Your submission has been sent!
I agree to receive marketing communication from Gridaly. I can withdraw my consent at any time. More information can be found in Gridaly Privacy Policy.
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
February 5, 2025 10:00
Purpose of this privacy policy
This Privacy Policy contains information about how GRIDALY collects and processes personal data when you use the GRIDALY services, including any data you may provide through the GRIDALY services (applications, web platforms, registration gateways and other services) and on our websites. It also contains information about your rights, including your right to object to certain types of processing that we carry out.
The privacy policy also governs the processing of personal data on www.gridaly.com.
This privacy policy applies to all users of our applications, websites or other services (‘GRIDALY Services’) unless they are covered by a separate privacy policy.
Administrator/Processor
Data protection law in some jurisdictions distinguishes between a ‘controller’ and a ‘processor’ of personal data. ‘Data controller’ and “Data processor” are important concepts for understanding the responsibilities of different companies under the RODO. Depending on the situation, Gridaly may be a data controller, a data processor, or there may be a situation where Gridaly exchanges data with other companies and they act as independent controllers.
By Gridaly in this Policy is meant Gridaly sp. z o.o. with registered office in Warsaw, (02-014), 64/43 Nowogrodzka Street, KRS 0000893606, NIP 7011027905, REGON 38864004900000 District Court for the Capital City of Warsaw in Warsaw, XII Economic Division of the National Court Register, share capital: PLN 54,550.00, paid in full.Gridaly provides most of its services as a data controller. The following are examples of situations in which Gridaly acts as a data controller:
- the performance of contracts between Gridaly and its contractors,
- the processing of cookies,
- provision of the Gridaly platform access service, including account and event management services,
- the provision of newsletters,
- handling requests from contact forms on our website,
- fulfilling contracts between us and you - where you represent our contractors or act on their behalf,
- handling website visits.
The following are examples of situations where data is transferred between Gridaly and another third-party administrator:
- the organisation of events. With respect to the use of the GRIDALY platform, GRIDALY and our clients (e.g., Event Organisers), are independent controllers of certain types of personal data, such as certain information you provide when creating an account (e.g., your name and email address) and information about the Event in which you participate (e.g., the name of the Event and the date and time of the Event, your activity at the Event and the content generated by the Event).
- Third party advertising materials broadcast on Gridaly's websites and services.
Here are examples of situations in which Gridaly acts as a data processor:
- Event Organiser materials. The Event Organiser is the controller and GRIDALY is the processor in relation to materials submitted by the Event Organiser in the course of creating or during the Event, if they contain any personal data in such materials.
- Event participant data. The Event Organiser is the controller and GRIDALY is the processor vis-à-vis participant data if such data has been submitted to Gridaly and the participants have not become users of the Gridaly Platform (have not registered). Another possibility is if the data is collected by Gridaly additionally, only for the needs of the Event Organiser.
Changes to our privacy policy and obligation to inform us of changes to personal data
We regularly review our privacy policy and it may be updated from time to time. Laws, regulations and industry standards evolve, which may necessitate these changes or we may make changes to our services. We will notify you by posting an updated, dated version of this privacy policy on our website. If we make changes that materially alter the privacy policy, we will notify users in accordance with applicable law. Notification may consist of posting a notice on our website, sending information to the email address that users have provided, or otherwise in accordance with applicable law. Accordingly, we ask users to keep their account information, including their email address, up to date.
Where other language versions of this GRIDALY Privacy Policy exist, the Polish version will prevail in the event of any conflict and/or confusion between the documents.
Access to and use of online resources or third-party services available through GRIDALY services
The GRIDALY Services may contain links or references to third-party websites and applications, as well as links related to the Event, e.g. to Event organisers, their business partners or service providers.
Third party websites, applications and services
Clicking on links to third party websites, content, applications, weob platforms or services may enable these third parties to collect or share your data. We do not look after these third-party websites or content made available to users and are not responsible for their privacy policies, nor do we oversee how they collect or use data.
When users access or use third-party services provided by an Event organiser, advertiser, sponsor or any other entity that participates in the Event, we encourage them to ask for details and read that entity's privacy policy. We do not look after these sites or the content provided to you by third parties and are not responsible for their privacy policies or oversee how they collect or use data.
We may collect, use, store and transfer different types of your personal data, which we have grouped as follows:
Identity data. This is data that includes your image or avatar and your first name, last name, username, job title, date of birth and gender. If required by applicable legislation, we may ask you in certain situations to show proof of identity in order to verify your identity. This data also includes the audiovisual content in which users appear when they participate in the Event.
Contact data. This is data that includes the address, email address and telephone number(s) and other addresses provided by the user for specific purposes.
Transaction Data. This is data that includes details of payments made and other details of products and services accessed or used by users through the GRIDALY services. We do not store card details on our server. Credit and debit card payments are processed by online payment platform providers on their secure payment server and all card details are fully encrypted and stored by them.
Technical data. This is data that includes the Internet Protocol (IP) address, login data, browser type and version, hardware information, time zone settings and location, browser plug-in types and versions, operating system and website, and other technological data about the devices users use to access GRIDALY services.
Profile data. This is data that includes username and password, avatar, purchase or order history, interests, history of actions performed during Events, preferences, feedback and survey responses.
Usage data. This is data that includes information about how users use our services, as well as third party platforms that users have linked to their use of our services. Usage data includes metadata that provides additional context about how you use our services, such as length of visit, page views, navigation paths and site interaction information (such as scroll, clicks, mouseover and mouse tracking), as well as time, frequency and usage information.
Marketing and communication data. This is data that includes your preferences about receiving marketing materials from us and our third party partners and your communication preferences.
User-generated content. This is user-generated data, which includes data uploaded as part of an Event or as a result of interaction with GRIDALY services, such as Event materials, videos, chats, queries, messages, avatars.
Additional data collected by Event Organisers. In some Events, the Organisers may collect additional data for their own purposes.
We may transfer certain categories of data to Event Organisers or potential Event Organisers, e.g. User Generated Content, Profile Data, Contact Data or certain Identity Data. Where this is not obvious, you will be informed of such transfer.
Consequences of not providing the required personal data
The provision of certain information is a contractual requirement in order to use our services. These are appropriately marked during their collection as required information, in particular with an asterisk. For example, to access the GRIDALY platform, users must provide their name and email address. If users do not provide the required information, they will not be able to access our services or we will not be able to perform the contract we have or will not be able to conclude the contract.
Children's personal data
We do not knowingly collect or process personal data about children and no part of our services is directed at them. A ‘child’ is a person:
under the age of 13 (for non-EEA residents, except the Republic of Korea);
under the age of 16 or the age appropriate to consent to the processing of personal data in their country of residence (for EEA residents); or
under the age of 14 (for residents of the Republic of Korea).
If a parent or guardian and becomes aware that their child has provided us with personal information, please contact us. If we become aware that we have collected personal information from a child without verifying parental consent, we will take steps to remove this information from our systems.
We collect data in a variety of ways, including:
direct interactions. Users can provide us with their identity, contact details, profile data, marketing and communication data and other information by filling in forms or corresponding with us by email or otherwise. This includes personal data that you provide when you:creates an account on the platform;subscribes to our services; interacts or communicates with other users and the organiser during the Event; signs up for a mailing of marketing materials; participates in a promotion or survey;gives us feedback or contacts us;
creates an account on the platform;
subscribes to our services;
interacts or communicates with other users and the organiser during the Event;
signs up for a mailing of marketing materials;
participates in a promotion or survey;
gives us feedback or contacts us;
automated technologies or interactions. When you interact with the GRIDALY Services, we will automatically collect and populate profile data, user-generated content, transaction data, technical data about your equipment, activities and uses of the Services. We also collect usage data through cookies, server logs and other similar technologies that monitor your interaction with the GRIDALY Services;
third parties. Depending on how you use the GRIDALY Services, we may collect data from third-party service providers that you have linked to your use of our Services (including social media accounts and single sign-on services), from your employer, from the organiser of the Event you are registering for or participating in, from publicly available sources, from data enrichment providers, payment providers, advertising networks, analytics providers (such as Google Analytics) and our business partners. The information we receive from third parties depends on the policy that the third party has in place and the relationship it has with you and us.
We have set out below, in table form, a description of how and for what purposes we use personal data, the categories of data used for each purpose, the legal basis for processing and the length of time we process data for a particular purpose. Where relevant, we have also set out what our legitimate interests are. In the table we refer to the General Data Protection Regulation (EU) 2016/679 of 27 April 2016. (‘RODO’).
Purpose/activity | Type of data | Legal basis for processing, including legitimate interest | Period of processing
Registration on the Gridaly platform | (a) Identity data (b) Contact data | a) Performance of the contract (Art. 6(1)(b) RODO)(b) Necessary for our legitimate interests of protecting claims and fulfilling statistical purposes (Art. 6(1)(f) RODO) | until the expiry of the Contract, except that sometimes, the data may also be processed after the expiry of that Contract for statistical, billing or claims purposes, in which case the data shall be processed for a maximum period of 6 years from the end of the calendar year in which the event giving rise to the claim occurred
_______
Accounting for participation in the Event (as a participant or organiser), including:
(a) Payment management
(b) Verification of identity and details of payment method or credit card account
(c) Communication, such as sending confirmation of participation in the Event
(d) Maintaining statistics
|
(a) Identity data
(b) Contact data
(c) Profile data
(d) Marketing and communication data
|
(a) Performance of the contract (Article 6(1)(b) RODO)
(b) Necessary for our legitimate interests of protecting claims and keeping statistics (Art. 6(1)(f) RODO)
(c) Fulfilment of billing and tax obligations (Article 6(1)(c) RODO)
|
until the expiry of the Contract, with the proviso that sometimes, the data may also be processed after the expiry of this Contract for statistical, billing or claim purposes, in which case the data shall be processed for a maximum period of 6 years from the end of the calendar year in which the event giving rise to the claim occurred, 5 years from the end of the calendar year in which the event giving rise to the tax obligations occurred.
_______
To provide the service of participating in an Event:
(a) To communicate with users, such as sending confirmation of participation in the Event
(b) To keep statistics
|
(a) Identity data
(b) Contact data
(c) Profile data
(d) Marketing and communication data
(e) User-generated content
|
(a) Performance of a contract (Article 6(1)(b) RODO)
(b) Necessary for our legitimate interests of protecting claims, fulfilling statistical purposes and building a user profile (Article 6(1)(f) RODO)
|
until the expiry of the Contract, except that sometimes, this data may also be processed after the expiry of this Contract for statistical purposes or for the purpose of asserting claims, in which case this data is processed for a maximum period of 6 years from the end of the calendar year in which the event giving rise to the claim occurred.
______
Marketing purposes of Gridaly | address, profile, identity, contact, marketing and communication purposes | Necessary for the legitimate interests of third parties to carry out marketing activities such as sending gadgets, presenting offers (Art. 6(1)(f) RODO)
The legitimate interest is pursued in connection with your consent under other laws (e.g. to receive commercial information)| until successful objection
______
Third-party marketing purposes (e.g. Event Organisers and Partners) | address, profile, identity, contact, marketing and communication purposes | Necessary for the legitimate interests of third parties to carry out marketing activities such as sending gadgets, presenting offers (Art. 6(1)(f) RODO). The legitimate interest is pursued in connection with your consent under other laws (e.g. to receive commercial information) | until successful objection
______
User profiling (customising and presenting an offer of Events, services or content that may be of interest to the User tailored to the User's preferences)
|
(a) Identity data
(b) Contact data
(c) Profile data
(d) Marketing and communication data
(e) User generated content
(f) Technical Data
|
Necessary for the legitimate interests of third parties to carry out marketing activities such as sending gadgets, presenting offers (Art. 6(1)(f) RODO)
The legitimate interest is pursued in connection with your consent under other laws (e.g. to receive commercial information)
|
until successful objection
______
To manage our relationship with you, which will include:
(a) Providing you with access to Platform services, Apps or other technologies
(b) Notifying you of changes to our terms and conditions or privacy policy
(c) Managing reviews
(d) Handling complaints
(e) Providing relevant training services related to the use of the Platform
|
(a) Identity data
(b) Contact data
(c) Technical data
(d) Marketing and communication data
|
(a) Necessary for our legitimate interests (for the operation of our business, administration of our CRM, provision of administrative and IT services, network security, to prevent fraud and in the context of business reorganisation or group restructuring) (Article 6(1)(f) RODO)
(b) Necessary to comply with a legal obligation (Article 6(1)(c) RODO)
|
until such time as an effective objection is lodged, 5 years from the end of the calendar year in which the event giving rise to the legal obligations occurred or until such obligations expire.
______
To send the newsletter
|
(a) Identity data
(b) Contact data
(c) Profile data
(d) Usage data
(e) Marketing and communication data
|
With consent (Article 6(1)(a) RODO)
|
until consent is revoked
______
To enable users to enter a competition or complete a survey
|
(a) Identity data
(b) Contact data
(c) Profile data
(d) Usage data
(e) Marketing and communication data
|
Necessary for our legitimate interests (to study how users use the GRIDALY platform and to develop and expand our business) (Art. 6(1)(f) RODO)
|
until successful objection
______
Issue advertisements and customised content and measure the effectiveness of the advertisements we show
|
(a) Identity data
(b) Contact data
(c) Profile data
(d) Usage data
(e) Marketing and communication data
(f) Technical data
|
Necessary for our legitimate interests (researching how users use the GRIDALY platform and developing our business and informing our marketing and development strategy), in relation to consent to the processing of cookies (Article 6(1)(f) RODO)
|
until successful objection is made and consent to cookies is revoked
______
Compilation of business and web traffic statistics for the services provided
|
(a) Technical Data
(b) Usage data
|
Necessary for our legitimate interests (identifying the types of users of certain Platform services and keeping our services and website up to date and relevant, developing our business and informing our marketing strategy), in relation to consent to the processing of cookies (Article 6(1)(f) RODO)
|
until successful objection is made and consent to cookies is revoked
______
To provide suggestions and recommendations regarding Events or other services available through the Platform, the App or other services that may be of interest to users
|
a) Identity Data
(b) Contact data
(c) Technical data
(d) Usage data
(e) Profile data
(f) Marketing and Communication Data
|
Necessary for our legitimate interests (developing the products and services available through the GRIDALY Platform) (Article 6(1)(f) RODO)
|
until successful objection
______
To respond to a user's enquiry sent via a contact form
|
(a) Identity data
(b) Contact data
(c) Technical data
|
(a) Necessary for the fulfilment of the user's enquiry (Article 6(1)(b) RODO)
(b) Necessary for our legitimate interests of protecting claims and for statistical purposes (Article 6(1)(f) RODO)
|
until we have responded to the enquiry, with the proviso that sometimes the data may also be processed after the enquiry has been made - for statistical purposes or for the purpose of claiming, in which case the data are processed for a maximum period of 6 years from the end of the calendar year in which the event giving rise to the claim occurred.
______
To comply with the legal and regulatory obligations we have entered into. | In accordance with the scope set out in the applicable legislation | Necessary to comply with a legal obligation (Article 6(1)(c) of the RODO) | 5 years from the end of the calendar year in which the event giving rise to the legal obligation took place or until it expires.
Gridaly uses cookies on its website, i.e. IT data, in particular text files, stored on the website user's terminal equipment. Such files usually contain the name of the website from which they originate, the storage time of these files on the end device and a unique number. We use the following types of these files:
Strictly Necessary Cookies
These cookies are essential to the operation of our website and cannot be disabled on our systems. They are usually only set in response to an action you take which causes our website to be displayed appropriately on your computer. This includes cookies that determine privacy settings, login or form filling. Users can set their browser to block or warn about these cookies, but some parts of the website may not work. The legal basis for the operation of these cookies is the legitimate interest of the controller (Article 6(1)(f) of the DPA). Users may object to such processing of personal data, but in practice this will prevent the use of our website.
Functional and analytical cookies
These types of cookies enable us to remember user choices made in the past, such as preferred language or user name and password, so that users can, for example, automatically log in. The legal basis for the operation of these cookies is the legitimate interest of the controller, in relation to the users' consent to the processing of cookies (Article 6(1)(f) RODO).
We use these types of files from the following trusted partners:
Google.com | _ga | 1 year
Linkedin.com | AMCV_14215E3D5995C57C0A495C55%40AdobeOrg | 3 miesiące
Google.com | DSID | 3 dni
Google.com | NID | 6 months
Google.com | OTZ | 1 month
Smartlook.com | OptanonAlertBoxClosed | 1 year
Smartlook.com | OptanonConsent | 1 year
Google.com | SEARCH_SAMESITE | 6 months
Smartlook.com | SL_C_23361dd035530_SID | 1 year
Google.com | SOCS | 1 year
Google.com | SSID | 1 year
Google.com | UULE | 1 month
Google.com | __Secure-1PAPISID | 1 year
Google.com | __Secure-1PSID | 1 year
Google.com | __Secure-1PSIDCC | 1 year
Google.com | __Secure-1PSIDTS | 1 year
Google.com | __Secure-3PAPISID | 1 year
Google.com | __Secure-3PSID| 1 year
Google.com | __Secure-3PSIDCC | 1 year
Google.com | __Secure-3PSIDTS | 1 year
Hubspot.com | _ga | 6 months
Gridaly.com | _ga_3G89JNV725 | 1 year
Gridaly.com | cookieyes-consent | 1 year
Smartlook.com | fbclid | 1 months
Gridaly.com | id | 1 year
Hubspot.com | laboratory-anonymous-id | session
Gridaly.com | nQ_userVisitId | 1 day
Hubspot.com | __hs_cookie_cat_pref | 6 months
Advertising cookies
These cookies may be set through our website by our advertising partners. They may be used by their companies to create a profile of your interests and display relevant advertising on other sites. They do not store personal data directly, but rely on the unique identification of the user's browser and internet device. If the user does not allow these cookies, the advertisements displayed will not be tailored to the user's interests. The legal basis for the operation of these cookies is the legitimate interest of the controller, in relation to the user's consent to the processing of cookies (Article 6(1)(f) of the DPA).
We use these types of cookies from the following trusted partners:
Google.com | APISID | 1 year
Linkedin.com | AnalyticsSyncHistory | 1 month
Google.com | SAPISID | 1 year
Google.com | SID | 1 year
Linkedin.com | UserMatchHistory | 1 month
Hubspot.com | __hstc | session
Hubspot.com | _cfuvid | session
Gridaly.com | _fuid | 1 year
Hubspot.com | _ga_LXTM6CQ0XK | 1 year
Smartlook.com | _ga_MJPFXC5F1G | 1 year
Hubspot.com | _gcl_au | 3 month
Linkedin.com | bcookie | 1 year
Linkedin.com | dfpfpt | 6 months
Hubspot.com | hubspotutk | 6 months
Linkedin.com | li_gc | 2 monthe
Linkedin.com | li_mc | 6 months
Linkedin.com| li_sugr | 3 month
Linkedin.com | lms_ads | 1 month
Linkedin.com | lms_analytics | 1 month
Smartlook.com | sourceAdGroup | 3 weeks
Smartlook.com | sourceCampaign | 3 weeks
Smartlook.com | sourceContent | 3 weeks
Smartlook.com | sourceMedium | 3 weeks
Smartlook.com | sourceReferer | 3 weeks
Smartlook.com | sourceSource | 3 weeks
Smartlook.com| sourceTerm | 3 weeks
Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to the user's use of the website. For this purpose, devices may store information about the user's navigation path or the time spent on a particular page.
With regard to the information on user preferences collected by the Google advertising network, the user can view and edit the information resulting from the cookies using the tool: https://www.google.com/ads/preferences/.
Performance cookies
These cookies allow us to count user visits and traffic sources so that we can measure and improve the performance of our website. They help us to know which parts of our website are the most and least popular and to see how visitors move around the website. If you do not allow these cookies, we will not know when you have visited our website and will not be able to monitor its performance. The legal basis for the operation of these cookies is the legitimate interest of the controller, in relation to the user's consent to the processing of cookies (Article 6(1)(f) RODO).
We use these types of cookies from the following trusted partners:
Google.com | AEC | 3 month
Google.com |HSID | 1 year
Google.com | SIDCC | 7 days
Hubspot.com | __hssrc | session
Doubleclick.com | ar_debug | 1 month
Linkedin.com | fptctx2 | session
Hubspot.com | laboratory-anonymous-id | session
Linkedin.com | lang | session
Gridaly.com | messagesUtk | 6 months
Gridaly.com | nQ_cookieId | 1 year
How to manage your consent
You can manage your consent by selecting the appropriate option in the web browser you are using. You can change the scope of your consent to the use of cookies at any time in your Chrome browser by selecting the button on the left-hand side of the website address and then the ‘Cookies and site data’ option.
With regard to the information on user preferences collected by the Google advertising network, the user can view and edit the information resulting from cookies using the following tool: https://www.google.com/ads/preferences/.
List of cookie loading partners:
- Google Ads, Google Analytics, Google Tag Manager https://policies.google.com/privacy?hl=en-US
- Intercom https://www.intercom.com/legal/privacy
- Hubspot https://legal.hubspot.com/privacy-policy
- Smartlook https://www.smartlook.com/
Newsletter
Personal data may also be processed within the Newsletter service, i.e. receiving in electronic form information about Gridaly's commercial offer or activities. The Newsletter service is used for marketing purposes only.
The Newsletter service is voluntary. Gridaly shall not share the data provided for the purpose of the Newsletter service with third parties.
With regard to the Newsletter service, the User is entitled to all personal data rights referred to in the Gridaly Privacy Policy.
The data provided for the purposes of the Newsletter service are not subject to automated decision-making, including profiling.
The User may, at any time, request the discontinuation of the processing of his/her data for the purpose of sending the Newsletter. In this case, Gridaly shall be obliged to immediately cease providing the Newsletter service to that User.
We will share personal data with the following recipients for the purposes set out in the ‘Purposes for which we will use personal data’ table above. Recipients of personal data may be:
Service providers acting as processors who provide our IT and system administration services,
Providers of our cloud services such as AWS and Google,
Providers of online payment processing systems - for the purpose of managing payment transactions,
Organisers of Events hosted on the Gridaly platform and partners of Events - for the purpose of operating the Events and for their marketing purposes (in which case they act as separate data controllers),
Our partners with whom users interact through the GRIDALY services to facilitate the provision of the GRIDALY services,
Cookie technology providers identified in the Cookie Policy above,
Professional advisers, including lawyers, banks, auditors and insurers providing consultancy, banking, legal, insurance audit and accounting services,
Regulators and other public authorities where required by law,
In connection with negotiations, or in the course of negotiations, regarding any merger, sale or transfer of company assets, financing or acquisition of all or part of our business. We will notify you if there is a change in our business.
We will transfer your personal data outside your country of residence, including outside the European Economic Area, in the course of providing GRIDALY services. When we transfer personal data outside the EEA, we will ensure an adequate level of protection by ensuring that one or more of the following safeguards are implemented:
we will only transfer personal data to countries that have been recognised by the European Commission as providing an adequate level of protection for personal data.
If we use certain service providers, we may use special agreements approved by the European Commission that provide personal data with the same protection as they have in Europe.
If we use US-based providers, we only transfer data to them as part of a data processing agreement that includes standard contractual clauses or another legally binding data transfer mechanism that requires them to provide similar protection to personal data shared between Europe and the US.
To obtain a copy of the standard contractual clauses, please contact us using the details provided in the ‘Contact Us’ section below.
We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we restrict access to personal data to those employees, contractors and other third parties who have an appropriate legal basis to know it. They will only process personal data on our instructions and are subject to a duty of confidentiality. We have put in place procedures to deal with suspected data protection breaches and will notify users and any relevant regulators of a breach if we are legally obliged to do so. However, we warn you that no method of electronic data transmission or storage is 100% secure and we cannot guarantee absolute data security.
In certain circumstances, users have rights under data protection legislation in relation to personal data. Users have the right to:
Request access to your personal data. This allows you to receive a copy of the personal data we hold and certain information to check that we are processing it lawfully.
Request the rectification of the personal data we hold. This allows you to correct any incomplete or inaccurate data we hold, although we may need to verify the accuracy of new data you provide to us.
Request deletion of your personal data. This allows you to ask us to delete or withdraw your personal data where there are legitimate grounds for doing so and in accordance with applicable law.
Request the restriction of the processing of your personal data. This allows you to ask us to suspend the processing of your personal data in the following situations:
When you want us to establish the accuracy of the data.
When our use of the data is unlawful but you do not want us to delete it.
When you need us to keep the data even if we no longer need it because we need it to establish, exercise or defend legal claims.
You have objected to our use of your data, but we need to verify that we have an overriding legitimate basis for our use.
Request data portability. You have the right to receive information in a structured, commonly used and machine-readable format and to send such information to another controller.
To object to processing. You may object to the processing of your personal data where we process your data on the basis of legitimate interest. We will then assess the objection and determine whether we have a valid legitimate basis or legal justification for further processing.
Withdrawing consent to processing. You may withdraw your consent at any time where processing is based on your consent. However, this will not affect the lawfulness of processing carried out prior to the withdrawal of consent.
To lodge a complaint with the Data Protection Authority. You have the right to lodge a complaint with the Office for the Protection of Personal Data (UODO), the Polish supervisory authority for data protection (www.uodo.gov.pl), if you consider that the processing of your data violates data protection legislation. Detailed information on your right to complain is available at: https://uodo.gov.pl/pl/83/155 You can also address your complaint or concern to your local data protection authority.
If you wish to exercise any of the above rights, please contact us as described in the ‘Contacting GRIDALY’ section below.
If you have any questions about this privacy policy or our privacy practices, including any requests to exercise your rights, please contact the Data Protection Officer we have appointed. This is the person who users can contact for all matters relating to the processing of personal data. The Data Protection Officer at Gridaly is Bartosz Szuryga. Users can contact him as follows:
(a) by letter to the address of GRIDALY: 64 Nowogrodzka Street, premises 43, 02-014 Warsaw with the note ‘to the Data Protection Supervisor’.
(b) by e-mail: iod@gridaly.com.
Dictionary
Legitimate interest means our company's interest in running and managing our business to enable us to provide you with the best service/product and the best and safest experience. We make sure that we consider and balance any potential impact of processing on users (both positive and negative) and their rights before we process personal data in our legitimate interests. We do not use personal data on the basis of legitimate interests for activities where our interests override those of users.
Performance of a contract means processing data where this is necessary for the performance of a contract to which you are party or to take action at your request prior to entering into such a contract. In relation to GRIDALY, this means the performance of the contract concluded with the user for the provision of GRIDALY services. We are not involved in the processing of personal data during any contracts you enter into with our third-party partners or integration service providers.
Fulfilling a legal obligation means processing personal data where this is necessary to fulfil a legal obligation to which we are subject.
We do not ‘sell’ personal information about our promoters or users of our services without your prior consent, within the meaning of the term ‘sale’ under the California Consumer Protection Act (‘CCPA’). This means that without your consent, we do not sell, rent, share or otherwise disclose your personal information in exchange for money or for the acquisition of other value.
In addition to the rights described above, California law grants residents of the State of California certain rights set forth below:
- Information. At a minimum, you have the right to be informed about the categories of personal information collected and the purposes for which it is used at or before the time it is collected.
- The right to nondiscrimination. The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA, such as by denying or providing a different level or quality of goods or services, charging different prices, or imposing penalties on residents exercising their rights under the CCPA, unless it is reasonably related to the value provided to the company by the state residents' data.
Submission of requests
Requests to exercise the above rights can be made by users by emailing us at iod@gridaly.com. We ask that users ensure that the information they provide to us, such as their name and email address, is consistent with the information we currently have. If we are unable to verify the identity of users from the information provided, we may require additional information. We will respond to verifiable requests received from California consumers as required by law.
Right to obtain annual information
Under California's Shine the Light law, California residents who provide certain personal information to us have the right to request and obtain from us, free of charge, information about the personal information (if any, and as legally defined by the term ‘personal information’) that we have shared with third parties during the previous calendar year for their own direct marketing purposes. Such requests can be made once per calendar year by emailing us at iod@gridaly.com. In the request, users must include the statement ‘Shine the Light Request’ in the subject line and body of the email, provide their name, email address and home address, and certify that they are a California resident. We reserve the right to request additional information to confirm users' identity and residence in California.
We may collect, use, store and transfer different types of your personal data, which we have grouped as follows: