logo
logo

Privacy Policy

The following Privacy Policy sets out the principles of storing and accessing data on User's Devices who use the Service for the purpose of providing electronic services by the Administrator as well as the principles of collecting and processing personal data of Users provided by them personally and voluntarily through tools available on the Service.

This Privacy Policy is an integral part of the Service Regulations, which define the rules, rights, and obligations of Users using the Service.

§1 Definitions

  • Service - the internet service "OPEN Architecture" operating at the address https://www.openarchitektura.com/

  • External Service - internet services of partners, service providers, or recipients cooperating with the Administrator

  • Service Administrator / Data - The Service Administrator as well as the Data Administrator (hereinafter Administrator) is the company "OPEN ARCHITEKTURA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ", conducting business at the address: ul. JANA KOWALCZYKA 1B/190 03-193 WARSZAWA MAZOWIECKIE, with the assigned tax identification number (NIP): 5242908697, providing electronic services through the Service.

  • User - a natural person for whom the Administrator provides electronic services through the Service.

  • Device - an electronic device along with software through which the User accesses the Service

  • Cookies - text data collected in the form of files placed on the User's Device

  • GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

  • Personal Data - means information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person

  • Processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

  • Restriction of processing - means the marking of stored personal data with the aim of limiting their processing in the future

  • Profiling - means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements

  • Consent - means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her

  • Personal data breach - means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed

  • Pseudonymization - means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person

  • Anonymization - Anonymization of data is the irreversible process of operations on data that destroys/overwrites "personal data," making identification or linking of a given record to a specific user or individual impossible.

§2 Data Protection Officer

Pursuant to Art. 37 GDPR, the Administrator has not appointed a Data Protection Officer.

For matters relating to the processing of data, including personal data, please contact the Administrator directly.

§3 Types of Cookies

  • Internal Cookies - files placed and read from the User's Device by the teleinformatics system of the Service

  • External Cookies - files placed and read from the User's Device by the teleinformatics systems of external Services. Scripts of external Services that may place Cookies on the User's Devices have been consciously placed on the Service through scripts and services provided and installed on the Service

  • Session Cookies - files placed and read from the User's Device by the Service during a single session of that Device. After the session ends, the files are removed from the User's Device.

  • Persistent Cookies - files placed and read from the User's Device by the Service until they are manually deleted. The files are not automatically deleted after the Device session ends unless the User's Device configuration is set to delete Cookie files after the Device session ends.

§4 Data Storage Security

  • Mechanisms of storing and reading Cookie files - Mechanisms of storing, reading, and exchanging data between Cookie Files saved on the User's Device and the Service are carried out through built-in mechanisms of web browsers and do not allow for retrieving other data from the User's Device or data from other websites visited by the User, including personal data or confidential information. It is also practically impossible to transfer viruses, trojans, and other worms to the User's Device.

  • Internal Cookies - Cookies applied by the Administrator are safe for User's Devices and do not contain scripts, content, or information that could threaten the security of personal data or the security of the User's Device.

  • External Cookies - The Administrator takes all possible actions to verify and select service partners in terms of User's security. The Administrator selects well-known, large partners with global social trust for cooperation. However, the Administrator does not have full control over the content of Cookie files originating from external partners. For the security of Cookie files, their content, and compliant use by scripts installed in the service from external Services, the Administrator is not responsible to the extent permitted by law. The list of partners is provided in further part of the Privacy Policy.

  • Cookie Control

  • User-side Threats - The Administrator employs all possible technical measures to ensure the security of data placed in Cookie files. However, it should be noted that ensuring the security of this data depends on both parties, including the User's activities. The Administrator is not responsible for the interception of this data, impersonation of the User's session, or its deletion, due to the conscious or unconscious actions of the User, viruses, trojans, and other spyware that may or may have infected the User's Device. Users should follow guidelines to enhance their cybersecurity to protect themselves from these threats.

  • Storage of Personal Data - The Administrator ensures that all efforts are made to ensure that voluntarily provided personal data by Users are secure, access to them is restricted, and they are processed in accordance with their intended purposes and processing goals. The Administrator also ensures that all efforts are made to secure the data held from loss, through the use of appropriate physical and organizational security measures.

§5 Purposes for which Cookie files are used

  • Improving and facilitating access to the Service
  • Customizing the Service for Users
  • Conducting statistics (users, number of visits, types of devices, bandwidth, etc.)
  • Serving multimedia services

§6 Purposes of processing personal data

Personal data voluntarily provided by Users are processed for one of the following purposes:

  • Provision of electronic services:
    • Administrator's communication with Users regarding Service-related matters and data protection
    • Ensuring the Administrator's legitimate interest

    User data collected anonymously and automatically are processed for one of the following purposes:

    • Conducting statistics
    • Ensuring the Administrator's legitimate interest

    §7 Cookies of External Services

    The Administrator in the Service uses javascript scripts and web components of partners who may place their own cookie files on the User's Device. Remember that in your browser settings, you can decide on allowed cookies that can be used by individual websites. Below is a list of partners or their services implemented in the Service that may place cookies:

    Services provided by third parties are beyond the Administrator's control. These entities may change their terms of service, privacy policies, purposes of data processing, and ways of using cookies at any time.

    §8 Types of collected data

    The Service collects data about Users. Some data is collected automatically and anonymously, and some data are personal data voluntarily provided by Users while signing up for specific services offered by the Service.

    Anonymously collected data automatically:

    • IP address
    • Browser type
    • Screen resolution
    • Approximate location
    • Visited subpages of the service
    • Time spent on a specific subpage of the service
    • Operating system type
    • Previous page address
    • Referring page address
    • Browser language
    • Internet connection speed
    • Internet service provider

    Data collected during registration:

    • Email address
    • IP address (collected automatically)

    Data collected during signing up for the Newsletter service

    • Name / surname / pseudonym
    • Email address
    • IP address (collected automatically)

    Some data (without identifying data) may be stored in cookies. Some data (without identifying data) may be transferred to a statistical services provider.

    §9 Access to personal data by third parties

    As a rule, the only recipient of personal data provided by Users is the Administrator. Data collected as part of the services provided are not transferred or sold to third parties.

    Access to data (usually based on a Data Processing Agreement) may be granted to entities responsible for maintaining the infrastructure and services necessary for the operation of the service, such as:

      §10 Processing of personal data

      Personal data voluntarily provided by Users:

      • Personal data will not be transferred outside the European Union unless it is published due to individual user action (e.g., commenting or posting), which will make the data available to every visitor to the service.
      • Personal data will not be used for automated decision-making (profiling).
      • Personal data will not be sold to third parties.

      Anonymous data (without personal data) collected automatically:

      • Anonymous data (without personal data) will be transferred outside the European Union.
      • Anonymous data (without personal data) will not be used for automated decision-making (profiling).
      • Anonymous data (without personal data) will not be sold to third parties.

      §11 Legal basis for processing personal data

      The service collects and processes user data based on:

      • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
        • art. 6 para. 1 lit. a
          the data subject has given consent to the processing of his or her personal data for one or more specific purposes
        • art. 6 para. 1 lit. b
          processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
        • art. 6 para. 1 lit. f
          processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
      • Act of 10 May 2018 on the protection of personal data (Journal of Laws of 2018, item 1000)
      • Act of 16 July 2004 Telecommunications Law (Journal of Laws of 2004, No. 171, item 1800)
      • Act of 4 February 1994 on copyright and related rights (Journal of Laws of 1994, No. 24, item 83)

      §12 Period of processing of personal data

      Personal data voluntarily provided by Users:

      As a rule, the indicated personal data are stored exclusively for the period of provision of the Service within the Service by the Administrator. They are deleted or anonymized within 30 days from the end of the service provision (e.g., deletion of a registered user account, unsubscribing from the newsletter, etc.).

      An exception is a situation that requires securing the legally justified purposes of further processing of this data by the Administrator. In such a situation, the Administrator will store the indicated data, from the time of the User's request for their deletion, no longer than for a period of 3 years in the event of a violation or suspicion of a violation of the provisions of the service regulations by the User.

      Anonymous data (without personal data) collected automatically:

      Anonymous statistical data, not constituting personal data, are stored by the Administrator for the purpose of conducting service statistics indefinitely.

      §13 User rights related to the processing of personal data

      The service collects and processes user data based on:

      • Right of access to personal data
        Users have the right to obtain access to their personal data, exercised upon request submitted to the Administrator.

      • Right to rectify personal data
        Users have the right to request the Administrator to promptly correct personal data that is incorrect and/or supplement incomplete personal data, exercised upon request submitted to the Administrator.

      • Right to erase personal data
        Users have the right to request the Administrator to promptly erase personal data, exercised upon request submitted to the Administrator. In the case of user accounts, data deletion involves anonymizing data allowing identification of the User. The Administrator reserves the right to suspend the execution of the data deletion request in order to protect the legally justified interests of the Administrator (e.g., if the User violates the Regulations or the data was obtained as a result of correspondence conducted).
        In the case of the Newsletter service, Users have the option to delete their personal data themselves by using the link provided in each email message.

      • Right to restrict processing of personal data
        Users have the right to restrict the processing of personal data in cases specified in art. 18 GDPR, including questioning the accuracy of personal data, exercised upon request submitted to the Administrator.

      • Right to data portability
        Users have the right to obtain from the Administrator personal data concerning them in a structured, commonly used, machine-readable format, exercised upon request submitted to the Administrator.

      • Right to object to the processing of personal data
        Users have the right to object to the processing of their personal data in cases specified in art. 21 GDPR, exercised upon request submitted to the Administrator.

      • Right to lodge a complaint
        Users have the right to lodge a complaint with the supervisory authority responsible for the protection of personal data.

      §14 Administrator Contact

      The Administrator can be contacted in one of the following ways:

      • Postal address - OPEN ARCHITEKTURA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, ul. JANA KOWALCZYKA 1B/190, 03-193 WARSZAWA MAZOWIECKIE

      • Email address - biuro@openarchitektura.com

      • Phone call - +48 22 299 09 51

      • Contact form - available at: /contact

      §15 Service Requirements

      • Restricting the storage and access to Cookie files on the User's Device may cause some functions of the Service to malfunction.

      • The Administrator shall not be liable for the improper functioning of the Service's functions in the event that the User restricts in any way the possibility of storing and reading Cookie files.

      §16 External Links

      In the Service - in articles, posts, entries or comments, there may be links to external websites with which the Service Owner does not cooperate. These links, as well as the pages or files indicated under them, may be dangerous for your Device or pose a threat to the security of your data. The Administrator is not responsible for the content located outside the Service.

      §17 Changes to the Privacy Policy

      • The Administrator reserves the right to make any changes to this Privacy Policy without informing Users to the extent of the application and use of anonymous data or the use of Cookie files.

      • The Administrator reserves the right to make any changes to this Privacy Policy regarding the processing of Personal Data, which will be communicated to Users with user accounts or subscribed to the newsletter service, by email within 7 days from the change of provisions. Further use of the services means acceptance of the introduced changes to the Privacy Policy. If the User does not agree with the introduced changes, they are obliged to delete their account from the Service or unsubscribe from the newsletter service.

      • Changes to the Privacy Policy will be published on this subpage of the Service.

      • Changes to the Privacy Policy come into effect upon publication.