Engagements RGPD

Engagements RGPD et traitement des données personnelles par Act&Match

1. Données personnelles

ACT&MATCH agit en qualité de responsable du traitement des données personnelles de ses Clients dans les conditions définies au présent article aux fins de l’exécution de ses obligations contractuelles. Dans le cadre de la connexion à l’interface opérée par le prestataire, ce dernier peut intervenir en qualité de co-responsable du traitement dans les conditions définies par les conditions d’utilisation applicables.

1.1. Généralités concernant les Données personnelles du Client

Les Données personnelles désignent les données se rapportant à l’Abonné qui permettent de l’identifier, directement ou indirectement, au sens de la Loi Informatique et Liberté du 6 janvier 1978 modifiée et du règlement européen 2016/679 (« RGPD »), telles que ses noms et prénoms, son adresse, son numéro de téléphone, son adresse email.

L’accès à la Plateforme et aux services est conditionné à la création par l’Abonné d’un compte utilisateur. Les données collectées dans le cadre de cet accès sont collectées et traitées conformément aux dispositions françaises et européennes en vigueur et seront accessibles par ACT&MATCH, ainsi qu’à ses cocontractants dans le cadre de l’exécution des obligations contractuelles prévues dans le présent Contrat.

1.2. Accès aux données personnelles

ACT&MATCH permettra l’accès aux données personnelles renseignées par le Client sur son compte utilisateur aux catégories de destinataires suivants :

Certains prestataires de services chargés d’intervenir dans le cadre de l’exécution de certaines obligations contractuelles aux termes du Contrat tels que le fournisseur de l’interface ClickMeeting, des hébergeurs, des équipes marketings, et des sous-traitants.

Toute autorité publique ou privée à laquelle la loi lui impose de communiquer certaines informations.

ACT&MATCH ne fournit à ces destinataires que les informations dont ils ont besoin pour l’exécution de leurs prestations. ACT&MATCH exige de ces destinataires qu’ils gardent ces informations confidentielles et qu’elles ne soient utilisées que pour l’exécution de leurs prestations.

En tout état de cause, chaque destinataire de données personnelles s’engage à respecter la règlementation applicable, particulièrement le RGPD, et à mettre en œuvre toutes les mesures techniques et organisationnelles appropriées pour s’assurer et être en mesure de démontrer que le traitement est effectué conformément à la règlementation.

1.3. Traitement des Données personnelles du Client

ACT&MATCH ne traitera les données personnelles que selon les finalités suivantes :

  • Authentifier le Client et mettre en œuvre les Webinars ;
  • Exécuter ses obligations contractuelles conformément au contrat liant le Client et ACT&MATCH ;
  • Gérer la relation commerciale entre ACT&MATCH et le Client ;
  • Traiter les demandes d’accès, de rectification, d’opposition, d’effacement, de limitation et de portabilité des données personnelles ;
  • Gérer les paiements et les litiges ;

Les données personnelles ne seront pas conservées par ACT&MATCH au-delà d’une durée de 3 ans à compter de la fin de la relation contractuelle, ce qui est nécessaire pour lui permettre d’exécuter ses obligations contractuelles et pour le traitement de tout litige ou procédure judiciaire, dans les conditions prévues par les dispositions applicables.

1.4. Les droits du Client concernant ses données personnelles

Le Client dispose d’un droit permanent d’accès, de rectification, d’opposition, d’effacement, d’opposition et de portabilité de ses données personnelles, conformément aux dispositions applicables.

Si les données personnelles sont traitées à des fins de marketing direct, le Client peut exercer son droit d’opposition à tout moment concernant cette finalité, incluant le profilage lié à ce type de marketing. Dans ce cas, ses données personnelles ne seront plus traitées à des fins de marketing direct.

En cas de questions complémentaires relatives à la protection de ses données personnelles et à leur traitement, le Client peut exercer ses droits en contactant son interlocuteur habituel chez ACT&MATCH.

Pour toute demande formulée auprès d’ACT&MATCH, le Client peut adresser un e-mail en détaillant sa demande à : mgiraud@actandmatch.com

Le Client a également la possibilité de prendre contact avec l’autorité compétente, comme la CNIL, s’il estime utile de lui faire part de son mécontentement quant à la façon dont sont traitées ses données personnelles.

Engagements RGPD et traitement des données personnelles par le sous-traitant d’Act&Match

  1. YOUR RIGHTS. You have the right to gain access, correct or delete your Personal Data. In some cases, you may also have other rights, such as the right to withdraw your consent, to object to the use of your data or the right to data portability, as explained in detail below.
  2. WHAT PERSONAL DATA WE PROCESS. We process data to provide the highest standard of service to our Customers and Users and to efficiently do business. The scope of the collected data and how they are used depend on how you use the Website and services, and on your privacy settings. We collect data that you give us yourself, for example while filling out the form on the Website, logging in the Mobile App, enrolling on our webinar or creating a Service Account. We also collect the content and data you create, send and receive from other Users. We collect information about the applications, browsers and devices you use to access the Website or our Services, as well as about their interactions with the Website or the Services. We also receive data from third parties.
  3. WHY WE PROCESS YOUR DATA. As the data controller, we will process your data for example to allow you to create an Account, provide you with our Service
  4. WHO WE DISCLOSE YOUR DATA TO. We disclose your data to service providers who support or assist us. These are companies from the group of affiliates or third parties with whom we have entered into appropriate agreements, whether within or outside the European Union. We may also disclose your data to public authorities, such as the Police, the Tax Office, if so requested under applicable laws.
  5. WE USE COOKIES AND OTHER SIMILAR TECHNOLOGIES. We use cookies (small text files saved on your device) and other similar technologies to provide the Service, improve efficiency and offer increasingly improved functionalities to the Website Users and Service Customers. Analysis of data from such technologies shows us which content on our Website or Service feature you find the most interesting and which is less popular. Cookies allow us also to store your preferences and settings, to handle your logging in the Service Account, fight fraud, and display targeted advertisements. We also allow some other entities to use cookies in line with the description in our Privacy Policy. You may disable cookies and other similar technologies used by us and our service providers on your own at any time. Depending on the technology used, the disabling may take place either through web browser settings or through the opt-out option available on the service provider’s site.

Please read the entire content of our Privacy Policy below to fully understand how we will process your data and how you can exercise your related rights.

Privacy Policy

This Privacy Policy lays down the rules of protecting Act&Match subcontractor Service Customers and Users in connection with the processing of their data. We value your trust and we do the utmost to help you feel in control of your data. Below we have described, as transparently as possible, the scope of the data we process in connection with the use of our Service, Mobile App and Website, the purposes and methods of the processing, the data security rules and your rights related to the processing.

Use of the Website, the Service or the Mobile App means acceptance of all the rules followed by Act&Match subcontractor so please learn their content beforehand. If you do not agree to the rules laid down in this Privacy Policy, do not commence the use of our Services, the Mobile App and Website.

I. What data do we collect?

The scope of the data we process depends on the context of their collection and on the purposes of their processing.

If you are asked to give your Personal Data, you have the right to refuse. And if you decide against providing the data required to use a particular Service or Mobile App, you may be unable to use some of its elements or to order some Service plans.

1. Data you give us directly

We receive some data directly from you, for instance when you are filling out a contact form, managing the Account, filling out your profile details, enrolling on a webinar organised by Act&Match.

The Personal Data we receive from you include primarily first name, last name, e-mail address and other contact details.

You may also post various files and data during an Event held using our Service, which includes importing your contacts and building the list of Users – if you do this, we will process such data for you. For instance, if you want to present presentations during an Event, you must first add the file to the Service Account, and we must download the content of that file to allow you to display the presentation to the Participants during the Event.

2. Data received from third-party entities

We also receive data from third-party sources. They may include:

  • social media and Google or Microsoft, for instance if you are giving us access to data in your mail account or social media network when you are creating an Account;
  • the partners whom we work to deliver marketing content;
  • publicly available sources, such as the Central Registration and Information on Business (CEiDG) database or the National Court Register (KRS);
  • Participants of Events organised through the Service, whether you participate in them or organise them.

3. Data obtained automatically during the use of the Website or the Services

Whenever you use our Services, the Mobile App or the Website, also as an Event Participant, we record your visits and your interactions with Services, the Mobile App or the Website. They include data about your use of the Service, the Mobile App or the Website, the performance of our Services, the Mobile App and the Website, the functionalities you use, the Website pages your visit and the links or content you click, the setting you choose, the problems that arise during your use of the Services, the Mobile App or the Website. These activities are saved for instance in our system and application logs. In connection with the above activities, we may receive information about the URL address of the website from which you are coming and of the destination website when you leave the Website or stop using the Service. We also receive information about your IP address, the proxy server, the operating system, the web browser, general location data (not based on GPS).

Furthermore, when you contact us for troubleshooting or support, we collect detailed data connected with the incident you are reporting, including information about the condition and configuration of your device and Service at the moment of error occurrence and analysis.

We treat all the above information as Personal Data when they are tied to your Service Account or with other “hard data” that identify you directly. Otherwise such data are in principle non-personal data.

4. Cookies and similar technologies

Cookies represent a technology that saves data and collects them from the devices which you use to visit our Website or use the Service. Cookies are created automatically by the web browser you use and they can only be read by the site from which they come from.

We use cookies and similar technologies to improve performance and offer our Website, Mobile App and Service users further functionality improvements. We also allow some other entities to use such technologies in line with the description in our Privacy Policy.

II. How do we use your data? Your data and how we process them.

The rules that govern the processing of your data differ depending on whether you are our Customer or a Website or Mobile App User. The purposes, scope of the data we process and legal grounds of such processing vary. Below you will find information about the processed data in relation to the particular purposes for which we need them.

1. In order to provide services

We process your data because this is required for you to use the Service, the Mobile App or Website. In other words, for you to be able to register as a Customer, use the Mobile App or order our materials as a User, we must process your Personal Data because otherwise we would be unable to provide you with the service you request (necessity for contract performance or service provision).

Act&Match subcontractor’s service provision includes the following actions: account creation and Customer authentication on the Website, as well as Service provision, rendering the Mobile App available and delivery of the content ordered by Users, also Users who do not have an account but use the Website, actions taken to provide Customer and User service, complaint examination, invoicing, fee collection, exercise of claims, if any, and Service quality control.

What data do we use and what for?

For Account creation and Customer or User authentication we use:

  • Registration data (i.e. e-mail address, first name / business name, address, phone number) and your password (hashed).

To provide you with Service (i.e. once you have logged into the Account as our Customer or a person authorised by our Customer), we process the following data:

  • Data specified in Account details.
  • Personal Data contained in the content submitted or shared by the Customer through the Service or uploaded to the Account.
  • Data generated automatically in connection with your activity on the Website or in the Service (described more broadly in II.3. of the Privacy Policy).

2. Legitimate business interests

We process data for purposes connected with our legitimate interests, depending on the types of ties between us and our Customers or Users.

What data do we use and what for?

a) For analytical and development purposes. To manage Service, Mobile App and Website use statistic, to improve and facilitate Service, Mobile App and Website use and to ensure the IT security of the Service, Website and Mobile App, we process the following data:

  • E-mail address, if provided
  • Data generated automatically in connection with your activity on the Website, the Mobile App or in the Service (described more broadly in II.3. of the Privacy Policy).

We believe that we have a legitimate interest in analysing the Service, Mobile App and Website performance, their use and the satisfaction of our Customers and Users. We also believe that the processing of such data is beneficial to our Customers and Users as our goal is to improve the Website performance and provide higher quality of Service and the Mobile App.

b) To the claim and defence of rights. If necessary, we process the following data for the establishment, pursuit, exercise or defence of legal claims in court and before other state authorities:

  • Data specified in Account details.
  • Data regarding Service, Mobile App or Website use insofar as required to establish a claim,
  • Other data as required to prove the existence of a claim, including the extent and circumstances of damage.

We believe that we have a legitimate interest in data processing where required for us to claim damages in connection with Service, Mobile App or Website use that is unlawful or in violation of the Terms of Service or to defend against claims raised by Customers, Users or third parties.

c) To answer questions. To handle your questions, requests and complaints, if any, we may process the following data you have provided:

  • Data specified in Account details.
  • Data regarding your activity within the Service, the Mobile App or Website that are related to your question, request or complaint.
  • Data included in the question, request or complaint and in the enclosed materials.

We believe that we have a legitimate interest in replying to the requests or questions you have submitted through the existing contact channels. We assume that the processing of such data is also beneficial for you because it allows us to properly assist and reply to your communications.

d) To check customer satisfaction and improve Services. We may process the following data to check the satisfaction from and facilitate and improve the use of the Service, Mobile App or Website:

  • First name and e-mail address.
  • Replies to our questions contained in surveys and forms used in the study.

We believe that we have a legitimate interest in checking whether our Customers and Users are satisfied and how we could improve the quality of the Website and our Services.

e) For fraud prevention. We may process the following data to prevent, detect and fight fraud and violations, to protect our Customers and Users from such fraud and to ensure network and information security:

  • Data specified in Account details.
  • Data regarding the activity on the Website, the Mobile App or in the Service insofar as required to analyse and verify a potential fraud or violation.

We believe that we have a legitimate interest in conducting the required verifications to detect and prevent potential fraud and violations. We understand that the processing of such data is beneficial for everyone, and in particular for you and your clients, because it helps us establish the measures to protect your and your recipients against transmission of malware, attempts to disrupt your Events or fraud attempts by third parties.

IV. Who we disclose your data to

1. Data disclosure within the Service

Profile Page – the data on your profile page are fully visible outside the Service area (e.g. to users of third party search engines). We believe that default settings where the profile page is public are expected and beneficial for you, your Participants and invitees because this helps you promote your activity and planned Events online and the concerned parties obtain the required information about you and your planned public Events. You may decide about the availability of your profile website at any time and about the visibility of some of its parts through your Account settings.

Events – if you participate in an Event organised through the Service, your first and last name, if you provided it during registration for the event, as well as any information you provide on chat during the Event chat may be visible to other Participants of the Event. Additionally, if you are a Presenter or the Event Presenter gives you an audio or video transmission authorisation, your voice or image will be shared with other Participants of that Event. The Event host may decide to share the Event recording with a broader audience, for instance to publish it on his/her YouTube channel or carry out a live broadcast – in such case other people will be able to see your Personal Data visible in the recording.

Integrations – if you integrate your Service Account with services of other providers, the content and data you have uploaded to your Account may be shared with such providers or downloaded from such services. For instance, you may integrate your Account with your CRM account to automatically export there your list of Participants from the Event or integrate with your mailbox account and import your address book to your Account. Such activities enable you to use the imported or exported data to send invitations to an Event you organise through the Service. In addition, if during the use of the Service you present content from YouTube Platform or publish your Content on that Platform using our integration with YouTube API Services, data related to your Event and the use of YouTube API Services will be processed by YouTube in accordance with the privacy policy https://policies.google.com/privacy.

2. Other data recipients

We transfer your data to the following categories of recipients:

  • Processors. We use providers who process your Personal Data only at our instruction, as processors acting on our behalf. They provide services covering certain functionalities of the Service (sending e-mails), hosting services, Customer service support and services connected with security incident tracing and response, troubleshooting and problem solving in the Service or on the Website, for the purpose of Website traffic analysis and analysis of the success of marketing campaigns.
  • Other controllers. We work with entities who do not act exclusively on our instructions and who independently establish the purpose and methods of processing your Personal Data or non-personal data, for instance payment institutions that enable you to pay for the Service online. We use the services of such third parties (controllers) also to reach you with our marketing communications outside the Website. Their services involve presenting our marketing communications to you on websites other than the Website. To that end, the third-party controllers install e.g. a code or pixel to collect information about your activity within the Website or the Service. You will learn more about this in Chapter V of this Privacy Policy.
  • Public authority. We provide your Personal Data if requested by competent public authorities in connection with their legal obligation to perform a public function. We provide the data exclusively at a written request of the authority filed on a case-by-case basis.
  • Our affiliates. We provide your Personal Data to GetResponse Sp. z o.o., a company with personal ties to Act&Match subcontractor, to efficiently provide Services to Customers.

In addition, we may share information that does not represent Personal Data with the public, especially in the form of aggregate information about trends in Website, Service and Mobile App use, and communicate them to other partners, including publishers and providers of analytical technologies. We also allow specific providers to collect data from your browser for advertising and measurement purposes using cookies or similar technologies.

3. To which countries are my data transferred?

The providers to whom we transfer Personal Data are based mostly in Poland and in other Countries of the European Economic Area (EEA), e.g. the Netherlands or Ireland. Some of them are based outside of the EEA. In connection with the transfer of your Personal Data outside the EEA, we have made sure that our providers signed appropriate data processing agreements with us and gave their guarantees of top-level data protection. Depending on the provider, these guarantees arise from:

  • participation in the Privacy Shield established under Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield, based on Article 45(1) of the GDPR; learn more about the programme on https://www.privacyshield.gov/welcome, or
  • Commission Decision of 20 December 2001 on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documents Act, under Article 45(1) of the GDPR https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02002D0002-20161217, or
  • the obligation to apply standard contractual clauses adopted by the Commission (EU) based on Article 46(2)(c) of the GDPR;

V. Cookies and similar technologies

1. Can you disable cookies and other similar technologies and how?

We mention this first – you may accept and disable cookies and other similar technologies used by us and our service providers on your own at any time.

Depending on the technology used – the data storage, the disabling may take place either through web browser settings or through the opt-out option available on the service provider’s site. Detailed information about changes of settings and configuration of the web browser and the opt-out mechanism is provided below.

How can you disable cookies?

The web browser you use most probably allows cookies by default but you can change this any time. But remember that change of settings may cause problems with proper use of certain Website or Service elements and block proper upload of page, especially where logging in to the Account is required.

The method of disabling cookies depends on your web browser. Please read below how you can disable cookies on your device in Google Chrome, Firefox, Safari, Opera, Edge and Internet Explorer.

How to disable other technologies?

Solution providers whose services we use on the pages of our websites allow the User to disable the default settings of a service – through opt-out function. You will find the list of the providers of such solutions along with addresses of sites with more information about the possibility of disabling them here.

For example, if you want to disable the HotJar service, click here: https://www.hotjar.com/opt-out, and then proceed as instructed.

2. Cookies and similar technologies – types

As we have mentioned, cookies represent a technology that saves data and collects them from the devices which you use to visit our Website or use the Service.

Aside from cookies on the Website and within the Service, we and the providers of the tools and services that we use apply other technologies that allow to save information in your system/web browser through data storage (Session Storage, Local Storage, IndexedDB).

We also include within the Website and the Service partial codes of the analytical tools we receive from other providers that permit saving cookies or other technologies in the domains of those services. We use these solutions to monitor the quality of our Services, Mobile App and Website functionality, their performance and to monitor the behaviour of Customers and Users. See below for a description of the types of cookies and similar technologies.

TECHNOLOGY TYPE DESCRIPTION of application
Session cookies Session cookies are created in the system-user browser each time a user session is created, i.e. after the browser connects with the site.
Session cookies expire after the user session expires – e.g, after the web browser window is closed. The information contained in session cookies are then automatically deleted.
Persistent cookies Persistent cookies are created in the system – in the user’s browser after the first visit on the site or after completing a certain action.
Unlike session cookies, persistent cookies are not deleted upon the end of the user’s session. Persistent cookies are deleted by the user’s browser automatically after a specific period. They can also be deleted manually by the user.
Session Storage Data storage with the same function as cookies but with much larger data capacity (cookies have limitations connected with their quantity and the quantity of the data they can contain). Information from Session Storage is recorded and read only if clearly requested by the server, and sent to the website user’s browser. The data gathered in Session Storage are deleted just like session cookies – after the browser window is closed.
Local Storage Data storage for information that are kept permanently in the system/web browser of the user until deleted. Data saved in Local Storage are not automatically available through the web server presenting a particular site but by relevant scripts (java script, flash) placed on the website or sent to the user’s browser from other servers (e.g. through placement of a partial code coming from another web server – Facebook, Twitter, Google social media icons).
IndexedDB Data storage representing an internal database of a web browser that is used to store large data quantities. The storage makes it possible to store data in a structured form and as files. Data stored as objects to which access is limited only for specific data sources – the domains or subdomains from which they were saved.

The current list of our partners whose services we use or whose technologies we place on the Website or in the Service is available here.

For instance, in the area of the Website we use the services provided by HotJar Ltd., which involve providing aggregate information in the form of a heatmap and conversion path, recording the User’s movements on the site, conducting research and surveys on our websites. The privacy protection rules for the HotJar service are available on https://www.hotjar.com/privacy. According to the privacy protection rules, HotJar’s service does not entail collecting and processing any User information considered as Personal Data.

3 Why do we use cookies and similar technologies?

We use cookies and similar technologies to improve performance and offer our Website, Service and Mobile App users further functionality improvements. Analysis of the data saved based on the use of cookies and similar technologies shows which content is the most interesting for the Users and Customers, and which content is less popular.

At the same time, the use of anonymous cookies and similar technologies allows us to present better content without the need to send surveys and act through trial and error. We are able to define what can be easily improved and which elements to avoid, which ultimately renders our Website, the Mobile App and Services more user-friendly. Below you will find a detailed description of use of particular technologies.

PURPOSE TECHNOLOGY TYPE SCOPE OF USE
Analytics and statistics Cookies Local Storage Session Storage IndexedDB The information processed in such storage is used for analysing, developing statistics, monitoring the behaviour of Users and Customers on the Website and in the Services, and presenting our advertisement (on our Website and on other sites managed by the marketing platforms we use), which ultimately helps us improve the Website and the Services.
User authorisation Cookies; Storage The information processed in such storage is used for User authorisation in the IT System of the Service or Mobile App. With the information contained in such storage, we are able to properly recognise a Service or Mobile App User.
Service configuration Cookies; Local Storage The information processed in such storage is used to store the preferred settings you have chosen within the Website, the Mobile App and the Services. With the information contained in such storage we can memorise the settings and configuration of the Website, the Mobile App and the Services and of selected elements, page views.
Interface language settings Cookies; Storage The information processed in such storage is used to store the Website, Mobile App or Service language settings you have chosen. With the information contained in such storage we can always display the right language version for you.
Advertising Cookies; The information processed in such storage is used to deliver general advertising to the Users and the Customers as well as advertising matching their preferences.

VI. Your rights. You have control over your data

1. General Information

We make sure that our Customers and Users can exercise their rights concerning their data.

You may exercise your rights by submitting your request through the contact form or to the following email address mgiraud@actandmatch.com. All you need to do is to inform us about the reason behind your request and specify the right you want to exercise.

If you have an Account in the Service, you can exercise some of your rights directly in Privacy Settings after you log in to your Account. Please remember that if you change your Privacy Settings, it may take us a little time to apply your changes in our systems for technical reasons. That’s why during this time our system may for example still send you an email message you have unsubscribed from while your settings are being updated.

If we decide this is necessary for identification purposes, we may ask you some additional questions or ask you to provide us with additional documents to confirm your identity.

2. Right to give and withdraw your consent

If we ask for consent, you can always choose whether to give it or not. In addition, you may withdraw any consent you have granted while creating an Account or using the Website at any time. This also applies to:

  • receive commercial information by electronic means to your e-mail address,
  • to the collection of your data through cookies.

Consent withdrawal is effective as of the moment of it being withdrawn. Your withdrawal does not affect any prior processing of your data. Consent withdrawal does not have any negative consequences for you. Still, you may become unable to further use some functionalities of the Service or Website which the law only allows us to provide if we have your consent (e.g. the newsletter).

You can withdraw your consent by email to mgiraud@actandmatch.com

3. Right of access

You have the right to receive information on whether or not we process your Personal Data from us. If we do, you have the right to receive:

  • information about the rules according to which we process your Personal Data,
  • access to your Personal Data,
  • a copy of your Personal Data.

If you have your Account in the Service, you are able to obtain direct access to the majority of your Personal Data at any time after logging in the Account.

We will not charge you for the first copy of your data. For any other requests for copies of data, we may charge a fee corresponding to the administrative costs connected with preparing that information.

4. Right to rectification

You have the right to demand correcting and completing Personal Data you have provided. You may do this on your own in Privacy Settings in your Account. In respect of other Personal Data, you have the right to request that we rectify them (if they are incorrect) or supplement them (if they are incomplete).

5. Right to erasure (“right to be forgotten”)

In the cases specified by the law, you have the right to request that we erase the Personal Data that concern you. We will treat a request to erase all Personal Data as a request to delete your Account.

You have the right to request Personal Data erasure if:

  • the data processing violates the law or if we have to erase the data to satisfy a legal obligation,
  • your Personal Data are no longer required for the purposes for which they were processed,
  • you withdrew your consent to Personal Data processing (insofar as the consent represented a legal ground for the processing),
  • you have objected to the processing of your Personal Data for marketing purposes,
  • you have objected to the processing of your Personal Data for the purpose of statistics regarding Service or Website use and satisfaction research, and the objection was considered justified.

We will retain some of your Personal Data despite your request to erase them if this is required for us to satisfy a legal obligation or for the establishment, exercise or defence of claim. This applies in particular to such Personal Data as: first name, last name, e-mail address, history of using the Service or Website; we retain this data for the purpose of examination of any complaints and claims connected with the use of the Service or Website.

6. Right to restriction of processing

You have the right to request restriction of the processing of your Personal Data. If you make such a request, you will be unable to use certain functionalities of the Service, the Mobile App or Website until your request is considered if the use of such functionalities will entail the processing of the data covered by the request. We will not send you any communications, including marketing communications, either.

You have the right to request restriction of the use of your Personal Data:

  • When you question the correctness of your Personal Data – we will then limit their use for the time required to check the correctness of your data but not for more than 30 days,
  • If the processing of your data is unlawful, and you request restriction of processing instead of data erasure,
  • When your Personal Data are not longer required for the purposes for which we have collected or used them but you need them to establish, exercise or defend claims.
  • If you have objected to the use of your Personal Data – the restriction then takes place for the time required to determine whether, due to your particular situation, the protection of your interests, rights and freedoms overrides the interests we pursue by processing your Personal Data.

7. Right to object to data processing

You have the right to object to the use of your Personal Data if we process your Personal Data based on our legitimate interests.

In relation to the processing described in section II.2 of the Privacy Policy, if your objection turns out to be justified and we will have no other legal ground to process your Personal Data, we will delete the data to the processing of which you objected.

8. Right to data portability

If you have created an Account with us or agreed to the processing of your Personal Data, you have the right to receive the Personal Data that concern you which you have provided to us in a structured, commonly used, machine-readable and interoperational format that permits sending them to another controller. We will send you your Personal Data in the form of a csv file. The csv format is a commonly used, machine-readable format that permits sending the received Personal Data to another controller.

If technically feasible, you have the right to request that we send your Personal Data directly to anther controller. Just remember that controllers are not legally obligated to keep technically compatible processing systems.

VII. Other useful information

1. Do I have to give Act&Match subcontractor my data?

We sometimes ask you for your Personal Data. Some data (marked as mandatory) in registration forms are required for Account registration or sending of the ordered materials or for participation in an event of your choice. Their consequence is inability to use some or all of the Website, the Mobile App or Service functionalities. Any data other than mandatory and Data specified in the Account details are given on a voluntary basis.

2. How long do we retain your data?

If you are our Customer, we retain the Personal Data of third parties which you have provided to us for processing for as long as you have an Account in the Service. After Account cancellation, your data will be retained for 30 days, only to allow you to reactivate your Account, should you wish to do this. As regards Expired Accounts the storage period is extended to 90 days from Account deactivation date. By doing this we want to allow you to renew your Service subscription smoothly, that is without losing data, without the necessity to re-configure the Account or uploading the Content again. During that time, your data will only be processed for your account and they will not be subject to any other operations, unless we are otherwise required under applicable laws or by competent authorities. After that time, we will delete your Personal Data from the main database, without the possibility to recover it. In the next 120 days, your Personal Data will be subject to encryption and stored in backup copies only. The said 120-day period is required to delete the Personal Data completely due to the specifics of the backup copy operations.

We retain data of Users who are not our Customers for the time corresponding to the life cycle of the cookies or similiar technologies saved on their devices.

We will process the Personal Data of our newsletter subscribers or those who have agreed to receive commercial information from us until they unsubscribe from the newsletter or the commercial information.

Upon the expiry of the above periods, your Personal Data will be anonymised, except for the following data: first name, last name, e-mail address, history of Service use, information about the consents granted – we will retain such data for another period as required for the purpose of complaint examination, compliance with accounting and tax legislation and handling of claims connected with the use of the Service, the Mobile App or the Website or communication sent.

3. Why do I enter into a personal data processing agreement with Act&Match subcontractor?

If you are our Customer and you run a business within the European Economic Area or in any other cases where the GDPR applies to your business, you entrust to Act&Match subcontractor the processing of the Personal Data needed for Service provision.

In respect of the Personal Data you entrust to us for processing, you are the one to decide about the purposes and means of processing such data as their controller or you act on behalf of the controller of such data. Make sure you have secured consents to the processing of the data which you entrust to us.

4. Does Act&Match subcontractor process personal data of children or special categories of data?

Acting as a data controller, we do not process the Personal Data of children and we do not collect special categories of data.

The Service, the Mobile App and the Website are addressed to people of legal age, that is over the age of 18 (eighteen) and those who run a business. By commencing the use of the Service, the Mobile App or Website, you declare that you are 18. If you are a minor, please do not give us any information, Personal Data in particular.

If you entrust us with the processing of special categories of Personal Data or Personal Data of children, you represent that you have the legally required consents to the processing of the special categories of Personal Data listed in Article 9 of the GDPR, the Personal Data relating to criminal convictions and offences referred to in Article 10 of the GDPR and Personal Data of children, or you have other valid legal ground for such Personal Data processing and that you consider the security measures put in place by Act&Match subcontractor as sufficient for the protection of the entrusted Personal Data.

5. How does Act&Match subcontractor protect my Personal Data?

We have put appropriate and sufficient measures in place to ensure the security of your Personal Data. The Website uses encrypted data transmission (SSL, secure socket layer) during registration and logging in, which ensues the protection of any data that may identify you and makes it much harder to intercept the access to your Account by unauthorised systems or persons.

6. Update of our Privacy Policy

We may amend and supplement the Privacy Policy from time to time as needed. We will inform you about any changes or supplements by posting relevant information on the Website, and in the case of major changes we may also send you a notice to your e-mail address or to your Account.

The Privacy Policy does not limit any rights you have under the Terms of Service and applicable laws.