fbpx

APPLICATION PRIVACY POLICY

  1. Who are we and how to find us

My name is Lorenzo Brigatti, and I’m operating my business under business name “LORENZO BRIGATTI FIN-ED”, often using brand “Simpliinvest” and using Polish tax identification number 6783175858 and I am the controller of your personal data. My office is registered in Kraków (Osiedle Centrum C 7, lok. 23, 31-930, Kraków).

You privacy is important for me, as you share your personal data with me based on trust – and trust is crucial in my line of business. This document goal is to explain what data is collected by website [_____] (hereinafter: “Website”) and how they are secured and used.

This privacy policy applies to the use of the Website and features available on it (hereinafter referred to as the ‘Application’).

If you have any questions regarding this privacy policy you may contact us via e-mail to the address: [_]@[_] or by phone on +48 [_].

  1. How and why we process your personal data

We process completely anonymous data of each user of the Website, which characterizes the way they use our Website (these are the so-called exploitation data).

This processing includes automatic reading of an unique identifier identifying the termination of the telecommunications network or ICT system you are using (i.e. your IP address), as well as the date and time of the server, information about technical parameters of the software and device you use (e.g. whether you are using a laptop or a telephone while browsing the Website) and the place from which you are connecting to the server. Data stored in server logs are not associated with specific people using the service. Server logs are only an auxiliary material used to administer the Website.

This data is processed on the basis of Article 6 item. 1(f). GDPR (processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party). The “legitimate interest for the processing of your personal data” mentioned before is that in allows us to diagnose the Website and enhance it.

CONTACT FORM

Contact form is one of the features of the Website.

Your personal data that you send me by the contact form is processed by me your on the basis of Article 6 item. 1(f). GDPR (processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party). The “legitimate interest for the processing of your personal data” in this case is possibility for me to contact those who are interested in my services.

NEWSLETTER

Using the website you may order newsletter to be sent to your e-mail.

In such case, legal basis for processing your personal data is point (b) of Article 6(1) of GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract), as newsletter is delivered to you based on a contract that we enter into.

COOKIES POLICY

Like almost all applications, we use cookies. Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone), which can be read by our ICT system.

Cookies allow us to:

  • ensure proper functioning of the site (durability of the session when you are logged in),
  • increase the convenience, speed and safety of using the service,
  • obtain statistical information about visits to our Application.

The cookies we use do not collect any personal data from you. Anonymous data is completely sufficient for the purposes mentioned above. If we process your personal data for other reasons (e.g. you have an account on our Application and there you provided us with your data), we do not combine them in any way with anonymous data obtained by means of cookies.

Consent to cookies. During your first visit to our Application, you will be informed about the use of cookies. You can always withdraw your consent by deleting cookies and changing the settings of cookies in your browser. Remember, however, that disabling cookies may cause difficulties in using the Application, as well as many other applications that use cookies. Consent to use cookies may be necessary for the proper use of your account on the site (cookies allow the software of our site to ‘see’ that you are logged in and maintain the continuity of your session when you jump between subpages).

Own Cookies. Cookies can be divided into own and coming from third parties. As far as our own cookies are concerned, we use them in order to improve the functioning of the Application and to enable proper use of accounts (session maintenance).

Cookies of third parties. Our Application uses third party cookies only to create anonymous statistics of visits.

  1. What personal data we process

We process the following personal data:

PERSONS ENTERING WEBSITE

  1. IP,
  2. server's date and time
  3. localisation of the device from which you connect to the Website,
  4. technical parameters of the device and software you use when you are connected to the Website,
  5. UTM tags indicating from which net location you arrived,
  6. On-line identifications, including cookies, internet protocol addresses and identifications of devices (for purposes of using cookies files).

PEOPLE WHO USE THE CONTACT FORM

  1. e-mail address,
  2. first name and family name,
  3. telephone number (if provided),
  4. other personal data that could potentially be included in the message by the sender.

PERSONS WHO ORDERED THE NEWSLETTER

  1. e-mail address,
  2. first name.
  1. To whom we disclose your personal data

The data of all users of the Application are processed in the IT system, located in part in the so-called public cloud computing provided by third parties (responsible for hosting the Website).

Personal data of people using the contact form are also processed in the IT system, located in part in the so-called cloud computing provided by third parties responsible for hosting email that we use. Due to the location of these entities' servers, this data may be transmitted, stored and processed in third countries. These entities, however, guarantee an adequate level of data protection.

Our IT systems are serviced by an external specialized entity. When providing services to us, it may have access to your personal data.

Some of the operations described above involve sending your personal data to so-called third countries (outside the European Economic Area) where GDPR does not apply. However, this always happens based on the legal instruments provided for in the GDPR, guaranteeing adequate protection of your rights and freedoms. Detailed information in this regard can be found in the privacy policies posted by providers on their websites.

We entrust the processing of personal data to:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for purposes of storing data on their server and operating e-mail server. We us Google services for purposes of our e-mail correspondence and storing data in cloud (Gsuite), and also for analytical and statistical purposes (Google Analytics),
  • hosting
  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irlandia – for storing data on servers as part of Google Cloud Platform. Our Website is located on those servers and anything that you write in contact form will appear there. You data is storen on safe servers in [_____]. Nasz Serwis znajduje się na tych serwerach, wszystko co wpiszesz w naszych formularzach musi tam się pojawić. Twoje dane są przechowywane na bezpiecznych serwerach w Niemczech. Połączenia, których używamy do łączenia się z serwerem są szyfrowane,
  • OVH sp. z o.o., 5 Szkocka street, flat 1 - 54-402 Wrocław - in order to store data on the server. Our services are located on these servers, so everything you type in our forms must appear there. According to the information from this provider (which can be found here: {0>https://www.ovh.pl/ochrona-danych-osobowych/rodo.xml), centra danych OVH znajdują się w Unii Europejskiej, natomiast zespoły pomocy technicznej znajdują się w Unii Europejskiej oraz w Kanadzie, która także została uznana przez Unię Europejską za kraj spełniający wymagania w zakresie odpowiedniego poziomu ochrony danych osobowych.<}0{>https://www.ovh.pl/ochrona-danych-osobowych/rodo.xml), OVH's data centres are located in the European Union, while technical assistance teams are located in the European Union and Canada, which has also been recognised by the European Union as meeting the requirements for an adequate level of protection of personal data. OVH reserves the right to delegate the provision of technical assistance services involving remote access to customer data to other OVH units located in countries with a level of data protection recognised by the European Commission as sufficient (except in the USA),
  • H88 S.A. based in Poznań, ul. Franklina Roosevelta 22, 60-829 Poznań - to store data on the server. Our site is on these servers, everything you enter in our forms must appear there. Your data is stored on secure servers in Germany. The connections we use to connect to the server are encrypted.
  1. How long we process your personal data

Personal data provided via the form will be stored for no longer than is necessary to answer you, and after that time may be stored in the event of potential claims for the limitation period specified by law.

The processing of your personal data contained in cookies lasts until you disable their use. You can do this by deleting cookies and changing cookie settings in your browser.

Personal data processed for purposes of sending you newsletter will be processed as long as the agreement regarding sending the newsletter is in force (which is, until it is terminated by either of the parties) and after that time may be stored in the event of potential claims for the limitation period specified by law.

  1. How we enable you to realize your rights

We make our best efforts to ensure that you are satisfied with working with us. Please bear in mind, however, that you are entitled to a number of privileges which will allow you to have influence on the manner in which we process your personal data, and in some cases you may stop such processing.

If you are a person to whom the GDPR applies, these rights include:

  • the right to access the personal data (regulated in Art. 15 of the GDPR)

Article 15

Right of access by the data subject

  • The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from the data subject, any available information as to their source;
  8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  • Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
  1. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
  2. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
  • the right to rectify the data (regulated in Art. 16 of the GDPR)

Article 16

Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

  • the right to erase the data (regulated in Art. 17 of the GDPR)

Article 17

Right to erasure (‘right to be forgotten’)

  1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
  3. the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
  4. the personal data have been unlawfully processed;
  5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  6. the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
  7. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.


  1. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise or defence of legal claims.
  • the right to restrict the processing of data (regulated in Art. 18 of the GDPR)

Article 18

Right to restriction of processing

  • The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
  1. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  4. the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
  • Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
  • A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.
  • the right to object to the processing of data (regulated in Art. 21 of the GDPR)

Article 21

Right to object

  • The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
  • Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
  • At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.
  • In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
  • Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
  • the right to transfer data (regulated in Art. 20 of the GDPR)

Article 20

Right to data portability

  • The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
  1. the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
  2. the processing is carried out by automated means.
  • In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
  • The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

If you are not a person to whom the GDPR applies, these rights include all the rights granted to you under the applicable data protection law in your country.

In order to exercise any of the rights above described, please contact us by sending an e-mail to the address we have first contacted you from, or the address: [_]@[_]. You may also contact us on +48 [_].

  1. Complaint to the supervisory authority

If you are the person to whom the GDPR applies pursuant to Art. 77 of the GDPR you are entitled to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place where the alleged violation has been committed, if you believe that processing of your personal data violates the provisions of the GDPR.

If you are not the person to whom the GDPR applies, you are entitled to lodge a complaint with the office dealing with the protection of personal data in your country in accordance with applicable law.

  1. Is it necessary to provide the data in order to conclude the agreement with us?

NEWSLETTER

We collect your personal data primarily to the extent necessary for the conclusion and performance of the agreement. If you do not provide me with personal data (in particular e-mail address) it will make it impossible to cooperate with you.

CONTACT FORM

We do not conclude any agreement with you at this stage. Some of your details (which are marked on the form as 'required') are necessary for us to answer your question.

COOKIES

Consent to use cookies is not necessary for the proper use of your account on the site (cookies allow the software of our site to ‘see’ that you are logged in and allow you to access the account content).

  1. How do we obtain your personal data

We generally collect your personal data directly from you (including automated methods).

  1. Automated processing and profiling

Exploitation data and data related to using cookies are processed in automated way (however, they are not subject to profiling, as understood based on GDPR).

Other data is not subject to automated processing or profiling.

SIMPLINVEST
Osiedle Centrum C 7 
31-930 Kraków
Copyright ©2020 Simplinvest
DESIGN BY KAMIL GŁADYSZEWSKI