This privacy policy of the website secwire.io (hereinafter: “Privacy Policy") specifies in particular the terms of use of the website secwire.io by visitors (hereinafter: “User"), rules for the processing of personal data and issues of cookies used on the website secwire.io.

1. General provisions
   1. This Privacy Policy regulates the User’s use of the website secwire.io.
   2. The administrator of personal data collected via the website is Secwire.io Spółka z o.o. (Secwire.io Ltd.) with headquarters in Cracow, ul. Olszańska 7, 31-513 Cracow, entered in the Register of Entrepreneurs of the In the District Court for the City of Krakow, 11th Economic Division of the National Court Register, number 0000917580, NIP (TIN) 6751755110, REGON (National Business Registry Number) 389726942, with a share capital of 12,000 PLN (hereinafter referred to as the “Administrator")].
   3. The minimum technical requirements, the fulfillment of which is necessary for cooperation with the ICT system used by the Administrator, is the possession of a computer or other device connected to the Internet, equipped with an Internet browser: Mozilla Firefox version 17.0 and higher or Internet Explorer version 10.0 and higher , Opera version 12.0 and higher, Google Chrome version 23.0. and higher, Safari version 5.0 and higher, Microsoft Edge version 25.10586.0.0 and higher and access to e-mail, as well as enabling the option of saving cookies and Javascript in the web browser. The administrator recommends setting a minimum screen resolution of 1024×768.
   4. Personal data of users of the website secwire.io are processed in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) (hereinafter: “GDPR"), as well as in accordance with the Act on the provision of electronic services of July 18, 2002 (Journal of Laws of 2017, item 459, as amended).
   5. The Administrator takes special care to protect the interests of data subjects, and in particular ensures that the data collected by him are processed in accordance with the law, reliably and transparently, collected for specific, explicit and legitimate purposes and not further processed in a manner inconsistent with for these purposes, adequate, relevant and limited to what is necessary for the purposes for which they are processed, correct and, if necessary, updated. The data is stored in a form that permits identification of the data subject for no longer than is necessary for the purposes, in which the data is processed, processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organizational measures.
2. Processing of personal data
   1. The Administrator may process Users’ personal data if it is necessary to use the website secwire.io or the services provided through it.
   2. The purpose, scope and categories of the recipients of data processed by the Administrator will result from the actions taken each time by the User as part of using the website secwire.io.
   3. The possible purposes of processing Users’ personal data by the Administrator are specified below.
      1. Personal data regarding the name and e-mail address of the person who signed up for the newsletter will be processed for the purpose of:
         1. provision of the newsletter shipping service (which may contain commercial (marketing) information about the Administrator’s products and services) to the e-mail address given by that person – pursuant to art. 6 sec. 1 lit. b) GDPR, i.e. processing is necessary to conclude and perform a contract (the subject of which is the implementation of the newsletter shipping service) to which the person who subscribed to the newsletter is a party;
         2. establishing or pursuing claims or defending against claims between the person who subscribed to the newsletter and the Administrator – pursuant to art. 6 sec. 1 lit. f) GDPR, i.e. based on the legitimate interest pursued by the Administrator, which is the possibility of establishing and pursuing claims and defending against claims.
      2. Personal data in the field of name, surname, e-mail address, telephone numbers of the person who used the contact form available on the website secwire.io, will be processed for the purpose of:
         1. handling the sent inquiry and communicating with the person in connection with his/her message sent via the contact form – pursuant to art. 6 sec. 1 lit. f) GDPR, i.e. based on the legitimate interest pursued by the Administrator, which is communication with the person who initiated the contact with the Administrator;
         2. establishing or pursuing claims or defending against any claims between the person who used the contact form and the Administrator – pursuant to art. 6 sec. 1 lit. f) GDPR, i.e. based on the legitimate interest pursued by the Administrator, which is the possibility of establishing and pursuing claims and defending against claims.
      3. Personal data in the field of name, surname, e-mail address, telephone numbers of the person who will contact the Administrator via e-mail or the messenger available on the website secwire.io, will be processed for the purpose of:
         1. handling the sent inquiry and communicating with this person in connection with his message sent via e-mail or messenger – pursuant to art. 6 sec. 1 lit. f) GDPR, i.e. based on the legitimate interest pursued by the Administrator, which is communication with the person who initiated contact with the Administrator;
         2. establishing or pursuing claims or defending against possible claims between a person who contacted the Administrator via e-mail or messenger – pursuant to art. 6 sec. 1 lit. f) GDPR, i.e. based on the legitimate interest pursued by the Administrator, which is the possibility of establishing and pursuing claims and defending against claims.
      4. Personal data in the field of name, surname, e-mail address, telephone number of the person who uses the services in the field of training or webinars, will be processed for the purpose of:
         1. concluding a contract with the Administrator for the provision of a training or webinar service and performance of this contract – pursuant to art. 6 sec. 1 lit. b) GDPR, i.e. processing is necessary to conclude and perform a contract (the subject of which is the provision of services provided by the Administrator), to which the person who ordered the service is a party or to take action at the request of that person before concluding the contract;
         2. making tax settlements and keeping accounting records – pursuant to art. 6 sec. 1 lit. c) GDPR, i.e. data processing is necessary to fulfill the legal obligations incumbent on the Administrator resulting from the provisions of tax law and accounting regulations;
         3. establishing or pursuing claims or defending against claims between the person who signed up for the newsletter and the Administrator – pursuant to art. 6 sec. 1 lit. f) GDPR, i.e. based on the legitimate interest pursued by the Administrator, which is the possibility of establishing and pursuing claims and defending against claims.
      5. Personal data in the field of name, last name, e-mail address, telephone number of the person who consented to the processing of their data for the purpose of marketing the Administrator’s own products and services, including sending commercial information, will be processed for the purpose of:
         1. marketing of the Administrator’s own products and services, including sending commercial information – pursuant to art. 6 sec. 1 lit. a) GDPR, i.e. based on the User’s voluntary consent;
         2. establishing or pursuing claims or defending against claims between the person who subscribed to the newsletter and the Administrator – pursuant to art. 6 sec. 1 lit. f) GDPR, i.e. based on the legitimate interest pursued by the Administrator, which is the possibility of establishing and pursuing claims and defending against claims.
      6. Personal data of the User of the website secwire.io/ obtained by means of cookies will be processed for the purpose of:
         1. enabling the User to use the website secwire.io/ and the functionalities available on it – pursuant to art. 6 sec. 1 lit. b) GDPR, i.e. processing is necessary to conclude and perform a contract (the subject of which is the provision of services provided by the Administrator), to which the person who ordered the service is a party or to take action at the request of that person before concluding the contract;
         2. using Google Analytics to measure the interaction of Users with the website secwire.io/ and determine where its Users come from – pursuant to art. 6 sec. 1 lit. a) GDPR, i.e. based on the User’s voluntary consent;
         3. collecting aggregated statistics that allow the Administrator to understand how Users use the website secwire.io and help improving its functionality and content as well as to understand how they respond to marketing and remarketing activities/to measure the effectiveness of marketing and remarketing campaigns pursuant to art. 6 sec. 1 lit. a) GDPR, i.e. based on the User’s voluntary consent;
         4. marketing and remarketing activities using Google Ads, Facebook, Facebook Pixel, LinkedIn, LinkedIn Pixel aimed at presenting the User with personalized advertisements that correspond to his individual preferences, interests and needs (including profiling) – pursuant to art. 6 sec. 1 lit. a) GDPR, i.e. based on the User’s voluntary consent;
         5. establishing or pursuing claims or defending against any claims between the User of the website secwire.io and the Administrator – pursuant to art. 6 sec. 1 lit. f) GDPR, i.e. based on the legitimate interest pursued by the Administrator, which is the possibility of establishing and pursuing claims and defending against claims.
   4. Providing personal data is voluntary, however, in each specified scope, it is necessary to use the services selected by the User provided by the Administrator (failure to provide relevant data results in the Administrator’s inability to provide services).
   5. The User’s personal data will be processed for the period necessary to achieve the purposes for which the data is processed (see item 2.3.) or until an objection is raised (if the basis for processing is the legitimate interest of the Administrator) – depending on which of the events occurs first.
   6. Later, the Administrator will store them until any claims are time-barred and for a period of two (2) months after the end of an applicable limitation period.
   7. Personal data processed by the Administrator will be disclosed to the following entities: employees and associates of the Administrator, IT service providers, hosting providers, entities providing advisory, legal and accounting services.
   8. Personal data of persons participating in trainings co-organized by Professional Evaluation and Certification Board, 336-6683 Jean Talon St E Montreal QC H1S 0A5 Canada (hereinafter: PECB) will be made available to PECB for the purpose of performing the contract for the provision of services consisting in participation in the training co-organized by PECB – based on Article. 6 sec. 1 lit. b) GDPR, i.e. processing is necessary to conclude and perform a contract (the subject of which is the provision of services provided by the Administrator) to which the person is a party or to take action at the request of that person before concluding the contract. After the disclosure of personal data, PECB will also be an independent data controller. The administrator is not a representative of PECB in the European Union, within the meaning of art. 27 GDPR. More about the processing of personal data by PECB can be found here.
   9. In situations where it is required by applicable law, including, for example, if the Administrator wants to send marketing content to the User regarding the Administrator’s or its partners’ products or services, the Administrator may request consent to the processing of personal data and other consents required by law. The expressed consent may be withdrawn at any time. The administrator may, in particular, ask for consent to display to the User information about products and services tailored to the individual preferences of the User. The processing of the User’s data for the above purpose will involve the use of profiling (analysis) of the User’s personal data. When the User agrees to the profiling (analysis) of his personal data, the Administrator will make decisions about him in an automated manner (i.e. without human influence) as a result of profiling. The above decisions will concern the type of marketing activities carried out by the Administrator towards the User (e.g. the type of advertisements displayed to the User by the Administrator). Decisions will be made on the basis of the analysis (evaluation) of the following categories of personal data: information relating to the manner in which the User uses the website secwire.io (including information on products or services that the User is interested in) and information collected in Cookies. Decisions will be made as a result of profiling the above personal data (i.e. automatic analysis of the User’s preferences). This means that the Administrator will automatically analyze the User’s personal data in order to determine his preferences, in particular assess which of the Administrator’s or its partners’ products or services may be attractive to the User. After determining such preferences, the Administrator may conduct marketing activities (e.g. display advertisements) tailored to the User’s preferences. To the person whose data is processed by the Administrator, in any different than described scope, decisions will not be made in an automated manner, including as a result of profiling.
   10. In connection with the Administrator’s use of tools or services provided by third parties and the use of cookies of these entities, personal data may be transferred to a third country, in particular to Facebook, LinkedIn, Google Adsense, Google Analytics, Google reCAPTCHA, YouTube, HubSpot, MailOptin, Polylang, Yandex Metrica.
   11. The administrator may transfer personal data to countries outside the European Economic Area (EEA). In particular, the transfer of personal data outside the EEA (to Canada) will take place in connection with the provision of data of persons participating in trainings co-organized by PECB, in accordance with item 2.8. above. The transfer of personal data outside the EEA (to the United States) will also take place in connection with the Administrator’s use of tools or services provided by third parties and the use of cookies of these entities, in accordance with item 2.9. and 2.10. above. In a situation where the Administrator transfers personal data to such countries, the Administrator does it on the basis of Standard Contractual Clauses.
   12. More information on the transfer of personal data to third countries can be obtained by contacting the Administrator directly.
   13. Personal data processed by the Administrator may be made available to entities and bodies authorized to process such data on the basis of legal provisions.
   14. The administrator may publish commercial information, banners and links to other websites and other websites on the website secwire.io. By using a banner or link, the User goes to the site belonging to another owner, who is fully responsible for the content posted there, as well as the processing of personal data of visitors to the site.
3. Cookies and performance data
   1. Cookies files (hereinafter: “Cookies") are IT data, in particular small information in the form of text files sent by the server and saved and stored on the end device of the person visiting the website secwire.io. Detailed information on cookies can be found, among others here: https://support.google.com/chrome/answer/95647.
   2. As a rule, Cookies do not constitute personal data in themselves, but certain information stored in Cookies (e.g. regarding preferences), especially when combined with other information about the User, may be considered personal data. Personal data collected using cookies can only be processed for the purpose of performing specific functions related to providing the User with the website secwire.io, referred to below. Such data is encrypted in a way that prevents access by unauthorized persons. In a situation where the data collected using Cookies constitute personal data, the Administrator processes them only on the legal grounds provided for in the GDPR, as referred to in point 2.3. above.
   3. The following cookies are used as part of the website secwire.io:
      1. Administrator’s Cookies:
         1. session – temporary files, they remain stored on the computer or mobile device of the User until logging out of the website, leaving the website or turning off the software (web browser);
         2. permanent – they remain on the User’s device for the time specified in the parameters of Cookies or until they are manually deleted by the User in the web browser;
      2. third party Cookies.
   4. 3.4 The Administrator may process data (including personal data) contained in Cookies when Users use the website secwire.io for the following purposes:
      1. enabling the Administrator to administer the website secwire.io, in particular by collecting data in the form of server logs;
      2. authentication of the User of the website secwire.io;
      3. to verify whether the User has seen a pop-up window (the so-called Pop-up) and when to re-display the pop-up window regarding the settings;
      4. conducting marketing activities (including remarketing), in particular to present the User only personalized advertisements that correspond to his individual preferences, interests and needs (including profiling);
      5. measuring the Users’ interaction with the website secwire.io and determining where its Users come from;
      6. creating statistics that help to understand how Users use the website secwire.io, which allows improving its structure and content;
      7. development of the website secwire.io, including optimization of its functionality in terms of User behavior;
   5. Each visit to the website secwire.io is associated with sending a query to the server on which this page is located. Each query directed to the server is saved in the server logs. Server logs include, among others, User’s IP address, date and time of the event, information about the web browser and operating system used by the User. This information is saved and stored on the server used by the Administrator. The data stored in the server logs are not associated with specific people using the secwire.io website and are not used to identify the User. The server logs serve as an aid to the administration of the secwire.io website, and their content is not disclosed to anyone except those authorized to administer the server.
   6. The website secwire.io uses third party cookies, i.e. cookies operating as part of the secwire.io website and used by third parties (partners), whose services the Administrator uses to support and coordinate the website’s functionalities. the website secwire.io. Cookies are placed on the website User’s end device and may be used in particular by advertisers and partners cooperating with the Administrator. Third parties use the collected information to cooperate with the Administrator, however, they may also use it for their own purposes. The collected data may contain information on how the User uses third party websites and may allow them to recognize their users. More information on the cookies of these entities can be found in their privacy policies.
   7. The Administrator uses the services of the following third parties that use Cookies on the website secwire.io (to learn more, click on the entity name):