Privacy policy

Who is the data controller for your personal data we process and how can You contact Us?

Digital Fingerprints S.A, located in Katowice at Gliwicka 2/8, registered at Gliwicka 2/8, 04-079 Katowice, is the data controller for your personal information we process.

If you have questions about the processing of your personal data and your rights, please contact us:

by e-mail to the following address: [email protected]
By sending a letter to the following address: Digital Fingerprints S.A, Gliwicka 2/8, 04-079 Katowice

The Company has designated a data protection Officer.

It performs this function Michał Chmiel. The Data Protection Officer can be contacted at the following email address: [email protected]

Data processing in accordance with the law

We collect and process personal data necessary in relation to our business activities, in accordance with applicable law, including the GDPR and the principles of data processing contained therein.

We process personal data transparently and we always inform data subjects about the processing of data at the time of collection, including but not limited to informing them about the purpose and legal basis for processing. We make sure that the data is collected only to the extent necessary to achieve the indicated purpose and processed only for the period in which it is necessary.

When processing personal data, we ensure its integrity and confidentiality as well as access to information about processing to data subjects. If, despite the implemented security measures, there has been a personal data breach (e.g. ‘data leakage’ or loss), we will inform the affected data subjects about such an event in a manner consistent with the law.

For what purposes and on which legal basis we process Your data?

Commercial contracts

In connection with commercial contracts, we obtain data from contractors / clients of persons involved in the implementation of such contracts (e.g. persons authorized to contact, placing orders, executing orders, etc.). The legal basis for processing personal data for this purpose is our legitimate interest (Article 6f of the GDPR), related to effective performance of a commercial contract.

Data processing in connection with the performance of other contracts

When we collect data for purposes related to the performance of a specific contract, we provide the data subject with detailed information regarding the processing of his personal data at the time of concluding the contract or at the time of obtaining personal data when the processing is necessary in order to take steps at the request of the data subject prior to entering into a contract.

Direct marketing

We process personal data through various communications channels, i.e. via email, MMS/SMS or by phone to offer our products and services. The legal basis for processing personal data for this purpose is our legitimate interest (Article 6.1f of the GDPR) – direct marketing.

Newsletter

We process personal data for the purpose of sending the Digital Fingerprints newsletter based on data subject consent (Article 6.1a of the GDPR), which can be withdrawn at any time by unsubscribing from the newsletter.

Social media

We process personal data of people visiting our accounts / channels on social networks (LinkedIn, YouTube, Pinterest, Facebook, Twitter, Instagram). We process this data only in connection with our accounts, which includes sharing information about our activities and promote various types of events, services and products. The legal basis for processing personal data for this purpose is our legitimate interest (Article 6.1f of the GDPR) – promoting our own brand.

Email and traditional correspondence

In the case of directing to us via email or traditional correspondence not related to services provided on behalf of the sender, another contract concluded with him or in any other way not related to any relationship with the Administrator, the personal data contained in this correspondence will be processed only for the purpose of communication and resolving the matter to which the correspondence relates. The legal basis for processing is a legitimate interest (Article 6.1f of the GDPR) consisting in conducting correspondence directed to us in connection with our business activity.

Recruitment

As part of recruitment processes, we expect the transfer of personal data (e.g., in a CV or resume) within the scope specified in Article 221 of the Labour Code. Providing these data is mandatory, and the consequence of not providing them is the inability to consider the candidate in the recruitment process. The legal basis for processing these data is the fulfilment of a legal obligation incumbent on the Administrator (Article 6.1c of the GDPR).

If the sent applications will contain additional data, going beyond the scope indicated by labour law regulations, their processing will be based on the candidate’s consent (Article 6.1a of the GDPR), expressed by a clear act confirming which is the sending by the candidate of application documents. Providing additional data is voluntary.

In case the sent applications will contain information inadequate to the purpose, which is recruitment, they will not be used or taken into account in the recruitment process.

Our employees

In the case where the form of employment is a contract of employment, the legal basis for processing is the fulfilment of a legal obligation incumbent on the Administrator (Article 6.1c of the GDPR), primarily arising from the Labour Code.

In the case where the form of employment is a civil law contract, the legal basis for data processing is the taking of actions before the conclusion of a contract at the request of the person to whom the data relate and the implementation of this contract (Article 6.1b of the GDPR).

Establishing and pursuing claims

We process data in order to establish claims, defend against them and pursue them, which constitutes our legitimate interest (basis from Article 6.1f of the GDPR). We process these data until the expiry of any claims specified by law.

Collecting data in other cases

In connection with the conducted activity, we also collect personal data in other cases – e.g., by building and using permanent mutual business contacts (networking) during business meetings, at industry events or through the exchange of business cards – for purposes related to initiating and maintaining business contacts. The legal basis for processing in this case is our legitimate interest (Article 6.1f of the GDPR) consisting in creating a network of contacts in connection with the conducted activity.

What are Your rights in relation to our processing of Your personal data?

You have the right to request:

access to the content of your data – on this basis, we provide information about data processing to the person making the request, primarily about the purposes and legal bases of processing, the scope of the data we have, the entities to which they are disclosed, and the planned date of data deletion;
obtaining a copy of your data – on this basis, we provide a copy of the processed data concerning the person making the request;
rectification of your data – we are obliged to remove any discrepancies or errors in the processed personal data concerning the person making the request;
deletion of your data, if:
- you withdraw your consent to their processing,
- your personal data will no longer be necessary for the purposes for which they were collected or otherwise processed,
- you object to the use of your data for marketing purposes,
- your personal data is processed unlawfully
Restrictions on the processing of your data – in the event of such a request, we cease to perform operations on personal data – except for operations to which the person to whom the data relates has consented – and their storage, in accordance with the adopted retention principles or until the reasons for restricting data processing cease (e.g., a decision of the supervisory authority allowing further data processing is issued).
Transfer of your data – on this basis – to the extent that data are processed in connection with a concluded contract or expressed consent – we issue data provided by the person to whom they relate, in a format that allows them to be read by a computer. It is also possible to request that these data be sent to another entity – however, provided that there are technical possibilities in this respect both on our side and that of the other entity.
Objection to other purposes of processing the contract – at any time you can object to the processing of personal data, which takes place on the basis of a legitimate interest; the objection in this respect should contain a justification.
Withdrawal of consent to processing at any time, if it takes place on the basis of your consent. Withdrawal of consent does not affect the processing of your data carried out by us before its withdrawal.

You also have the right to lodge a complaint with the President of the Personal Data Protection Office when you believe that the processing of your personal data violates the provisions of the applicable law.

You can submit a request to exercise your rights:

in writing to the address: Digital Fingerprints S.A., ul. Gliwicka 2/8, 40-079 Katowice
electronically to the email address: [email protected]

If we are unable to identify the person submitting the request based on the submitted notification, we will ask the applicant for additional information. Providing such data is not mandatory, but failure to provide it will result in a refusal to fulfil the request.

The application can be submitted personally or through a proxy (e.g., a family member). For data security reasons, we encourage you to use a power of attorney in the form certified by a notary or an authorised legal counsel or advocate, which will significantly speed up the verification of the authenticity of the application.

The response to the notification should be given within a month of its receipt. If necessary to extend this deadline, we inform the applicant about the reasons for this action.

In the case where the request was directed to us electronically, we respond in the same form, unless the applicant requested a response in another form. In other cases, we respond in writing. In the case where the deadline for fulfilling the request prevents a written response, and the scope of the applicant’s data processed by us allows for electronic contact, we respond electronically.

How long do we process Your personal data?

The data processing period depends on the purpose of processing. As a rule, data are processed for the duration of the service or contract, until the withdrawal of consent or the submission of an effective objection to data processing in cases where the legal basis for data processing is the legitimate interest of the Administrator.

The data processing period may be extended if processing is necessary to establish and pursue potential claims or defend against them, and after this time only in the case and to the extent that this will be required by law. After the processing period, the data are irreversibly deleted or anonymised.

Who do we share Your personal data with?

On a daily basis, we use the services of companies that provide you with the highest standard of service.

Your personal data may be transferred to them for processing on our behalf. This happens most often in the case of cooperation with a specific service provider (e.g., a data storage service provider, postal, courier, payment, legal, insurance, IT and audit services) or subcontractor (e.g., a marketing agency). We may also transfer your data to entities related to us by capital or personal ties. In such a situation, the transfer of data does not entitle other entities to any processing of them, but only to use them for purposes clearly indicated by us. In no case does the transfer of data relieve us as the Administrator of responsibility for their processing.

In connection with our use of social media, your personal data may be transferred to portal owners: e.g., Facebook, LinkedIn, YouTube, Instagram, as well as to marketing agencies serving us.

Transferring data outside the European Economic Area

Area Our service providers are mainly based in Poland and other countries of the European Economic Area (EEA). Some of the providers are based outside the EEA territory.

The level of personal data protection outside the EEA differs from that provided by European law. For this reason, we transfer personal data outside the EEA only when necessary and with the provision of an appropriate level of protection, primarily through:

cooperation with entities processing personal data in countries for which an appropriate decision of the European Commission has been issued regarding the provision of an adequate level of personal data protection;
the use of standard contractual clauses issued by the European Commission;
the use of binding corporate rules, approved by the competent supervisory authority;
in case of transferring data to the USA – cooperation with entities participating in the Data Privacy Framework program, approved by the European Commission decision.

We always inform about the intention to transfer personal data outside the EEA at the stage of their collection.

Personal data security

We continuously conduct a risk analysis to ensure that personal data is processed by us in a secure manner – ensuring primarily that only authorised persons have access to the data and only to the extent that it is necessary due to the tasks they perform. We ensure that all operations on personal data are recorded and performed only by authorised employees and collaborators.

We take all necessary actions to also ensure that our subcontractors and other cooperating entities guarantee the use of appropriate security measures in every case when they process personal data on our behalf.

Use Case

Banking and finance

E-commerce and retail

Telecommunications and media providers

Administration

Healthcare

Technology and IT

Solutions

Behavioural verification

Device Fingerprinting

PureSecure

Mobile behavioural verification

About us

About group

EU project

Contact

Digital Fingerprints S.A. ul. Gliwicka 2/8, 40-079 Katowice. KRS: 0000543443, Sąd Rejonowy Katowice-Wschód, VIII Wydział Gospodarczy, Kapitał zakładowy: 4 528 828,76 zł – opłacony w całości, NIP: 525-260-93-29

Biuro Informacji Kredytowej S.A., ul. Zygmunta Modzelewskiego 77a, 02-679 Warszawa. Numer KRS: 0000110015, Sąd Rejonowy m.st. Warszawy, XIII Wydział Gospodarczy, kapitał zakładowy 15.550.000 zł opłacony w całości, NIP: 951-177-86-33, REGON: 012845863.

Biuro Informacji Gospodarczej InfoMonitor S.A., ul. Zygmunta Modzelewskiego 77a, 02-679 Warszawa. Numer KRS: 0000201192, Sąd Rejonowy m.st. Warszawy, XIII Wydział Gospodarczy, kapitał zakładowy 7.105.000 zł opłacony w całości, NIP: 526-274-43-07, REGON: 015625240.