Article 1. Privacy principle
1. Autenti sp. z o.o. with its registered office in Poznań, as personal data controller ("Data Controller"), places strong emphasis on the protection of privacy and confidentiality of personal data entered by Internet users ("Users") to electronic forms on the website operating as "Autenti" ("Autenti").
2. The Data Controller shall select and apply appropriate technical and organisational measures with due diligence to ensure the protection of processed personal data. Full access to databases shall be granted only to persons duly authorised by the Data Controller.
3. Passwords shall be encrypted to avoid the possibility of them being read by administrators.
4. Electronic files being part of Users' documents shall be encrypted.
5. Data shall be transmitted to and from the Data Controller on Autenti with the use of a secure SSL protocol; however, the Data Controller shall not be held liable for the part of data transmission taking place in email systems independent of the Data Controller, used by the User to send or receive a message.
Article 2. Grounds for personal data processing
1. Providing any personal data shall be voluntary.
2. Personal data shall be processed based on the consent expressed by Users as well as the statutory authorisation to process data necessary for information purposes and provision of services by the Data Controller.
3. The Data Controller shall be entitled to process data of third parties provided by Users for communication and recommendation purposes and to be able to use Data Controller's services, including without limitation to conclude or perform the contract with the use of tools available on Autenti. By providing such data, the User represents that he has obtained a relevant consent for the use of his data on Autenti from the person whose data is provided.
4. Users' data can be shared with other Users if it is necessary for communication purposes and to be able to use Data Controller's services, including without limitation to conclude or perform the contract with the use of tools available on Autenti.
Article 3. Collection of personal data
1. Personal data provided by Users through electronic forms shall be processed in accordance with the law applicable to personal data processing, in particular the Personal Data Protection Act of 29 August 1997.
Article 4. Scope for personal data processing
1. Data provided by the User shall be used for sending information about the Data Controller and its services, performance of services provided by the Data Controller, and for statistical purposes.
2. Personal data of persons indicated by Users, who rejected an invitation to join Autenti, shall be processed by the Data Controller for purposes relating to the management of services offered by the Data Controller, including without limitation verification of persons who rejected the above invitation.
3. The Data Controller shall use IP addresses collected from internet connections to protect the interests of Autenti users or explain facts during the settlement of disputes, dealing with problems or abuses and technical issues relating to server administration. In addition, IP addresses shall be used to collect general, statistical, demographic information (e.g. about the region when the connection is made to set a default interface language for the user).
Article 5. Monitoring of personal data processing
1. Each User whose personal data is processed by the Data Controller shall be entitled to access his data, complete, update, correct it and suspend its processing temporarily or permanently, or demand its removal. The User shall provide complete, up-to-date and true data.
2. The rights referred to above in clause 1 shall be exercised by filling out a relevant form available on Autenti.
3. The User may demand that the processing of his personal data be discontinued at any time. The Data Controller shall discontinue the processing of personal data if the law does not require its further processing.
Article 6. Sharing of personal data
Users’ data may be shared with entities authorised to receive it on the basis of applicable provisions of law, including appropriate judiciary authorities. Users' personal data may be transmitted to third parties – in cases not specified by the Data Controller or provisions of law – only with User's consent.