Privacy policy
Instytut Edukacji I.E. Sp. z o.o. (hereinafter referred to as IESTAT or the Company) pays special attention to respecting the privacy of information you share using our website, including personal data, so the Company takes all the necessary technological and organizational actions and implements preventive measures as required by the applicable law. We collect only Personal Data that is commensurate with the purpose of processing and we store it for no longer than it is necessary to achieve the purpose.
1. General provisions
1.1. This privacy policy defines the rules of collecting, processing and using data, including your personal data gathered through www.iestat.pl website (hereinafter referred to as the Platform) by Instytut Edukacji I.E. Sp. z o.o. with the registered office in Warsaw at Wilcza 33/15, who is the Data Controller.
1.2. We process personal data according to the applicable law, i.e. the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as GDPR), the Polish Personal Data Protection Act, and the Act on Rendering Services by Electronic Means of 18 July 2002 with subsequent changes (hereinafter referred to as ELS).
2. The purpose and scope of personal data processing on the Platform
Collection of website visiting statistics:
The scope of data processing:
a) Cookies (cookie identifiers, internet protocol addresses and device identifiers)
The purpose of data processing:
a) Collected logs are stored by IESTAT as auxiliary material used in the website administration. The information they contain is not revealed to anyone but the persons authorized to administrate the server. Log files may generate statistics that facilitate administration. Collective summaries of such statistics do not include any characteristics that would identify visitors of our website.
Legal grounds for the processing:
a) Personal data is processed based on the art. 6 para. 1 p. f) of the GDPR – legitimate interests pursued by the controller.
Your personal data will be stored for 50 months.
Using the contact form:
The scope of the data processed:
a) first name and last name,
b) e-mail address.
The purpose of data processing:
a) To answer questions asked by senders.
Legal grounds for the processing – personal data is processed based on the art. 6 para. 1 p. a), GDPR.
You provide your personal data voluntarily but the data is necessary for rendering the service. Your personal data will be stored for as long as it takes to answer the question asked.
3. Transfers of personal data
3.1. Personal Data may be entrusted to third parties for the purpose of processing, which results from the nature of the Platform’s operation. Such transfers may occur only based on a written agreement to entrust another entity with the data, signed by the Data Controller.
3.2. Other than described above, your Personal Data will not be disclosed to other persons or entities in any other form, unless you give an explicit consent.
4. How can you exercise your rights?
IESTAT fulfills GDPR obligations to persons whose data is processed.
4.1. You have the right to access and rectify your Personal Data, as well as request the erasure of the data or restriction of processing.
4.2. You have the right to object to processing your Personal Data.
4.3. You have the right to transmit your data (data portability) and withdraw your consent for the processing of your personal data at will without affecting the lawfulness of the processing performed based on the consent prior to the withdrawal of it.
4.4. You have the right to lodge a complaint with the supervisory authority if you believe the processing of personal data infringes GDPR.
4.5. Your personal data are not subject to automated decision-making, including profiling.
4.6. Your personal data won’t be transferred to third countries or international organizations.
4.7. You can exercise the above-mentioned rights by sending an e-mail to our Data Protection Officer – Grażyna Rabczenko, g.rabczenko@iestat.pl. The Data Controller will act on your claim unless there are circumstances authorizing the Controller to keep processing your data and if this is the case, you will be notified.
5. Technological protection and organizational measures
5.1. The Company takes all measures to secure your personal data and protect it from third-party actions.
5.2. All the persons working with the Company receive a relevant authorization and sign a data non-disclosure statement before they get access to Personal Data. The Company has implemented documentation related to Personal Data protection.
5.3. The Platform provides authorized individuals with technological means to restrict the access to personal data.
5.4. The Platform is equipped with technological means to deny users violating the Rules and block specific IP addresses if they violate the law or infringe the Rules.
5.5. The Platform uses backup copy routines.
5.6. The steps we take may turn out insufficient if you don’t follow the safety rules. In particular, you should make sure your login data is secure (user name, password).
6. Cookies
6.1. Except for the data carried in cookies, the Company does not collect any data automatically when you use the Platform.
6.2. Cookies are small text files sent by the Platform and stored on your device. They contain information related to your interaction with the Platform.
6.3. Cookies are used to run processes required to enjoy the full functionality of the Platform, let you stay signed on, and enable us to share interesting information with you.
6.4. Using your favorite browser’s options, you can reject or delete cookies. In case of problems please use the browser’s help menu or contact the browser’s company. You can also find out how to delete cookies in a browser at Aboutcookies.org
6.5. If you decide to use the Platform without disabling cookies, you give your consent to installing cookie files.
6.6. The Platform uses two cookie types called ‘session cookies’ and ‘persistent cookies’:
a) persistent cookies – whenever a user visits the Platform, they are stored on the user’s device for the time specified in cookie settings or until the user deletes them, enabling identification of users and saving their preferences;
b) session cookies – (in-memory cookies) are temporary files generated when a user browses the Platform pages and stored until the end of a browser session (signing out, leaving the Platform or closing a browser). If they are disabled, some applications or functionalities may not operate correctly.
6.7. Cookies are also used by websites integrated with the Platform, e.g. Google Analytics. We recommend you to read privacy policies of these companies to know the rules of using cookies applied to statistics.
6.8. As per art. 173 para. 1 p. 2 related to art. 173 para. 2 of the Telecommunications Law, if you don’t want cookies to be saved on your computer, you should modify your internet browser settings accordingly. Any configuration that enables cookie files translates into your consent to storing cookies.
6.9. You can disable transmission of data to Google Analytics statistical system by installing the following add-on in your browser:
https://tools.google.com/dlpage/gaoptout
7. Server logs
7.1. The server hosting the website automatically collects technology-related data of the users, particularly internet protocol, device IPs, operating system, browser type, number of visits on the website and addresses of visited webpages. The data is used solely to ensure most efficient handling of the hosting services provided.
7.2. The resources viewed are identified with URLs. Other information saved may include:
a) timing of a query,
b) timing of an answer sent,
c) client station name – identification by HTTP protocol,
d) information about errors that occurred during an HTTP transaction,
e) URL of the website previously visited by the user (referrer link) if the user accessed the Website through a link,
f) user browser information,
g) IP address information.
7.3. The data mentioned above is not attributed to individuals viewing the webpages.
7.4. The data mentioned above is used only for the purpose of the server administration.
8. Other websites
8.1. From time to time, links to other websites (e.g. advertising) may be displayed on the Platform.
8.2. These website operate independently of the Platform and are not controlled by the Platform in any way.
8.3. The websites may have their own privacy policies so we encourage you to read them every time you navigate to one of the websites.
8.4. The Company is not liable for data handling rules applied by other websites.
9. Final provisions
9.1. To all matters not settled herein the relevant provisions of the Polish law shall apply.
9.2. The Data Controller reserves the right to change the Privacy Policy by publishing a new version on the Platform.