Security policy

DEAR USER!

We care about your privacy, and we want you to feel comfortable while you are using our services. Therefore, below we present you information about the rules of processing your personal data by us and the cookies that we use. This information was prepared in compliance with the GDPR, i.e. the General Data Protection Regulation.

PERSONAL DATA CONTROLLER

The controller, i.e. the entity deciding on the use of personal data of users of the website https://baselinker.com/ (respectively 'Website' and 'Users'), is the company BaseLinker spółka z ograniczoną odpowiedzialnością with its registered office in Wrocław at Plac Solny 15, 50-062 Wrocław, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Wrocław-Fabryczna in Wrocław, VI Commercial Division of the National Court Register, under KRS number 0000795513, NIP (Tax DI) 8971868567, REGON (Business ID) 383907714, with a share capital of PLN 3,620,000.00 ('BaseLinker'), the operator of the Website.

If you wish to contact us regarding the processing of your personal data, please write to our Data Protection Officer, Paweł Mielniczek, at e-mail address: privacy@baselinker.com

PERSONAL DATA PROCESSOR

The basic services provided by BaseLinker consist in granting through the Website access and license to software designed to support online sales conducted by Users. In this case, Users remain the controllers of the personal data processed within the Website, entrusting us with the personal data processed as part of their activities. We therefore suggest that enquiries regarding data processed by an online retailer be addressed directly to the User concerned (as the controller of such data), as it is the User who decides on the purposes and means of data processing. Further information contained in this Policy applies to cases where we process data on our own behalf, as part of a direct relationship with the data subject.

YOUR RIGHTS

In situations provided by law, you have the right to:

• access to your personal data, including obtaining a copy of your data (Article 15 of the GDPR or, where applicable, Article 13(1)(f) of the GDPR),
• data rectification (Article 16 of the GDPR),
• data erasure (Article 17 of the GDPR),
• limit processing (Article 18 of the GDPR),
• transfer your data to another controller (Article 20 of the GDPR),
• withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal (Article 7(3) of the GDPR),

as well as the right to:

• object at any time to the processing of your data:
  - on grounds relating to your particular situation, to the processing of personal data concerning you based on Article 6(1)(f) of the GDPR), (i.e. the legitimate interests pursued by us), including profiling (Article 21(1) of the GDPR);
  - if personal data is processed for the purposes of direct marketing, including profiling, to the extent that the processing is related to such direct marketing (Article 21(2) of the GDPR).

Please contact our Data Protection Officer if you want to exercise your rights. Please be aware that you can object to our use of cookies by using the appropriate browser settings (which you can read about below).

If you believe that your data is being processed unlawfully, you can submit a complaint to the President of the Office for Personal Data Protection.

PERSONAL DATA AND PRIVACY

We process your data for purposes related to BaseLinker's business, the provision of services offered by BaseLinker, the operation of the Website, blog or other ancillary websites or mobile applications. Below you will find detailed information on the processing of your data depending on your actions.

1. USERS OF WEBSITES AND SOFTWARE OPERATED BY BASELINKER
USE OF THE SOFTWARE AND OTHER SERVICES OFFERED BY BASELINKER

For what purpose?

We process the data: in order to perform the agreement with the User or to take actions before concluding the agreement, at the request of the User, expressed in any way, e.g. by filling in the contact form on the website, for billing, accounting and financial reporting purposes, We also process data in connection with the implementation of the legitimate interests of BaseLinker, i.e.: to establish, assert and defend claims, for statistical purposes, related to improving work efficiency, quality and safety of provided services and adjusting them to the recipients. In the case where the User has given his/her consent - we process the data for the purposes indicated in the content of the consent to process personal data. Please note: providing data other than that requested by BaseLinker or data marked as optional is a clear act of consent to the processing of personal data for the purposes for which it was provided.

On what legal basis?

The basis for the processing of your personal data is: Performance of an agreement concluded with the User or taking action prior to the conclusion of an agreement at the request of the User (Article 6(1)(b) of the GDPR - if you are our User; Article 6(1)(f) of the GDPR - if you are a person cooperating with us on behalf of the User); implementation of legal obligations, in particular obligations related to accounting (Article 6 (1)(c) of the GDPR); the legitimate interests of BaseLinker in ensuring the security of the User's account, providing services tailored to the needs of Users and ensuring the functionality of the Website (Article 6(1)(f) of the GDPR). We process optional data on the basis of consent - if any (Article 6(1)(a) or Article 9(2)(a) of the GDPR).

For how long?

Your data will be processed by: the period of performance of the agreement that links you to BaseLinker; the period required by law, in particular accounting regulations; if justified - until the expiry of the limitation periods for claims arising from the agreement which links you with BaseLinker; - depending on which of the above-mentioned periods is longer; until you object - to the processing of your personal data based on BaseLinker's legitimate interests - as long as there are grounds for doing so. If processing is based on consent, data will be processed until you withdraw your consent.

TO GET IN TOUCH WITH US (E.G. TO RECEIVE SUPPORT OR ASK A QUESTION ABOUT HOW THE WEBSITE WORKS)

For what purpose?

Handling your enquiries or requests, or adapting our services to your needs (including by recording and analysing your calls to our support department).

On what legal basis?

The basis for processing your data is the performance of an agreement with you (Article 6(1)(b) of the GDPR) - where your enquiry or request relates to the subject matter of the agreement to which we are a party. We may also process your personal data based on our legitimate interest to process your data in order to communicate with you - if your enquiry or request is not related to an agreement, or to process your data in order to conduct satisfaction surveys with our services or to establish, assert and defend claims (Article 6(1)(f) of the GDPR). If you have given your consent - we also process your data on the basis of your consent, e.g. your consent to record your calls with the support department (Article 6(1)(a) or Article 9(2)(a) of the GDPR).

For how long?

Your data will be processed for the duration of the agreement that connects you with BaseLinker. However, to the extent that we process your personal data based on our legitimate interest: 36 months or until we take into account your objection to the processing; until the expiry of the redress period; - whichever period applies. If processing is based on consent, data will be processed until you withdraw your consent.

CONDUCTING ANALYTICAL ACTIVITIES

For what purpose?

To analyse how you use and navigate the website in order to adapt the website to your needs and behaviour (you can read more about this in the 'Analytics Activities' and 'Cookies' sections of this Policy).

On what basis?

Our legitimate interest to process your data for the purpose stated above (Article 6(1)(f) of the GDPR).

For how long?

Until the expiry or deletion of analytical cookies by you. Whichever is applicable in each case and which comes first. The specific periods and types of cookies are indicated here.

CONDUCTING MARKETING ACTIVITIES

For what purpose?

Direct marketing by displaying personalised advertising (you can read more about this in the 'Profiling' and 'Cookies' sections of this Policy). Conducting other marketing activities, including sending industry information or voice calls (telephone marketing) - if you have given your prior consent - for the purpose indicated in the content of these consents.

On what basis?

Our legitimate interest in processing the data for the purpose stated above (Article 6(1)(f) of the GDPR) and, if given, consent to the processing of personal data (Article 6(1)(a) or Article 9(2)(a) of the GDPR).

For how long?

Until you withdraw your consent or object and, for cookies, until the marketing cookies expire or are deleted by you (see the explanation in the 'Cookies' section), whichever is applicable in each case and which comes first. The specific periods and types of cookies are indicated here.

2. POTENTIAL USERS OF THE WEBSITE, INCLUDING RECIPIENTS OF MARKETING ACTIVITIES

For what purpose?

We process data in order to present information about the functionality of the Website, using the following forms of communication: voice calls (telephone marketing), sending information about BaseLinker's offer (e-mails or text messages). In addition, we process data for the purposes indicated in the content of consents for personal data processing - if such consents were expressed, also to present an offer concerning products and services of companies cooperating with BaseLinker, and upon request - to take steps aimed at concluding an agreement, including by presenting BaseLinker's offer.

On what legal basis?

BaseLinker's legitimate interests in processing data for the purpose stated above (Article 6(1)(f) of the GDPR) and taking steps to enter into an agreement (Article 6(1)(b) of the GDPR). In the remaining scope, we process data on the basis of consent - if any (Article 6(1)(a) or Article 9(2)(a) of the GDPR).

For how long?

Your personal data will be stored until you withdraw your consent or lodge an objection, i.e. show us in any way that you do not wish to remain in contact with us and to be informed about the actions we take.

3. PARTICIPANTS IN WEBINARS, BASELINKER ACADEMY AND OTHER BASELINKER EDUCATIONAL INITIATIVES

For what purpose and on what legal basis?

We process the data: for the purpose of the educational initiatives organised, if applicable, for the purpose of performing an agreement with the User or taking steps prior to concluding an agreement, at the request of the User expressed in any way, e.g. by filling in a contact form on the website. Data processing may also be carried out for the purposes indicated in the content of the consent to personal data processing - if such consents were expressed. Please note: providing data other than that requested by BaseLinker or data marked as optional clearly implies consent to processing personal data for the purposes for which it was provided. We also process data in connection with the legitimate interests of BaseLinker, i.e. for statistical purposes, related to improving the efficiency of our work, the quality of our initiatives and adapting them to our audience, or for the establishment, assertion and defence of claims.

On what legal basis?

To fulfil an agreement with you (Article 6(1)(b) of the GDPR - if you are a user of the Website, including BaseLinker Academy; Article 6(1)(f) of the GDPR - if you are a person working with us on your behalf), or BaseLinker's legitimate interests (Article 6(1)(f) of the GDPR) in processing your personal data for statistical purposes. We process data you provide optionally on the basis of your consent (Article 6(1)(a) or Article 9(2)(a) of the GDPR).

For how long?

As a general rule, your data will be processed for the duration of the educational initiative and, if applicable, the agreement with you. In addition, your data, processed based on BaseLinker's legitimate interests, will be stored for 36 months or until the expiry of the limitation periods for claims arising from the agreement with you, as applicable. If processing is based on consent, data will be processed until you withdraw your consent.

4. SOCIAL MEDIA USERS

For what purpose?

We process your data for the purpose of maintaining your social media account, including promoting your brand, moderating the forum, accepting submissions and maintaining statistics. If, as part of certain processing purposes, our organisation is a joint controller with another entity, information in this respect will be provided separately, including as part of the Facebook terms of use available at: https://www.facebook.com/legal/terms/page_controller_addendum

On what legal basis?

BaseLinker's legitimate interests to process data for the purpose stated above (Article 6(1)(f) of the GDPR). For the rest, we process your data on the basis of your consent - if any (Article 6(1)(a)).

For how long?

Your personal data will be stored until you withdraw your consent or lodge an objection, i.e. show us in any way that you do not wish to remain in contact with us and to be informed about the actions we take. If justified, after withdrawal of consent or objection, personal data may be kept until the expiry of limitation periods.

5. PARTNERS, SUPPLIERS AND PERSONS APPOINTED TO PERFORM THE AGREEMENT

For what purpose?

We process the data: for the purpose of fulfilling an agreement with a concluded partner or taking pre-contractual action at the partner's request, including within the framework of partner or referral programmes; for billing, accounting and financial reporting purposes, in order to comply with legal obligations other than those referred to in point b). And also in relation to BaseLinker's other legitimate interests: to establish, assert and defend claims, for statistical purposes, related to improving work efficiency, quality of provided services and adjusting them to the recipients.

On what basis?

To perform an agreement with a partner or to take pre-contractual action at the partner's request (Article 6(1)(b) of the GDPR - if you are our partner; Article 6(1)(f) of the GDPR - if you are a person working with us on behalf of the partner); to comply with legal obligations (Article 6(1)(c) of the GDPR); BaseLinker's legitimate interests (Article 6(1)(f) of the GDPR).

For how long?

As a general rule, your data will be processed for the duration of the agreement that connects you with BaseLinker. Your data will also be stored for the period required by law, in particular accounting regulations, and, if justified, until the expiry of the limitation periods for contractual claims, whichever is longer.

COOKIES

The websites operated by BaseLinker, like most websites, use the so-called cookies. These files:

• are stored in the memory of your device (computer, telephone, etc.),
• do not alter the settings of your device.

On websites operated by BaseLinker, cookies are used for the following purposes:

• remembering your session,
• analytical purposes,
• marketing purposes,
• making Website functions available.

Using the appropriate options of your browser, you can at any time:

• delete cookies,
• block the use of cookies in the future.

In such cases, we will no longer process them.

To find out how to manage cookies, including how to block them, you can consult your browser's help file. You can read this information by pressing the F1 key in your browser. In addition, you will find relevant instructions on the following pages, depending on the browser you are using:

• Firefox
• Chrome
• Safari
• Internet Explorer / Microsoft Edge

Under this link you will find information about the function of the cookies we process and their period of validity. You can find more information about cookies on Wikipedia.

AUTOMATED DECISION MAKING

As a general rule, your personal data will not be processed by automated means (including profiling) in such a way that any decisions could be made as a result of such automated processing, that other legal effects would be produced or that it would otherwise materially affect our customers, contractors and their employees/associates.

Where automated decision-making is intended, we will provide separate information in advance, including details of how such decisions are made and the consequences of such processing. In cases of automated decision-making, you have the right to challenge this decision and obtain human intervention on the part of the Controller.

PROFILING

We perform profiling within the Website - with regard to you, this will be the case if you allow (e.g. through the relevant settings of your browser) such actions. This profiling consists of automatically assessing which products or services you may be interested in, using information about the content you have viewed. As a result, advertisements for products or services displayed on the online services you use will be more relevant to you and your needs.

The profiling we perform does not result in decisions that produce legal effects for you or affect you in a similarly significant way.

ANALYTICAL ACTIVITIES

We conduct analytics activities on the Website in order to make the Website more intuitive and accessible - this will be the case for you if you have allowed (e.g. by appropriate settings on your browser) such activities. As part of the analytics, we will take into account how you navigate the Website, e.g. how much time you spend on a given subpage, or which areas of the Website you click on. This allows us to adapt the layout and appearance of the Website and the content published therein to the needs of Users.

GOOGLE ANALYTICS AND GOOGLE TAG MANAGER

The websites operated by BaseLinker use Google Analytics, a web analytics service provided by Google Ireland Limited ('Google'). Google Analytics uses cookies. The information generated by the cookie about your use of the website is usually transferred to a Google server in the USA and stored there. However, due to activation of IP anonymisation on these websites, your IP address will be truncated beforehand by Google in Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website traffic and internet usage to us. The IP address provided by Google Analytics will not be merged with other data held by Google.

The purpose of data processing is to evaluate the use of the website and compile reports on the activities on the website. Based on the use of the website and the internet, other related services will be provided. The processing is based on our legitimate interest.

Google Analytics collects data about IP addresses, network location, date of visit, operating system, browser type. You can prevent the storage of cookies by using the appropriate setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible.

In addition, you can prevent the collection by Google of the data generated by the cookie and the data related to your use of the website (including your IP address), as well as the processing of this data by Google, by downloading and installing the browser plug-in available under the following link: Browser Add On to disable Google Analytics. In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our pages by clicking on this link. An opt-out cookie will be installed on your device. This will prevent Google Analytics from collecting this website and this browser in the future, as long as the cookie remains installed on your browser.

HTTP request logs can be used by Google Tag Manager. Read more about Google Tag Manager in the Privacy and data security document.

FACEBOOK

Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic performance of our online offering within the meaning of Article 6 (1)(f) of the GDPR) we use social plugins ('plugins') of the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ('Facebook'). The plugins can represent elements of interaction or content (e.g. videos, graphics or text inserts) and can be identified by one of the Facebook logos (white 'f' on a blue tile, terms 'Like', 'Thumbs Up' or 'sign') or are identified by the addition 'Facebook Social Plugin'. The list and appearance of Facebook social plugins can be viewed here.

When you use functions on a website that contains such a plug-in, your device establishes a direct connection to the Facebook servers. The content of the plug-in is transmitted by Facebook directly to the user's device and incorporated by the user into the online offer. In this process, user profiles can be created from the processed data. We have no influence over the amount of data that Facebook collects via the plugin, so we inform users of how this works to the best of our knowledge.

By integrating the plugins Facebook is informed that the user has accessed the relevant page. If a user is logged into Facebook, Facebook can attribute the visit to their Facebook account. If users interact with the plugins, for example by using the Like button or the function to leave a comment, the information is sent from the device directly to Facebook and stored there. If the user is not a member of Facebook, it is still possible that Facebook will obtain the IP address.

The purpose and scope of data collection and further processing and use of data by Facebook, as well as the associated rights and options for setting user privacy protection, can be found in Facebook's privacy policy.

If you are a Facebook user and do not want Facebook to collect data about you via this website and link it to your data stored on Facebook, you must log out of Facebook and delete your cookies before using our website. Other settings changes regarding the use of data for advertising purposes are possible in your Facebook profile settings. The settings are adapted to all devices, such as desktop computers or mobile devices.

We use a 'user action pixel' called 'Facebook Pixel', a service provided by Facebook on our website. With its help, we can track users' actions after viewing or clicking on a Facebook ad. This allows us to track the effectiveness of Facebook ads, which we use for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which we inform you about to the best of our knowledge. Facebook may link this data to your Facebook account and use it for its own advertising purposes, in accordance with Facebook's data use policy. You can prevent Facebook and its affiliates from displaying advertisements on and off Facebook.

HOTJAR

We use cookies associated with Hotjar to monitor user activity for statistical purposes, as well as to make decisions about improving the website.

Information about cookies from HotJar Ltd is available on this page. The Privacy Policy of HotJar Ltd. is available here.

CRITEO

As part of the operation of the Criteo plugin, a pseudonymised user identifier (hash) is created to enable activity analysis and the delivery of personalised advertising. Due to Criteo's decision-making on the content and location of advertisements, Criteo becomes a joint controller of personal data. This means that both Criteo (32 rue Blanche, 75009 Paris, France, dpo@criteo.com) and BaseLinker jointly determine the purposes and means of the processing of personal data, whereby the joint controllers have agreed that each of them is responsible for the processing of data within the scope of its website. More information on the scope of data processing and the responsibilities of the joint controllers can be found here. Individuals' rights can be exercised against each of the joint controllers.

DATA SECURITY

When processing your personal data, we use organisational and technical measures in accordance with the relevant legislation, including the use of encryption of the connection using an SSL certificate.

VOLUNTARY PROVISION OF PERSONAL DATA

Giving data is necessary to conclude agreements and to account for the conducted business and BaseLinker's fulfilment of legal requirements. To the remaining extent (in particular, for BaseLinker to process data for individual marketing purposes) providing data is voluntary.

SOURCE AND CATEGORIES OF PROCESSED DATA

As a general rule, we process data obtained directly from you. If you did not provide us with your personal data, we obtained it from our User, a contractor or from another entity that had a valid legal basis for providing it (e.g. from your representative or from an entity that had your consent to provide us with the data).

We acquire personal data to the extent necessary to fulfil the purposes of the processing. If data is collected for the purpose of concluding and performing an agreement, the most common are: name, surname, identification data, postal address, e-mail address, telephone number, order data, invoice data and contact history with BaseLinker support. In case of concluding a written agreement, we also process the PESEL (Personal ID) number. In the case of electronic transaction processing - also login, password, as well as purchase and activity history.

DATA RECIPIENTS

To the extent necessary to achieve the purposes of processing, the recipients of your personal data may be external entities, on the basis of a concluded agreement on the entrustment of personal data processing, or in order to provide services specified in the agreement or work commissioned for BaseLinker or to ensure cooperation and communication between BaseLinker and its affiliates, contractors and associates. Recipients, in addition to those identified within the information about data processing on the Website and on the websites operated by BaseLinker, may be:

1. entities providing accounting services, audit services, legal services;
2. IT service providers, in particular, hosting services, server administration and provision or maintenance of IT systems, cloud computing service providers, software providers used by BaseLinker in the ordinary course of business;
3. users of the website, social media such as Facebook, LinkedIn;
4. customers and contractors, including subcontractors and suppliers of the organisation;
5. companies archiving and destroying documents, entities providing services in the field of document management;
6. companies conducting marketing activities and promotional campaigns;
7. postal or courier service contractors - if there is a need to exchange correspondence through such a channel;
8. third parties supporting BaseLinker's operations, including BaseLinker's associates;
9. banks, insurance companies and other financial and payment institutions;
10. BaseLinker affiliates;
11. law enforcement and government agencies.

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

Your personal data will as a rule not be transferred outside the European Economic Area ('EEA'). However, given the services provided by BaseLinker's subcontractors in the provision of support for ICT services and IT infrastructure, and the supply of software for use in the ordinary course of business, BaseLinker may outsource certain IT activities or tasks to recognised subcontractors operating outside the EEA, which may result in your data being transferred outside the EEA.

Recipient countries outside the EEA, as decided by the European Commission, provide an adequate level of protection of personal data in accordance with EEA standards. For recipients within countries not covered by the European Commission's decision, in order to ensure an adequate level of this protection, BaseLinker concludes agreements with recipients of your personal data based on standard contractual clauses issued by the European Commission in accordance with Article 46(2)(c) of the GDPR.

A copy of the standard contractual clauses can be obtained from BaseLinker by turning to the contact details provided above. The method used by BaseLinker to secure your data complies with the principles provided for in Chapter V of the GDPR. You may request further information about the safeguards applied in this regard, obtain a copy of these safeguards and information about where they are available.