July 25th 2019
When as a natural person you contact us or use our services, regardless of whether you act on your behalf or on behalf of another entity (e.g. our client, supplier, etc.) or when we have obtained your personal data from other sources (e.g. from publicly available industry websites or when your personal data have been disclosed to us as a contact for the purpose of execution of the contracts) we start to process your personal data. We approach all information about you responsibly and in accordance with the law - in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter also “GDPR”).
This policy explains who we are, how we collect information and what we do with them in business, commercial and marketing relations and in connection with contacting us. If anything raises your doubts, do not hesitate to contact us.
Personal data - all information that we process related to you. For example: name, surname, e-mail address, consumption data, payment details etc;
Processing – all operations that we perform on your personal data. This includes e.g.: collecting, storage, updating, sending correspondence, analysing in order to issue an invoice, and erasure;
User – the person, who has concluded with us an agreement for providing the services;
Data controller – Oktawave sp. z o.o., with its registered seat in Warsaw, at ul. Domaniewska 44a, 02-672 Warsaw, Poland, entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court for Wrocław – Fabryczna in Wrocław, XIII Commercial Division of the National Court Register under entry number: 0000426334, NIP (taxpayer ID): 5213633306, REGON (statistical ID number): 146197794, share capital PLN 5.290.000,00;
Cloud - organized IT system, consisting of, in particular, computer hardware, software and telecommunications connections, used to provide services.
The scope of personal data that we process depends on what information you or e.g. your employer provided to us, on the form of contact you’ve chosen and on the information that is vital for a given relationship – it primarily encompasses the content of documents, as well as of our correspondence/communication, along with other information we have obtained from publicly available professional sources regarding our business relations (e.g. industry websites).
This data in particular includes:
Therefore, we obtain the above personal data directly from you or from other people, e.g. from your employers / clients or from public sources.
If you use the telephone customer service, electronic communication tools or e-mails, we will process data identifying you (respectively e.g. telephone number, e-mail address, IP number), metadata relating our communication (e.g. date of contact, duration of our conversation) and the content of our communication (e.g. chat history, e-mail content, audio record of our phone call if you were informed in advance about such recording). We process the abovementioned information in order to respond to your inquiries, improve our communication and the quality of customer service, as well as to marketing our services and concluding an appropriate agreement with you for the provision of services.
The legal basis of our actions depends on the context of our communication. If these are only general inquiries or conversations, the legal basis for such processing will be our “legitimate interest” (results from the purposes indicated above – Art. 6(1)(f) GDPR). However if such inquiry leads to the conclusion of the agreement, or remains in connection with a contract already concluded with you other than for providing our services, the legal basis for such processing will be “taking steps at the request of the data subject prior to entering into a contract” or necessity for the performance of the contract (Art. 6(1)(b) GDPR).
The legal basis for using the cookies and similar technologies is your consent, except when their use is necessary for the proper functioning of our website (providing you with electronic services), when the legal basis for such processing will be legal provision (Art. 173(3)(2) of the Telecommunications Law) and respectively – our legitimate interest (Art. 6(1)(f) GDPR).
Some of your personal data we may have obtained from you during a conference or industry event, in which our representatives took part or we may have obtained them from such event’s organiser. In this case, data from your business card, inquiry or data from list of participants are processed in our database in order to send you information, which were interesting for you, respond to your inquiry and to conduct further correspondence / contact in this matter, or in order to thank you for the meeting or participation in an event. In such cases the legal basis for processing is our legitimate interest (Art. 6(1)(f) GDPR).
If you haven’t given us your data on your own behalf, for example, you are acting on behalf of our client, supplier, or another entity, we process your data in order to process the contact in the context in which you are acting in the name of the third party, as well as for the conclusion and/or processing of a contract with that third party and/or conducting a joint project. The legal basis for processing your personal data in accordance with this purpose will be our legitimate interest (Art. 6(1)(f) GDPR) – building and maintaining relations with the third party in whose name you are acting, including the conclusion and performance of relevant contracts with that party, as well as the intention of building a positive image of Oktawave.
Regardless of the foregoing, your personal data, that is, in particular, your first name and last name, as well as correspondence address and/or e-mail address, can be used by us in order to contact you from time to time (for example, to send holiday season greetings) or to contact you regarding the promotion of Oktawave’s products or services. The legal basis for processing your personal data in accordance with this purpose will be our legitimate interest (Art. 6(1)(f) GDPR) – maintaining relations and building a positive image of Oktawave and marketing of Oktawave’s products and services.
Additionally, with regard to the processing of your personal data in order to:
In any case, we send commercial information on electronic addresses (e-mail, telephone) only upon your prior consent (legal basis).
Your submission of personal data is voluntary, but sometimes it may be necessary for purposes related to our cooperation, e.g. in order to conclude or execute the contract or to respond to your query or to conduct further correspondence. This means that failure to provide data may constitute grounds for refusal by Oktawave to enter into cooperation, or for Oktawave to take legal measures to terminate possible contract.
Please be reminded, that in any case when processing of personal data is based on your consent, you may revoke it at any time, without affecting the legality of processing performed prior to such revocation. However in case of processing your personal data based on our legitimate interest, you may object to such processing.
Once you use our services, apart of the part II above, we also process information related to the provision of services by us such as data on consumption, on how you use our services and on the process of execution of our agreement, and also our possible communication. The purpose of processing the abovementioned data and the legal basis as well, is proper implementation of the agreement (Art. 6 (1)(b) GDPR) – e.g. adjusting infrastructure parameters, generating settlements. The scope of data we may process results, except from GDPR, in particular also from Art. 18 of the Act on provision of services by electronic means. Providing all information is voluntary, but some of data (appropriately marked at the registration stage) are necessary to create an account, for the conclusion of the agreement and commencement of the provision of services by us.
If you have been added by our client as a user of services provided by Oktawave to this client (including e.g. as a contact person or entitled to make changes in service configuration), we process your data in the scope of an e-mail, other contact details, data on the use of our services and the process of execution of the agreement, and also our possible communication. The legal basis of our actions is our legitimate interest (Art. 6 (1)(f) GDPR), i.e. implementation of the agreement with our client.
Nevertheless, we may analyse information about the traffic from/to your virtual machines, which we have provided to you, in order to ensure the security of the Cloud and prevent any abuse. In such case the legal basis of our actions is our legitimate interest (Art. 6(1)(f) GDPR).
We process part of the information to fulfil the obligations imposed by law - this applies mainly to data regarding our settlements (tax regulations; art. 6(1)(c) GDPR).
As a rule, we do not analyse and review content that you store on our servers. What’s more, such activities will be impossible for us if you properly encrypt your data.
Data processed on the basis of the consent, are processed until possible revocation of such consent or fulfilling of the purpose, for which it has been granted.
The above periods may be extended, as appropriate, in the event of any possible claims and court proceedings - for the duration of these proceedings and their settlement, and also if we are obliged to further processing of such data to meet legal obligations.
Your personal data will only be accessed by:
All these persons and entities have access only to the personal data, which are necessary to perform specific actions by them.
It is possible that some of the entities that provide us with solutions may be based outside the European Economic Area (EEA). In each case of data transmission outside the EEA, we apply all required safeguards, including standard data protection clauses adopted pursuant to decisions of the European Commission, we conclude data processing agreements that meet the requirements of the GDPR, and in the case of data transmission to the US, we verify the participation of our partners in the Privacy Shield program (more: https://www.privacyshield.gov/). You have right to access the list of such recipients and a copy of the security measures we apply for the transfer of personal data to third countries by contacting us at email@example.com.
Oktawave may also be required to provide specific information to public authorities for the purposes of proceedings conducted by them. In this case, any information are provided only if there is a proper legal basis for it.
“Cookies” files are pieces of information that are transferred by the server and stored on your device (usually on your computer’s hard drive). It stores information that we may need in order to adjust to the way you use our website and in order to collect statistical data. When you visit our website, we may collect data about the domain name of your Internet service provider, browser type, type of operating system, IP address, websites visited by you, items you have downloaded, as well as operational data or location information about the device you use.
You may change the way of using “cookies” files, including completely block or delete them via your web browser or configuration of the service. However you must remember that such operations may prevent or significantly impede the proper functioning of our website, for example by substantial slowdown of its functioning, so we strongly recommend not to block them through your web browser.
“Cookies” files used on our website:
The list of “cookies” files used on Oktawave website:
|Google Double Click
The data controller of your personal data is Oktawave Sp. z o.o. with its registered seat in Warsaw.
Address: ul. Domaniewska 44a, 02-672 Warsaw, Poland
Contact e-mail address: firstname.lastname@example.org
Data protection officer – advocate Grzegorz Leśniewski. Direct contact to DPO: IOD@oktawave.com
The hotline is open on business days from 7:00 am to 9:00 pm: +48 22 10 10 555 (mobile calls, the price depends on the operator).
Please note that the instructions given below are only a recommendation, not a requirement.
Access to your personal data
You may ask us at any time for access to your personal data, in order to check what data about you we process and to obtain detailed information regarding:
Right to rectify the personal data
If, in your opinion, information about you is or has become inaccurate or incomplete, you have the right to demand that data is rectified or made complete.
For the effective exercise of your rights, please send any requests for rectification of the personal data to the e-mail address: email@example.com, along with the title “Data rectification – GDPR”.
Right to erasure of the personal data
In certain situations, GDPR gives you the “right to be forgotten.” You can invoke this right if we are still processing your personal data, particularly in the following cases:
For the effective exercise of your rights, please send any requests for erasure of the personal data to the e-mail address: firstname.lastname@example.org, along with the title “Data erasure – GDPR”.
Right to restriction of processing
You can demand that we limit processing of your personal data when:
Effective submission of a request for restriction of processing personal data, will limit the actions taken by us on the data indicated by you and in the scope of particular operations/purposes to necessary minimum - basically only to storage.
For the effective exercise of your rights, please send any requests for restriction of processing to the e-mail address: email@example.com, along with the title “Restriction of processing – GDPR”.
Right to data portability
You have the right to receive your data in a commonly-used format that can be read by a computer, and also to have your data sent to another data controller.
You may invoke this right, if:
For the effective exercise of your rights, please send any requests in this matter to the e-mail address: firstname.lastname@example.org, along with the title “Data portability– GDPR”.
Right to object
In certain situations, you have the right to object to some operations we perform on your personal data. You may invoke you right:
Remember, however, that when despite of your objection we conclude that there are important, legitimate grounds for processing that override your interests, rights and freedoms, or the basis for establishing, pursuing or defending claims, we will continue to process your personal data encompassed by the objection. If you disagree with such an assessment of the situation, you can exercise your right to file a complaint with the relevant public authority (more information below).
For the effective exercise of your rights, please send any objections to the e-mail address: email@example.com, along with the title “Objection– GDPR”.
Complaints to the relevant public authority
In connection with our actions as the data controller of your personal data, you have the right to file a complaint to the relevant data protection authority.
Of course, if you have any comments about how we do things, we encourage you to first contact our Data Protection Officer - IOD@oktawave.com. It is an independent person who, within our structure, is responsible for ensuring that we fulfil the obligations related to the processing of personal data. If we make any mistakes anywhere, DPO will definitely take the appropriate steps.
If you would like to file a complaint to the data protection authority, you can find list of local authorities responsible for data protection across the EU and their contact details at: https://edpb.europa.eu/about-edpb/board/members_en.
In Poland, since May 25th 2018, this function is performed by President of the Personal Data Protection Office (PUODO). A detailed description of the complaint procedure is available on the website maintained by PUODO at: https://uodo.gov.pl/pl/83/155.