§1. General Information

1. The Privacy Policy defines the principles of processing and protecting personal data in connection with the User’s use of the Administrator’s websites.
2. The User, within the meaning of this Privacy Policy, is a natural person submitting an inquiry and/or order regarding services provided by the Administrator.
3. The Data Controller, within the meaning of the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) L 119/40 PL Official Journal of the European Union 4.5.2016, is itCraft sp. z o.o., NIP: 5222966148, REGON: 142693160, based in Warsaw 02-222, Aleje Jerozolimskie 181B, e-mail: rodo@itcraft.pl.
4. Contact regarding data processing by the Administrator: rodo@itcraft.pl
5. The scope, purpose, and period of personal data processing are specified in the further part of the Privacy Policy.

§2. Purpose of Data Processing by the Administrator

1. The User entrusts the processing of personal data to the Administrator for the purpose of using the Administrator’s websites and handling their inquiry and/or order submitted via the contact form, including sending the User the ordered personalized commercial information.
2. Providing a phone number by the User implies consent to telephone contact for the purposes indicated in point 1 above.
3. Providing an email address by the User implies consent to email contact for the purposes indicated in point 1 above.
4. Consent by providing contact details is voluntary, but in some cases, it may prevent the handling of an inquiry/order submitted via the contact form.
5. In the case of cooperation, subcontractors (processors), such as IT companies for website and application maintenance, may also have access to the data.

§3. Scope of Data Processing by the Administrator

1. The personal data of Users collected under this Privacy Policy include part or all of the following data:
   • User data:
     • first and last name,
     • contact phone number
     • contact email address.
2. The scope of data processing mentioned above also includes making backups.
3. The website operates an automated system that allows monitoring user behavior and tailoring content to user interests. This system is integrated with our service, and each user can object at any time.
4. The Administrator uses cookies to ensure the proper functioning of the service, particularly to tailor the content of the website to the user’s preferences and optimize the use of the website. In particular, these files allow recognizing the basic parameters of the user’s device (such as device type, screen resolution, country of entry) and thus appropriately display the website tailored to their needs.
5. The service administrator also uses cookies to collect general and anonymous statistical data via Google Analytics (cookie administrator: Google Inc based in the USA).
6. The User can independently and at any time change the settings regarding cookies, specifying the conditions for their storage and access by cookies to the user’s device. The user can change the settings using the web browser settings. These settings can be changed, in particular, to block the automatic handling of cookies in the web browser settings or to inform about each placement of cookies on the user’s device. Detailed information about the possibilities and ways of handling cookies is available in the software settings (web browser).
7. The User can delete cookies at any time using the available functions in the web browser they use.
8. Limiting the use of cookies may affect some functionalities available on the website.
9. The Administrator will report the collection of Users’ personal data for registration to the extent and under the conditions required by the GDPR or other applicable regulations.

§4. User Rights Regarding Processed Data

1. The User has the right to:
   • access their personal data,
   • rectify personal data,
   • delete personal data,
   • restrict the processing of personal data,
   • transfer personal data,
   • object to the processing of personal data.
2. To exercise their rights, the User should send an email to: rodo@itcraft.pl
3. The Administrator will fulfill the User’s request promptly, noting that deletion, restriction, transfer, and objection to data processing may affect the possibility or scope of proper handling of the submitted inquiry/order, including delivering personalized commercial information.

§5. Period of Personal Data Processing by the Administrator

The Administrator stores Users’ personal data for no longer than necessary to handle the submitted inquiry/order, including preparing a personalized commercial offer and enabling the Administrator to fulfill its obligations. After this period, the data is stored solely for the purpose of securing claims. We remind you that Users can request data deletion at any time.

§6. Administrator’s Obligations

The Data Controller undertakes to take measures to secure the processing of personal data as specified in the Act, and in particular, undertakes to:

1. secure data against unauthorized access, acquisition by an unauthorized person, changes, damage, or destruction,
2. allow only persons authorized by them to process personal data,
3. ensure control over the correctness of personal data processing,
4. maintain a record of persons authorized to process personal data, exercise particular diligence to ensure that persons authorized to process this data keep it confidential, even after the Administrator’s implementation is completed, including informing them of the legal consequences of breaching data confidentiality and obtaining statements on the obligation to keep this data confidential,
5. maintain the documentation required by law describing the method of processing entrusted personal data and the technical and organizational measures ensuring the protection of this data processing,
6. ensure that devices and IT and telecommunications systems used for processing personal data comply with the requirements of the Regulation of the Ministry of Internal Affairs and Administration of April 29, 2004, on the documentation of processed personal data and the technical and organizational conditions that devices and systems should meet.