Privacy policy

Privacy Policy

This Policy is aimed at informing users and clients of the GATE Website (the Website) (the Users, the Clients) what Personal Data may be processed on the Website; further, it presents processing purposes, the manner of using the data and related rights available to the Users/Clients. A personal data controller (the Controller) protects the Users’/Clients’ privacy and ensures security of data submitted by them. The Controller complies with personal data processing rules and applies technical and organisational measures which guarantee that the data are secure and processed as prescribed by law. The Users’/Clients’ Personal Data are always processed in conformity with applicable laws, including in particular pursuant to the Regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the GDPR). The Personal Data may be processed in the Users’/Clients’ cookies, in line with rules laid down in the Cookies Policy.

Who is the Controller?
The Controller is GATE ENTERPRISE Sp. z o.o. Sp. k. with registered office in Krakow, ul. Torowa 3H, 30-435 Krakow, Poland, entered into the Register of Entrepreneurs of the National Court Register under entry No. KRS 0000774854, registered under Tax Id. No. (NIP) 679-309-53-16 and Industry Id. No. (REGON) 122953493. The Controller has appointed a Data Protection Officer who can be contacted in any data protection issues at the e-mail address: iodo@gatee.eu. Data subjects can contact the Controller also otherwise as preferred, including verbally and in writing at the Controller’s address.

Purposes of, and legal bases for, processing of the Personal Data:

  • provision of the Services on the Website:
    For some Services on the Website to be rendered, it might be necessary to provide the Personal Data. In such a case, the Personal Data are processed in order to take up activities, at the User’s request, prior to entering into the Agreement, and to perform the Agreement (Art. 6.1.b of the GDPR). Should no Personal Data be provided, it will not be possible to render some Services for the User. The Controller may process the following data of the User/Client: nick, name, surname, password hash, e-mail, country, Google ID, Facebook ID, Apple ID, information on participation in a ranking;
  • sale of the Products in the Online Store:
    In order to purchase the Products, it is necessary to provide the Personal Data. In such a case, the Personal Data are processed in order to take up activities, at the Client’s request, prior to entering into the Sales Agreement, and to perform the Sales Agreement (Art. 6.1.b of the GDPR). Should no Personal Data be provided, the Orders may not be placed and the Products sold. The Controller may process the following data of the User/Client: IP address, country of a transaction, transaction ID, information on the successful completion of a transaction, purchase amount, purchase date, name and surname, e-mail, VAT-EU number, organisation name, organisation address, MCC code of a card;
  • communication with the User/Client:
    The Personal Data are processed in order to communicate with the User/Client (Art. 6.1.f of the GDPR). The Personal Data are provided on a voluntary basis but the provision thereof is necessary to receive a reply from the Controller. In such a case, the Personal Data are processed due to the Controller’s legitimate interests. The Controller’s legitimate interests consist in communicating with an individual who requests of the Controller to provide an answer. The Controller may process the following data of the User/Client: nick, name, surname, e-mail, Google ID, Facebook ID, Apple ID. As its legitimate interests pursuant to Art. 6.1.f of the GDPR, the Controller also considers: exercise and defence against legal claims, fraud prevention, keeping statistics and analyses, ensuring security of an ICT environment, application of internal control systems and in some cases also direct marketing of its own services, where for marketing purposes the Controller may process the Personal Data also with the User’s/Client’s consent (Art. 6.1.a of the GDPR). The User/Client may withdraw such consent at any time;
  • newsletter:
    The Personal Data are processed in order to send newsletter with to the User's/Clinet’s consent (Art. 6.1.a of the GDPR and art. 172 Telecomunication Law) and (Art. 6.1.f of the GDPR). The Personal Data are provided on a voluntary basis but the provision thereof is necessary to newsletter from the Controller. In such a case, the Personal Data are processed due to the consent and Controller’s legitimate interests. The Controller’s legitimate interests consist considers direct marketing of its own services and products. The Controller may process the following data of the User/Client: e-mail. The User/Client may withdraw such consent at any time without any consequences.
  • financial settlements:
    The Personal Data are processed in order to fulfil contractual obligations (Art. 6.1.b of the GDPR) and to comply with the Controller’s legal obligations resulting in particular from accounting policies and tax related regulations (Art. 6.1.c of the GDPR). Processing of the data applies exclusively to the Services available against payment and to the Sale of the Products in the Online Store. The provision of the Personal Data is a statutory requirement necessary for the discharge of obligations resulting from accounting policies and tax related regulations. The Controller may process the following data of the User/Client: IP address, country of a transaction, transaction ID, information on the successful completion of a transaction, purchase amount, purchase date, name and surname, e-mail, VAT-EU number, organisation name, organisation address, MCC code of a card, card issue country, card expiry date, card type (VISA/MASTERCARD, etc.), information on a PayPal account, part of a card number, information on the Product purchased, device serial number, platform where payment has been made.

    •  

    Recipients of the Personal Data:
    The Personal Data may be processed by the Controller’s service providers rendering, among others, financial settlement (including payment intermediaries such as PayPal (Europe) S.a.r.l. et Cie, S.C.A.), legal, advisory, consulting, archiving and IT services. The Users’ Personal Data may be transferred to providers of maintenance services related to software used by the Controller and to hosting service providers. In the case of purchasing the Goods in the Online Store, the Personal Data may be transferred to entities involved in the delivery of the Goods to the Clients (carriers, intermediaries). In the case of purchasing the Goods in the Online Store on an instalment basis, the Personal Data may be transferred to entities involved in a crediting process.

    The Personal Data will not be shared with any third parties or transferred to any third countries outside the EEA, unless this proves necessary and the User gives consent thereto, or an obligation or option of sharing the data results from mandatory rules of law, a final and non-appealable court judgment or a final decision of a relevant body. In particular, the Personal Data may be transferred to a third country to entities involved in the delivery of the Goods to the Client in the territory of the third country, subject to GDPR requirements.

    What does profiling involve and are any data on the Website subject to profiling?
    Profiling consists in any form of automated processing of the Personal Data evaluating the personal aspects relating to a natural person, in particular to analyse or predict aspects concerning the data subject’s work performance, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements, where it produces legal effects concerning the data subject or similarly significantly affects the data subject. The data on the Website, including in the Online Store, are not profiled.

    How can the Personal Data be changed?
    The User/Client has the right of access to content of their Personal Data and the right of rectification and erasure of the Personal Data, the right to restrict processing and the right to data portability. Further, the User/Client has the right to object to the processing of the Personal Data, for instance if the Controller profiles the data of the User/Client. The User/Client who has given consent to the processing of the data has the right to withdraw their consent at any time without affecting the lawfulness of processing carried out on the basis of the consent prior to the withdrawal. To this effect, the User/Client can contact the Controller at the e-mail address: online.store@gatee.eu or iodo@gatee.eu. The User/Client can contact the Controller also otherwise as preferred, including verbally and in writing at the Controller’s address. As for cookies, the User/Client can make relevant changes on their own, in accordance with rules laid down in the Cookies Policy.

    How does the Controller protect the Personal Data?
    The Controller protects the Users’/Clients’ data against unauthorised access, disclosure, change or destruction. In particular, the Controller makes use of data encryption, physical security measures and verification in IT systems. Further, the Controller uses anti-virus software and firewalls. The Users’/Clients’ data may be accessed exclusively by authorised individuals bound by confidentiality and by subcontractors that have entered into a personal data subprocessing agreement with the Controller and satisfy security criteria set forth therein.

    How long will the Personal Data be processed?
    In the case of the provision of the Services, the Personal Data are processed for as long as the Services are provided (including also the Account Services on the Website), and in the case of the Services available against payment – also until payment is settled, subject to the data to the processing of which the User/Client has given separate consent or in the case of which there exists another basis for their processing. In case of the sale of the Products, the Personal Data are processed for the duration of a sales process, including delivery and payment settlement. In the case of communication with the User/Client, the Personal Data are processed for a period necessary to provide the User/Client with an answer. To a limited extent, the Personal Data may also be processed upon the lapse of the above periods until any potential legal claims become time-barred or for as long as possible or required in compliance with applicable laws, e.g. for statistical purposes or to document a transaction. Upon the lapse of a processing period, the Personal Data are permanently deleted or anonymised.

    Other personal data processing related rights of the Users
    The User/Client has the right to lodge a complaint with the President of the Personal Data Protection Office if they consider that their Personal Data are processed in breach of mandatory rules of law.

    This Policy shall apply once published on the Website.