Privacy and Cookie Policy
The Administrator of the finne platform, available at https://finne.pl/, https://finne.cz/, https://finne.sk/, https://finne.hu/, http://finne.com.ro/ (“Website“) and, at the same time, the Administrator of your personal data is REDD GROUP PROSTA SPÓŁKA AKCYJNA with its registered office in Warsaw, Poland, (“Administrator” or”Company“).
Contact to Administrator: finne.pl
In order to contact the Administrator, User can use the e-mail address: odo@finne.pl or send a letter via Poczta Polska to: 7/9 Próżna Street, 00-107 Warsaw.
The purpose of the Policy is to clarify the terms of the Terms & Conditions in accordance with the applicable requirements, anticipated by the applicable law for the processing of personal data. Capitalized terms have the meaning given to them in the Terms and Conditions.
It is also our goal to duly inform you on matters related to the processing of personal data, especially in view of the content of the data protection legislation, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“RODO”). Therefore, in this document we inform you about the legal basis for the processing of personal data, the ways in which it is collected and used, as well as the rights ot the subjects of such data .
Personal data and its processing
Personal data includes any information that identifies a physical person (“Data”). The Administrator obtains personal data to the minimum extent necessary to fulfill the purposes set forth below. Its goal is that each User using the Website and Contact forms is aware of what Personal Data is being processed, for what purpose, by whom and what rights they have in connection with the processing.
Data processing does not always take place directly (as, for example, when obtaining specific information when using Paid Services). The specific nature of the Website causes that the Administrator also obtains data indirectly using, among other things, so-called cookies. Providing personal data is voluntary, but some of it may be necessary to ensure proper use of the Website and the Administrator’s services.
How, under what legal basis and what type of personal data does the Administrator process?
We wish to be transparent about the means and legal basis for processing personal data, as well as the purposes for which the Administrator processes personal data. We take care to always indicate the necessary information in this regard to each person whose personal data we process as a data controller. Guided by this, in order to make our explanation of these issues as clear as possible, we provide the following summary of personal data processing operations.
At the same time, we would like to point out that whenever we process personal data on the basis of the controller’s legitimate interest, we try to analyze and balance our interest and the potential impact on the data subject (positive as well as negative) and the rights of that person under data protection regulations. We do not process personal data based on our legitimate interest if we conclude that the impact on the data subject would outweigh our interests (in which case we may process personal data if, for example, we have the relevant consent or are required or permitted by law to do so).
General information
Individuals who visit the Website, use the Services, or contact the Administrator through the Website’s Contact form have control over the personal information they provide to Us. The Website limits the collection and use of information about their users to the minimum required to provide the Services to them at the desired level.
What personal data do we process?
We process only those data that are necessary for the purpose for which they were collected. Depending on the type of service provided, the scope of data may be different:
- If you enter into a contract with us for the provision of Services we process personal data such as – name, contact details and payment details.
- If you use our electronic services (create an account) we process your data to enable you to log into your Account.
- If you have given us permission to send you marketing information we process, among other things, your name and email address.
- If we issue a sales document then we process such data as Your name, address of residence (registered office), tax identifiaction number.
- If we communicate with you electronically or through the use of telecommunications terminal equipment and automatic calling systems (with your prior consent to such communication) then (depending on the form of communication) we process such data as your name, phone number, e-mail address.
Contact form
The personal data you provide to us via the Contact Form located on the Website, including your name and contact details (e-mail address, phone number) and optionally – company are processed to the extent necessary to respond to the message received via the Form and to establish contact with you for this purpose.
By submitting the Contact Form, you consent to the transfer of your personal data indicated in the Contact Form to the User who published the Advertisement in which you are interested.
User Account
The personal data that you provide to us by creating an Account, including your name and contact information (e-mail address, telephone number), data about your business, information about the Advertisement you post, are processed to the extent necessary for the proper performance of the Services by the Administrator.
Contact by email
The personal data you provide to us when contacting us via the e-mail address on the Website, including your name and contact information (e-mail address), are processed to the extent necessary to respond to the message received by e-mail and to contact You for this purpose.
Commercial information – marketing consent
The personal data you provide to us in order to receive commercial and marketing information from the Website Administrator, i.e. name, surname, telephone number, e-mail address, are processed to the extent necessary to send you the aforementioned information based on the consent previously obtained from you. Such consent may be withdrawn at any time.
Cookies
Virtually every Website nowadays uses so-called cookies, i.e. files that are used to automatically collect personal data from Website users (“Cookies”). The Administrator’s Website is no different. The information obtained in this way is stored on the computer or other mobile device of the user who uses it.
There are two primary purposes for the use of Cookies: to maintain the User’s session and save it, and to provide security (e.g. in detecting abuse). In this regard, the use of Cookies is essential.
To a further extent, Cookies may not be essential, but they greatly facilitate the use of the Website. They are used for such purposes as:
- to remember specific User choices about displaying a certain message or displaying it a certain number of times,
- monitoring user activity on the Website,
- collecting anonymous, aggregate statistics to improve Website functionality.
In this regard, the Administrator uses the services of third parties, the list of which evolves depending on the shape of the market and technical capabilities. These entities include:
- Google Analytics (Google Privacy Policy) – through them, the Administrator verifies the User who has already used the Website, observes traffic and user behavior on the Website.
- Google Ads (Google Privacy Policy) – The Administrator gets to track conversions – sales and conversions from ads and free service information.
- Google Search Control (Google Privacy Policy) – facilitates monitoring of server problems, Website loading and is responsible for security
- Snitcher (Snitcher Policy) – The administrator uses Cookies to measure Website usage for business purposes
- Hotjar (Hotjar Privacy Policy) – through them the Administrator verifies the user, observes traffic and user behavior on the Website.
- Zoho PageSense (Zoho Privacy Policy) – these Cookies are used to identify and analyze Website visitors’ data,
- Useberry (Useberry Privacy Policy) – these Cookies guarantee access to insights into users’ heatmaps, videos, User flows and their time on the Website.
It should be noted that at no stage are you obliged to accept Cookies. Through your web browser, it is possible to make a configuration that will prevent Cookies from being stored on your computer, or other mobile device. It is also possible to delete current Cookies. However, failure to accept Cookies may adversely affect the operation of the Website and in some cases even prevent you from using certain functions.
You have the ability to allow cookies and to block and delete cookies installed on your device using your browser settings. If you block cookies, it is possible that certain services that require the use of cookies will no longer be available.
Below are links to information on how you can set your cookie preferences in popular web browsers:
Google Chrome – https://support.google.com/chrome/answer/95647?hl=en
Mozilla Firefox – https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop?redirectslug=enable-and-disable-cookies-website-preferences&redirectlocale=en-US
Internet Explorer – https://support.microsoft.com/en-gb/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
Safari – https://support.apple.com/en-gb/guide/safari/sfri11471/mac
If you accept all third-party cookies, you can later delete them in your browser settings or through a system offered by the third party.
Access logs
Based on the analysis of access logs, the Administrator collects information on the Website’s use by users and their IP addresses. The purpose of obtaining this data is possible diagnosis of problems related to the operation of the server, assessment of the risk of possible security breaches and management of the Website.
The above information makes it possible to create aggregate statistical statements, which may be disclosed to third parties (issues related to, for example, Website views).
Sometimes also an authorized state authority, in connection with ongoing investigations may oblige the Administrator to disclose IP information of a particular User.
Automatic processing of personal data
The information we collect in connection with the use of our Website may be processed by automated means (including profiling), but this will not have any legal effect on the individual or similarly significantly affect the individual. We pay particular attention to the issue of profiling and point out that:
- we do not process any sensitive data for profiling purposes,
- for profiling purposes, we generally process such data that we have aggregated,
- if we cannot achieve the purpose other than through profiling of non-pseudonymized or non-aggregated personal data, we use typical data for this purpose: email address and IP address or Cookies,
- we profile in order to analyze or predict the personal preferences and interests of individuals using our Website and to tailor the content on our Website to those preferences,
- we profile for marketing purposes, i.e. to match marketing offers to the above preferences.
Legal Basis for Processing
Website users’ personal data is processed on the basis of obligations under applicable law (all), obtained consent (commercial information), necessity of contract performance (fulfillment of request) (Customers’ Data) and legitimate interest of the Administrator.
How long does the Administrator keep the data?
The duration of data storage depends on the legal basis for processing:
- in the case of consent (e.g., to share commercial information), the period lasts until it is withdrawn,
- when processing data for the performance of a contract – for the duration of the contract and the statute of limitations for claims arising from it,
- when processing data based on obligations under applicable laws and regulations, the Administrator shall process data for as long as necessary under such laws and regulations,
- when processing data in pursuit of a legitimate interest of the Admistrator, the processing continues as long as the interest continues.
The period of processing of the above data may be extended if the processing is necessary for the determination and investigation of claims or defense against claims. After the expiration of the above periods, the data shall be immediately deleted or anonymized.
Recipients of data
Sometimes the Administrator has the right to transfer Users’ data if it is necessary for the performance of services, fulfillment of obligations and due to fulfillment of applicable laws.
If you express in the Contact Form or via e-mail your wish to contact a particular User who has placed an advertisement on the Website, your personal data may be transferred to the User in question.
In addition, the Administrator may use the services of external entities to perform certain tasks, such as data storage, accounting services, legal services, marketing services, or IT services. If necessary, data may also be received by authorized authorities.
When entrusting data to subcontractors in the fulfillment of the Administrator’s purpose, there is no change in the Administrator of the data and the Administrator remains responsible for its security.
User data may be transferred to the following entities:
- to processors that we contract to study a specific purpose, such as an IT company or a law firm,
- a processing entity such as Google Analytics,
- other recipients of the data, e.g. law enforcement agencies, banks.
Whether and to whom does the Administrator share user data?
Outside of the above scope, data are not shared with third parties, except where the user expressly consents to this voluntarily (which can be revoked at any time), the sharing of data is necessary for the performance of a contract or the provision of services, and in specific cases where an authorized entity requests the sharing of data on the basis of generally applicable laws (e.g., it is a law enforcement agency).
Each of the above-mentioned situations is thoroughly analyzed by the Administrator, and the final transfer of data takes place only in the case of confirmation of the existence of a valid and effective legal basis for the request for disclosure of user data by these entities.
Sharing data with entities outside the EEA
The Administrator may transfer the acquired data to other entities, only if the legal basis allows him to do so.
Some of the service providers to the Administrator are based outside the European Economic Area (EEA). When transferring data outside the EEA, the Administrator exercises increased caution. It verifies that the supplies guarantee a high degree of protection of personal data, consistent with legal requirements within the EEA and the established line of jurisprudence, among others, the ruling of the Court of Justice of the European Union on 27 July 2020. Schrems II. Minimizes the scope of data sent outside the EEA, and in the case of the application of SCCs (standard contractual clauses adopted by the European Commission), verifies whether there is a risk of a personal data breach by entities outside the EEA. Among other things, it examines the process of securing data and whether the data shared could potentially be of interest to third countries.
Data protection
The Administrator uses all available physical, technical and organizational measures to ensure proper protection of personal data. In particular, secures them against destruction, accidental loss, disclosure to unauthorized persons, alteration and verifies the scope of access. The Administrator shall implement the rights of the persons affected by data processing. He keeps an appropriate register of data processing activities, notifies the relevant offices and persons affected by specific data of violations related to the processing of personal data.
Vested Rights
Users have the following rights in connection with the processing of their personal data:
- to information regarding the personal data processed, the so-called “information obligation”,
- access to the scope of their personal data,
- to request rectification of personal data, i.e. correcting incorrect data and completing incomplete data,
- to request the restriction of the processing of personal data,
- The right to request the transfer of your personal data to another Administrator,
- object to the processing of data on basis relating to a particular situation, however, this right is not absolute – i.e. despite the objection, the Administrator may still process personal data if he demonstrates that there are important, legally justified grounds for processing, overriding the rights and freedoms or grounds for establishing, pursuing or defending claims,
- object to the processing of personal data performed for direct marketing purposes, to the extent that the processing is related to such direct marketing. This objection does not require justification or conditions of effectiveness. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
- make a demand for erasure of personal data – the so-called “right to be forgotten”, this right is granted when the Administrator processes data unlawfully, when the user objects to the processing of data for marketing purposes, and when the data must be erased in order for the Administrator to comply with an obligation under the law.
In addition, the User has the right to file a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection.
If the user wishes to exercise any of the above rights, he/she may contact the Administrator via the e-mail address odo@finne.pl or at the address indicated above.
Privacy Policy Update
The Administrator declares that this Privacy Policy will be updated on an ongoing basis, among others, in case of introduction of new legal requirements or guidelines. The Administrator will also take into account changes in technology, used in the process of data processing and data protection, changes in the purposes of processing, the categories of data obtained and the legal basis for their processing.