I. General Provisions

This Privacy Policy and Cookie Policy define the principles of processing and protecting personal data provided by Users and Cookie files, as well as other technologies appearing on the website www.bs4.io.

The administrator of the website and the personal data provided is bs4 business solutions Sp. z o.o., address (also for correspondence): ul. Słowackiego 35/5, 60-824 Poznań, NIP: PL7811824750.

The Administrator reserves the right to make changes to the privacy policy. The reason for the changes may be the development of internet technology, changes in generally applicable law or the development of the Administrator’s website.

II. Definitions

Administrator – bs4 business solutions Sp. z o.o., address (also for correspondence): ul. Słowackiego 35/5, 60-824 Poznań, NIP:PL7811824750.

User – any entity staying on the website and using it.

Page – website located at www.bs4.io.

Form or Forms – places on the website that allow the User to enter personal data for specific purposes, in particular contact with the User, submitting an offer, sending a newsletter.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119, 4.5.2016, p. 1).

III. Personal data and principles of their processing

1. Is the provision of personal data voluntary?

Providing data is voluntary, however, failure to provide certain information marked on the Administrator’s Website as mandatory is associated with the inability to perform a given service and achieve a specific purpose or take specific actions.

The provision by the User of data that is not mandatory or excess data that the Administrator does not need to process is based on the User’s voluntary consent and in such a case, the processing is carried out on the basis of art. 6 sec. 1 letter a of the GDPR. The User consents to the processing of this data and to the anonymization of data that the Administrator does not require and does not want to process, and despite this, the User has provided it to the Administrator.

2. For what purposes and on what legal basis are your personal data processed?

The User’s personal data on the Administrator’s Website may be processed for the following purposes and in accordance with the following provisions:

• performance of the concluded contract, provision of a service, provision of a demo version of software, sending an offer at the User’s request – art. 6 sec. 1 letter b of the GDPR;
• issuing an invoice, bill and fulfilling other obligations resulting from tax law provisions – Article 6 sec. 1 letter c of the GDPR;
• granting a discount or informing about promotions and interesting offers of the Administrator or entities recommended by it – Article 6 sec. 1 letter a of the GDPR;
• considering complaints or claims related to the contract – Article 6 sec. 1 letters b and c of the GDPR;
• telephone contact in matters related to the implementation of the service or for the purpose of presenting an offer and direct marketing – Article 6 sec. 1 letters a, b and f of the GDPR;
• creating registers related to the GDPR and other regulations – Article 6 sec. 1 letters c and f of the GDPR;
• archival and evidentiary, for the purposes of securing information – Article 6 sec. 1 letter f of the GDPR;
• analytical, consisting, among others, in the analysis of data collected automatically when using the website, including cookies, e.g. Google Analytics cookies, Facebook Pixel – Article 6 sec. 1 letter f of the GDPR;
• use of cookies on the Website and its subpages – Article 6, paragraph 1, letter a of the GDPR;
• management of the Website and the Administrator’s websites on other platforms – Article 6, paragraph 1, letter f of the GDPR;
• satisfaction surveys with the services offered – Article 6, paragraph 1, letter f of the GDPR;
• posting opinions by the User on the services provided by the Administrator – Article 6, paragraph 1, letter a of the GDPR;
• for the Administrator’s internal administrative purposes related to managing contact with the User – Article 6, paragraph 1, letter f of the GDPR;
• in order to adapt the content displayed on the Administrator’s websites to individual needs and continuously improve the quality of the services offered – Article 6, paragraph 1, letter f of the GDPR;
• in order to create own User databases – Article 6, paragraph 1, letter f of the GDPR;
• in order to operate social media profiles (Facebook, LinkedIn and Instagram) and interact with users – Article 6, paragraph 1, letter f of the GDPR.

3. How is data collected?

Only data that the User provides is collected and processed (except for data collected automatically using cookies and login data, as discussed below).

During a visit to the Site, data relating to the visit itself is automatically collected (including the user’s IP address, domain name, browser type, operating system type). Data collected automatically may be used to analyze user behavior on the website, collect demographic data about users or personalize the content of the site in order to improve it. This data is processed solely for the purposes of administering the site, ensuring efficient hosting service or directing marketing content and is not associated with the data of individual users. You can read more about cookies later in this policy.

4. What are the User’s rights?

The User is entitled at any time to the rights contained in art. 15-21 of the GDPR, i.e.:

• the right to access the content of their data;
• the right to transfer data;
• the right to correct data;
• the right to rectify data;
• the right to delete data if there is no basis for their processing;
• the right to limit processing if it was carried out incorrectly or without a legal basis;
• the right to object to the processing of data based on the legitimate interest of the administrator,
• the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office in the event that the processing of their data is contrary to the provisions of the law on data protection;
• the right to be forgotten if further processing is not provided for by the currently applicable provisions of law;
• The Administrator points out that these rights are not absolute and do not apply to all activities of processing the User’s personal data. This applies, among others, to copyrights, professional secrecy.

In order to exercise their rights, the User may contact the Administrator via e-mail address: bs4@bs4.io or by mail to the address of the place of business of the Administrator, if it has been provided in this privacy policy, indicating the scope of their requests. The response will be provided within 30 days from the date of receipt of the request together with its justification.

5. Withdrawal of expressed consent

The User may withdraw consent to a specific action at any time, which results in the removal of the e-mail address from the Administrator’s mailing list and cessation of the indicated actions. Withdrawal of consent does not affect the processing of data, which was carried out on the basis of consent before its withdrawal.

In some cases, the data may not be completely deleted and will be retained for the purpose of defense against potential claims for a period consistent with the provisions of the Civil Code or, for example, for the purpose of fulfilling legal obligations imposed on the Administrator.

Each time, the Administrator will respond to the User’s request, appropriately justifying further actions resulting from legal obligations.

6. Is data transferred to third countries?

User data may be transferred outside the European Union, to third countries. In such a case, data is transferred only to recipients who have joined the Privacy Shield agreement or those who guarantee the highest protection and security of data.

Due to the use of Google, Facebook, LinkedIn and Instagram services, User data may be transferred to the United States of America (USA) in connection with their storage on American servers.

Detailed information is available in the privacy policy of each of the providers of the above services on their websites.

7. How long is data stored?

User data is stored by the Administrator for the duration of individual services/achievement of goals and:

• for the period of service provision and cooperation, as well as for the limitation period for claims in accordance with the provisions of law – in relation to data provided by contractors and customers,
• for the period of talks and negotiations preceding the conclusion of the agreement or provision of the service – in relation to data provided in the request for quotation,
• for the period required by law, including tax law – in relation to personal data related to the fulfillment of obligations resulting from applicable provisions,
• until an effective objection is filed on the basis of art. 21 of the GDPR – in relation to personal data processed on the basis of the legitimate interest of the administrator, including for direct marketing purposes,
• until consent is withdrawn or the purpose of processing, business purpose is achieved – in relation to personal data processed on the basis of consent. After withdrawal of consent, the data may still be processed for the purpose of defending against potential claims in accordance with the limitation period for such claims or the (shorter) period indicated to the User,
• until they become outdated or lose their usefulness – in relation to personal data processed mainly for analytical, statistical purposes, use of cookies and administration of the Administrator’s Websites.

8. Data security

The User’s personal data are stored and protected with due diligence, in accordance with the implemented internal procedures of the Administrator. The Administrator processes information about the User using appropriate technical and organizational measures that meet the requirements of legal regulations, in particular the provisions on the protection of personal data. These measures are primarily aimed at protecting the Users’ personal data against access by unauthorized persons. In particular, only authorized persons have access to the Users’ personal data, who are obliged to keep this data secret.

At the same time, the User should exercise due diligence in securing their personal data transferred within the Internet, in particular not to disclose their login data to third parties, use anti-virus protection and update the software.

9. Recipients of personal data

The Administrator informs that it uses the services of external entities. Entities to which it entrusts the processing of personal data (such as courier companies, companies intermediating in electronic payments, companies offering accounting services, companies enabling the sending of newsletters) guarantee the application of appropriate measures for the protection and security of personal data required by law, in particular by the GDPR.

The Administrator informs the User that it may entrust the processing of personal data to, among others, to the following entities:

• www.ovhcloud.com for the purpose of storing personal data on the server,
• www.ovhcloud.com for the purpose of managing the domain and mail server,
• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland – for the purpose of using Google services,
• other contractors or subcontractors engaged in technical, administrative support, or to provide legal assistance to the Administrator and its clients, e.g. accounting, IT, graphic, copywriting assistance, debt collection companies, lawyers, etc.,
• the tax office for the purpose of fulfilling legal and tax obligations related to settlements and accounting,
• authorized state authorities in connection with proceedings conducted by them, at their request and after fulfilling the conditions confirming the necessity of obtaining such data from the Administrator,
• www.tawk.to for the purpose of using the chat on the website,
• www.calendly.com for the purpose of managing the calendar for scheduling meetings,
• www.getresponse.com in order to use the mailing system.

10. Personal Data Protection Inspector

The Administrator informs that it has not appointed a Personal Data Protection Inspector and independently performs the duties related to the processing of personal data.

11. Profiling of personal data

The User’s personal data are not used for automated decision-making that affects the rights, obligations or freedoms of the User within the meaning of the GDPR.

As part of the website and tracking technologies, the User’s data may be profiled, which helps to better personalize the company’s offer that the Administrator directs to the User (mainly through so-called behavioral advertising). However, this should not have any impact on the User’s legal situation, in particular on the terms of the agreements concluded by him or her or which he or she intends to conclude. It can only help to better match the content and targeted advertisements to the User’s interests. The information used is anonymous and is not associated with personal data provided by the User, e.g. in the purchase process. They result from statistical data, e.g. gender, age, interests, approximate location, behavior on the Site.

Every User has the right to object to profiling if it would have a negative impact on the rights and obligations of the User.

IV. Disclaimer and copyright

The content presented on the Site does not constitute specialist advice and does not refer to a specific factual situation. If you wish to obtain assistance in a specific matter, contact a person authorized to provide such advice or the Administrator using the contact details provided. The Administrator is not responsible for the use of the content contained on the Site or actions or omissions undertaken on its basis.

All content placed on the Site is subject to the Administrator’s copyright (e.g. photos, texts, videos, free materials, etc.). The Administrator does not consent to copying this content in whole or in part without his express, prior written consent.

The content placed on the Site is current as of the date of its posting, unless otherwise indicated.

V. Cookie policy

The Administrator’s Site uses so-called tracking technologies, i.e. cookies, which allows the improvement of the site in terms of the needs of users visiting it.

The Site does not automatically collect any information, except for information contained in cookies.

Cookies (so-called “cookies”) are computer data, small text files that are stored on the end device – computer, tablet, smartphone, in the case of using the Website. These may be own cookies (originating directly from the Website) and third-party cookies (originating from other websites).

Cookies allow the content of the Website to be adjusted to the individual needs of the User. They also enable the creation of statistics that show how Users use the website and how they navigate it.

The Administrator uses/may use the following third-party cookies within the Website:

• Facebook conversion pixel for the purpose of managing Facebook ads and conducting remarketing activities, which is the legitimate interest of the Administrator. This tool is provided by Facebook Inc. and its affiliates. This is an analytical tool that helps measure the effectiveness of ads, shows what actions the Site Users take and helps reach a specific group of people (Facebook Ads, Facebook Insights). The information collected as part of the use of the Facebook Pixel is anonymous and does not allow you to be identified. It shows general data about users: location, age, gender, interests. The provider may combine this information with the information you provide to it as part of your Facebook account, and then use it in accordance with its own assumptions and purposes. Embedded Google Analytics code for the purpose of analyzing Site statistics. Google Analytics uses its own cookies to analyze the actions and behavior of Site Users. These files are used to store information, e.g. from which page the User came to the current website. This tool is provided by Google LLC. Actions taken as part of using the Google Analytics code are based on the legitimate interest of the Administrator consisting in creating and using statistics, which then enables improving the Administrator’s services and optimizing the Site. As part of using the Google Analytics tool, the Administrator does not process any User data that allows for their identification. Plugins directing to social media Facebook, Instagram, LinkedIn, as well as to the website znalekarz.pl After clicking on the icon of a given plug-in, the User is redirected to the website of an external provider, in this case the owner of a given social networking site, e.g. Facebook. Then they have the option of clicking “Like” or “Share” and liking the Administrator’s fanpage, located on Facebook or directly sharing its content (post, article, video, etc.). The Administrator recommends that you read the privacy policy of Facebook before creating an account on this portal. The Administrator has no influence on the data processed by Facebook. From the moment the User clicks on the plug-in button referring to social media, personal data are processed by the social networking site, e.g. Facebook, which becomes their administrator and decides on the purposes and scope of their processing. Cookies left by the Facebook plugin (or other third parties) may also be applied to the User’s device after entering the Site and then associated with data collected on the Facebook portal. By using the Site, the User accepts this fact. The Administrator has no influence on the processing of data by third parties in this way.
• Tools used to assess the effectiveness of Google Ads advertising campaigns in order to conduct advertising and remarketing campaigns, which is the legitimate interest of the Administrator. The Administrator does not collect any data that would allow for the identification of the User’s personal data. The Administrator recommends that you familiarize yourself with Google’s privacy policy in order to learn the details of how these functions work and to disable them from the User’s browser level.
• Content from portals and websites of external suppliers The Administrator may embed content from portals, services, blogs and other websites of external entities on the Site. In particular, these may be videos from YouTube or Vimeo. Third parties may save certain data on the playback of content made by the User.
• GetResponse Sp. z o.o., based in Gdańsk at ul. Arkońska 6, A3, 80-387 Gdańsk, for the purpose of sending newsletters and using the mailing system. The Administrator has concluded a data entrustment agreement with this provider, which ensures the confidentiality of data stored in its database and on servers, and also meets all GDPR requirements.
• Calendly is used to arrange conversations and meetings. To arrange a meeting, the user selects a date in the calendar of the given person, and then leaves contact details, e-mail, phone number, in order to hold the arranged meeting or conversation. The Administrator recommends that you read the Calendly privacy policy to learn more.

VI. Consent to cookies

When you first enter the Site, you must consent to cookies or take other possible actions indicated in the message in order to continue using the Site’s content. Using the Site means giving your consent. If you do not want to give such consent, you should leave the Site.\

VII. Server Logs

Using the Site involves sending queries to the server on which the Site is stored.

Each query sent to the server is saved in the server logs. The logs include, among others, the User’s IP address, the server date and time, information about the web browser and operating system used by the User.

The logs are saved and stored on the server.

The server logs are used to administer the Site, and their content is not disclosed to anyone except persons and entities authorized to administer the server.

The Administrator does not use the server logs in any way to identify the User.