Presenter or the Event Presenter gives you an audio or video transmission authorisation, your voice or image will be shared with other Participants of that Event. The Event host may decide to share the Event recording with a broader audience, for instance to publish it on his/her YouTube channel or carry out a live broadcast – in such case other people will be able to see your Personal Data visible in the recording.
2. Other data recipients
We transfer your data to the following categories of recipients:
- Processors. We use providers who process your Personal Data only at our instruction, as processors acting on our behalf. They provide services covering certain functionalities of the Service (sending e-mails), hosting services, Customer service support and services connected with security incident tracing and response, troubleshooting and problem solving in the Service or on the Website, for the purpose of Website traffic analysis and analysis of the success of marketing campaigns.
- Other controllers. We work with entities who do not act exclusively on our instructions and who independently establish the purpose and methods of processing your Personal Data or non-personal data, for instance payment institutions that enable you to pay for the Service online. We use the services of such third parties (controllers) also to reach you with our marketing communications outside the Website. Their services involve presenting our marketing communications to you on websites other than the Website. To that end, the third-party controllers install e.g. a code or pixel to collect information about your activity within the Website or the Service.
- Public authority. We provide your Personal Data if requested by competent public authorities in connection with their legal obligation to perform a public function. We provide the data exclusively at a written request of the authority filed on a case-by-case basis.
In addition, we may share information that does not represent Personal Data with the public, especially in the form of aggregate information about trends in Website, Service and Mobile App use, and communicate them to other partners, including publishers and providers of analytical technologies. We also allow specific providers to collect data from your browser for advertising and measurement purposes using cookies or similar technologies.
IV. Cookies and similar technologies
1. Can you disable cookies and other similar technologies and how?
We mention this first – you may accept and disable cookies and other similar technologies used by us and our service providers on your own at any time.
Depending on the technology used – the data storage, the disabling may take place either through web browser settings or through the opt-out option available on the service provider’s site. Detailed information about changes of settings and configuration of the web browser and the opt-out mechanism is provided below.
How can you disable cookies?
The web browser you use most probably allows cookies by default but you can change this any time. But remember that change of settings may cause problems with proper use of certain Website or Service elements and block proper upload of page, especially where logging in to the Account is required.
The method of disabling cookies depends on your web browser. Please read below how you can disable cookies on your device in Google Chrome, Firefox, Safari, Opera, Edge and Internet Explorer.
How to disable other technologies?
Solution providers whose services we use on the pages of our websites allow the User to disable the default settings of a service – through opt-out function. You will find the list of the providers of such solutions along with addresses of sites with more information about the possibility of disabling them here.
2. Cookies and similar technologies – types
As we have mentioned, cookies represent a technology that saves data and collects them from the devices which you use to visit our Website or use the Service.
Aside from cookies on the Website and within the Service, we and the providers of the tools and services that we use apply other technologies that allow to save information in your system/web browser through data storage (Session Storage, Local Storage, IndexedDB).
We also include within the Website and the Service partial codes of the analytical tools we receive from other providers that permit saving cookies or other technologies in the domains of those services. We use these solutions to monitor the quality of our Services, Mobile App and Website functionality, their performance and to monitor the behaviour of Customers and Users. See below for a description of the types of cookies and similar technologies.
|TECHNOLOGY TYPE||DESCRIPTION of application|
|Session cookies||Session cookies are created in the system-user browser each time a user session is created, i.e. after the browser connects with the site.
Session cookies expire after the user session expires – e.g, after the web browser window is closed. The information contained in session cookies are then automatically deleted.
|Persistent cookies||Persistent cookies are created in the system – in the user’s browser after the first visit on the site or after completing a certain action.
Unlike session cookies, persistent cookies are not deleted upon the end of the user’s session. Persistent cookies are deleted by the user’s browser automatically after a specific period. They can also be deleted manually by the user.
|Session Storage||Data storage with the same function as cookies but with much larger data capacity (cookies have limitations connected with their quantity and the quantity of the data they can contain). Information from Session Storage is recorded and read only if clearly requested by the server, and sent to the website user’s browser. The data gathered in Session Storage are deleted just like session cookies – after the browser window is closed.|
|Local Storage||Data storage for information that are kept permanently in the system/web browser of the user until deleted. Data saved in Local Storage are not automatically available through the web server presenting a particular site but by relevant scripts (java script, flash) placed on the website or sent to the user’s browser from other servers (e.g. through placement of a partial code coming from another web server – Facebook, Twitter, Google social media icons).|
|IndexedDB||Data storage representing an internal database of a web browser that is used to store large data quantities. The storage makes it possible to store data in a structured form and as files. Data stored as objects to which access is limited only for specific data sources – the domains or subdomains from which they were saved.|
In the area of the Website we use the services provided by HotJar Ltd., which involve providing aggregate information in the form of a heatmap and conversion path, recording the User’s movements on the site, conducting research and surveys on our websites. The privacy protection rules for the HotJar service are available on https://www.hotjar.com/privacy. According to the privacy protection rules, HotJar’s service does not entail collecting and processing any User information considered as Personal Data.
At the same time, the use of anonymous cookies and similar technologies allows us to present better content without the need to send surveys and act through trial and error. We are able to define what can be easily improved and which elements to avoid, which ultimately renders our Website, the Mobile App and Services more user-friendly. Below you will find a detailed description of use of particular technologies.
|PURPOSE||TECHNOLOGY TYPE||SCOPE OF USE|
|Analytics and statistics||Cookies Local Storage Session Storage IndexedDB||The information processed in such storage is used for analysing, developing statistics, monitoring the behaviour of Users and Customers on the Website and in the Services, and presenting our advertisement (on our Website and on other sites managed by the marketing platforms we use), which ultimately helps us improve the Website and the Services.|
|User authorisation||Cookies; Storage||The information processed in such storage is used for User authorisation in the IT System of the Service or Mobile App. With the information contained in such storage, we are able to properly recognise a Service or Mobile App User.|
|Service configuration||Cookies; Local Storage||The information processed in such storage is used to store the preferred settings you have chosen within the Website, the Mobile App and the Services. With the information contained in such storage we can memorise the settings and configuration of the Website, the Mobile App and the Services and of selected elements, page views.|
|Interface language settings||Cookies; Storage||The information processed in such storage is used to store the Website, Mobile App or Service language settings you have chosen. With the information contained in such storage we can always display the right language version for you.|
|Advertising||Cookies;||The information processed in such storage is used to deliver general advertising to the Users and the Customers as well as advertising matching their preferences.|
V. Your rights. You have control over your data
1. General Information
We make sure that our Customers and Users can exercise their rights concerning their data.
You may exercise your rights by submitting your request through the contact form or to the following email address firstname.lastname@example.org. All you need to do is to inform us about the reason behind your request and specify the right you want to exercise.
If you have an Account in the Service, you can exercise some of your rights directly in Privacy Settings after you log in to your Account. Please remember that if you change your Privacy Settings, it may take us a little time to apply your changes in our systems for technical reasons. That’s why during this time our system may for example still send you an email message you have unsubscribed from while your settings are being updated.
If we decide this is necessary for identification purposes, we may ask you some additional questions or ask you to provide us with additional documents to confirm your identity.
2. Right to give and withdraw your consent
If we ask for consent, you can always choose whether to give it or not. In addition, you may withdraw any consent you have granted while creating an Account or using the Website at any time. This also applies to:
- receive commercial information by electronic means to your e-mail address,
- to the collection of your data through cookies.
Consent withdrawal is effective as of the moment of it being withdrawn. Your withdrawal does not affect any prior processing of your data. Consent withdrawal does not have any negative consequences for you. Still, you may become unable to further use some functionalities of the Service or Website which the law only allows us to provide if we have your consent (e.g. the newsletter).
You can withdraw your consent by email to email@example.com
3. Right of access
You have the right to receive information on whether or not we process your Personal Data from us. If we do, you have the right to receive:
- information about the rules according to which we process your Personal Data,
- access to your Personal Data,
- a copy of your Personal Data.
If you have your Account in the Service, you are able to obtain direct access to the majority of your Personal Data at any time after logging in the Account.
We will not charge you for the first copy of your data. For any other requests for copies of data, we may charge a fee corresponding to the administrative costs connected with preparing that information.
4. Right to rectification
You have the right to demand correcting and completing Personal Data you have provided. You may do this on your own in Privacy Settings in your Account. In respect of other Personal Data, you have the right to request that we rectify them (if they are incorrect) or supplement them (if they are incomplete).
5. Right to erasure (“right to be forgotten”)
In the cases specified by the law, you have the right to request that we erase the Personal Data that concern you. We will treat a request to erase all Personal Data as a request to delete your Account.
You have the right to request Personal Data erasure if:
- the data processing violates the law or if we have to erase the data to satisfy a legal obligation,
- your Personal Data are no longer required for the purposes for which they were processed,
- you withdrew your consent to Personal Data processing (insofar as the consent represented a legal ground for the processing),
- you have objected to the processing of your Personal Data for marketing purposes,
- you have objected to the processing of your Personal Data for the purpose of statistics regarding Service or Website use and satisfaction research, and the objection was considered justified.
We will retain some of your Personal Data despite your request to erase them if this is required for us to satisfy a legal obligation or for the establishment, exercise or defence of claim. This applies in particular to such Personal Data as: first name, last name, e-mail address, history of using the Service or Website; we retain this data for the purpose of examination of any complaints and claims connected with the use of the Service or Website.
6. Right to restriction of processing
You have the right to request restriction of the processing of your Personal Data. If you make such a request, you will be unable to use certain functionalities of the Service, the Mobile App or Website until your request is considered if the use of such functionalities will entail the processing of the data covered by the request. We will not send you any communications, including marketing communications, either.
You have the right to request restriction of the use of your Personal Data:
- When you question the correctness of your Personal Data – we will then limit their use for the time required to check the correctness of your data but not for more than 30 days,
- If the processing of your data is unlawful, and you request restriction of processing instead of data erasure,
- When your Personal Data are not longer required for the purposes for which we have collected or used them but you need them to establish, exercise or defend claims.
- If you have objected to the use of your Personal Data – the restriction then takes place for the time required to determine whether, due to your particular situation, the protection of your interests, rights and freedoms overrides the interests we pursue by processing your Personal Data.
7. Right to object to data processing
You have the right to object to the use of your Personal Data if we process your Personal Data based on our legitimate interests.
If your objection turns out to be justified and we will have no other legal ground to process your Personal Data, we will delete the data to the processing of which you objected.
8. Right to data portability
If you have created an Account with us or agreed to the processing of your Personal Data, you have the right to receive the Personal Data that concern you which you have provided to us in a structured, commonly used, machine-readable and interoperational format that permits sending them to another controller. We will send you your Personal Data in the form of a csv file. The csv format is a commonly used, machine-readable format that permits sending the received Personal Data to another controller.
If technically feasible, you have the right to request that we send your Personal Data directly to anther controller. Just remember that controllers are not legally obligated to keep technically compatible processing systems.
VI. Other useful information
1. Do I have to give Act&Match my data?
We sometimes ask you for your Personal Data. Some data (marked as mandatory) in registration forms are required for Account registration or sending of the ordered materials or for participation in an event of your choice. Their consequence is inability to use some or all of the Website, the Mobile App or Service functionalities. Any data other than mandatory and Data specified in the Account details are given on a voluntary basis.
2. How long do we retain your data?
If you are our Customer, we retain the Personal Data of third parties which you have provided to us for processing for as long as you have an Account in the Service. After Account cancellation, your data will be retained for 30 days, only to allow you to reactivate your Account, should you wish to do this. As regards Expired Accounts the storage period is extended to 90 days from Account deactivation date. By doing this we want to allow you to renew your Service subscription smoothly, that is without losing data, without the necessity to re-configure the Account or uploading the Content again. During that time, your data will only be processed for your account and they will not be subject to any other operations, unless we are otherwise required under applicable laws or by competent authorities. After that time, we will delete your Personal Data from the main database, without the possibility to recover it. In the next 120 days, your Personal Data will be subject to encryption and stored in backup copies only. The said 120-day period is required to delete the Personal Data completely due to the specifics of the backup copy operations.
We retain data of Users who are not our Customers for the time corresponding to the life cycle of the cookies or similiar technologies saved on their devices.
We will process the Personal Data of our newsletter subscribers or those who have agreed to receive commercial information from us until they unsubscribe from the newsletter or the commercial information.
Upon the expiry of the above periods, your Personal Data will be anonymised, except for the following data: first name, last name, e-mail address, history of Service use, information about the consents granted – we will retain such data for another period as required for the purpose of complaint examination, compliance with accounting and tax legislation and handling of claims connected with the use of the Service, the Mobile App or the Website or communication sent.
3. Why do I enter into a personal data processing agreement with Act&Match ?
If you are our Customer and you run a business within the European Economic Area or in any other cases where the GDPR applies to your business, you entrust to Act&Match the processing of the Personal Data needed for Service provision.
In respect of the Personal Data you entrust to us for processing, you are the one to decide about the purposes and means of processing such data as their controller or you act on behalf of the controller of such data. Make sure you have secured consents to the processing of the data which you entrust to us.
4. Does Act&Match process personal data of children or special categories of data?
Acting as a data controller, we do not process the Personal Data of children and we do not collect special categories of data.
The Service, the Mobile App and the Website are addressed to people of legal age, that is over the age of 18 (eighteen) and those who run a business. By commencing the use of the Service, the Mobile App or Website, you declare that you are 18. If you are a minor, please do not give us any information, Personal Data in particular.
If you entrust us with the processing of special categories of Personal Data or Personal Data of children, you represent that you have the legally required consents to the processing of the special categories of Personal Data listed in Article 9 of the GDPR, the Personal Data relating to criminal convictions and offences referred to in Article 10 of the GDPR and Personal Data of children, or you have other valid legal ground for such Personal Data processing and that you consider the security measures put in place by Act&Match subcontractor as sufficient for the protection of the entrusted Personal Data.
5. How does Act&Match protect my Personal Data?
We have put appropriate and sufficient measures in place to ensure the security of your Personal Data. The Website uses encrypted data transmission (SSL, secure socket layer) during registration and logging in, which ensues the protection of any data that may identify you and makes it much harder to intercept the access to your Account by unauthorised systems or persons.