English

PRIVACY POLICY

Protection of Personal Data and privacy is our priority. This Privacy Policy ("Policy") describes who we are, how we collect, share and use Personal Data and how people whose data we process can exercise their privacy rights. 

If you have any questions or doubts regarding our use of your Personal Data, please contact us using the contact details provided in Article 9. The Policy also includes links to other documents regulating or informing about the principles of Personal Data processing performed by us.

Article 1. About Autenti

The Administrator provides services electronically, in accordance with the Autenti Platform Regulations or other regulations available at https://autenti.com/regulaminy. Autenti platform enables Users to send Documents electronically in order to submit electronic signatures. We also provide other related services such as confirmation of identity or assistance with issuing  qualified certificate of electronic signature provided by trust service providers.  You can find more information about our services on our website https://autenti.com

Article 2. Definitions

  1. Individual terms used in the Policy bear the meaning assigned to them respectively in Article 2 hereinbelow or in the Regulations of the Autenti platform
  2. The terms used in the Policy mean:
    a) "GDPR" - Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data and on repealing the Directive 95/46/EC;
    b) "Personal Data" - any information about a natural person identified or identifiable by one or more specific factors, including, in particular, name, surname, email address, telephone number, device IP number, location data, internet identifier and information collected through cookies and other similar technology;
    c) "Trusted Partner" - an entity which the Administrator cooperates with in the field of directing marketing contents to the Client and User;
    d) "Autenti platform" - an IT tool under which the service is provided electronically by the Administrator, available within the scope of the website under the name "Autenti", in accordance with the Regulations of the Autenti Platform;
    f) "Autenti Platform Regulations" - regulations defining the terms and conditions for the provision of electronic services by the Administrator within the scope of the Autenti Platform, available at https://autenti.com/regulaminy;
    g) "Administrator" - Autenti sp. z o.o. with its registered seat in Poznań, at ul.  Św. Marcin 29/8, 61-806 Poznań, entered into the register of entrepreneurs kept by the District Court for Poznań Nowe Miasto i Wilda in Poznań, VIII Commercial Division of the National Court Register, under KRS number 0000436998, NIP (Tax ID no) 783-169-32-5;
    h) "User" - any natural person who uses the Administrator's services;
    i) "Client" - an entity that has concluded an agreement with the Administrator for the Account maintenance on the Autenti Platform;
"Account" -  a set of data related to a given Client, including information provided by the Client during Registration, as well as information on the activity of the Client and Users added to this Account under the Autenti Platform. The Account enables ordering or full use of the services provided under the Autenti Platform, assigned to a given Account.

Article 3. Privacy protection principle

  1. The Administrator pays significant attention to the protection of privacy and confidentiality of Personal Data, including those processed in connection with the provision of its services. 
  2. Personal Data are processed by the Administrator in accordance with the provisions on the protection of Personal Data, in particular including the GDPR.
  3. The Administrator selects and applies with due diligence the appropriate technical and organisational measures ensuring the protection of processed Personal Data. Access to Personal Data is granted only to persons authorized by the Administrator who agreed to maintain it confidentiality. 
  4. Personal Data are protected by the Administrator against disclosure to unauthorized persons, as well as other cases of their disclosure or loss, and against their destruction or unauthorized modification, through the use of appropriate organisational safeguards, as well as technical and programming safeguards, in particular data encryption systems. Passwords are encrypted in such a way that they cannot be read by the Administrator and persons acting on his behalf.
  5. The Administrator acts as the processing entity in relation to the Personal Data disclosed by the Clients for the purpose of Personal Data processing. Detailed rules for the processing of Personal Data on behalf of Clients can be found in the "Information clause tab under Art. 14 GDPR - for recipients of documents on the Autenti Platform."
  6. Data transmission to and from the Administrator takes place through the use of a secure SSL protocol, whereas the Administrator is not liable for the part of data transmission that takes place under individual email systems which are beyond the Administrator's control serving the User to send or receive messages.
  7. The Administrator may process Personal Data automatically, including  profiling, however, the automated processing will not result in any decision having legal effects or will not materially affect the Users in any similar way. Such processing may affect the selection of the displayed advertisements or the selection of products and services offered. The User may receive special offers via personalised email or internet advertising.
  8. Users' or Clients' Personal Data may be transferred to a third country or an international organisation only if that third country, territory or specified sector or sectors within that third country or the international organisation where the data are to be transferred to, ensures an adequate level of protection in accordance with Art. 44-46 of the GDPR.
  9. If the provisions of section 8 above cannot be applied, the Administrator applies standard contractual clauses in accordance with the Decision of the European Commission of June 15, 2001 on standard contractual clauses for the transfer of Personal Data to third countries, pursuant to Directive 95/46/EC. The text of the decision can be found on the website:
    (https://eurlex.europa.eu/legalcontent/PL/TXT/PDF/?uri=CELEX:32001D0497&from=en).
  10. The list of Trusted Partners can be found on our website under [LINK].

Article 4. Basis for Personal Data processing

  1. The scope of Personal Data processed by the Administrator is limited to the context of interaction with the Personal Data entity in connection with the services provided, products offered and functions used by the Personal Data entity. 
  2. Personal Data may be transferred to the Administrator directly when filling in registration forms, ordering or using services, communication undertaken with the Administrator (e.g. consultation with our client service department). 
  3. Providing Personal Data is voluntary, however, failure to provide Personal Data may result in the inability to conclude or perform an agreement for the provision of specific services.
  4. The Administrator may process third party Personal Data, provided by Clients or Users for the purposes of communication, recommendation or using the Administrator's services, in particular including the conclusion or performance of an agreement concluded through the tools provided on the Autenti Platform. 
  5. The Administrator may process Personal Data that have been transferred from external sources, such as public databases, social media platforms, external data providers or marketing partners whom the Administrator cooperates with.
  6. Personal Data may include information such as: name, surname, place of employment, position, email address, mobile phone number, location, IP address, account login details, data provided during problem reporting and within technical or legal support, payment information, if the Client has decided to purchase paid services.
  7. Personal Data of Users and Clients are processed by the Administrator for the purpose of:
    a) performance of the agreement for the provision of electronic services (pursuant to art. 6 point 1 letter b of the GDPR), and in particular of;
       i. providing services, in particular related to sending documents, submitting electronic signatures, electronic seals and other declarations of intent, and performing the verification of the identity of Personal Data entities under Broker ID,
       ii. setting up and managing the Account or User Accounts, and ensuring their service, document handling and solving technical problems;
        iii. handling notifications submitted by Users, e.g. via the contact form,
        iv. directing any communication related to the services, including marketing of own services referred to in point i. above, including information regarding the Account, new products or functionalities,
    b) fulfilment of the Administrator's legal obligation (pursuant to Art. 6 point 1 letter c and point 3 of the GDPR), and in particular for the purposes of;
         i.tax and accounting,
         ii.considering complaints submitted by Users,
    c) implementation of the legitimate interests of the Administrator (pursuant to Art. 6 point 1 letter f of the GDPR): marketing of own products or services, statistical and analytical purposes;
    d) pursuing or securing claims or defending against them (pursuant to Art. 6 point 1letter f of the GDPR)
    e) marketing activities performed by the Administrator, based on the consent expressed by the User, concerning for e.g. 
         i.the Administrator's provision of the newsletter delivery service in accordance with the Newsletter Regulations, 
         ii. marketing of own products or services through the Trusted Partners whom the Administrator cooperates with. Trusted Partners mean entities which Autenti cooperates with in the scope of implementing or providing services specified in the Autenti Regulations. The full list of Trusted Partners can be found on the website in the domain https://autenti.com
  8. The Client  has the right to resign from receiving electronic messages referred to in art. 7 letter a item iv and letter e, and demand that the processing of Personal Data be discontinued for this purpose. The Client should send the relevant request to the following address: ido@autenti.com. The Client also has the right to resign via the link available in the received email messages. 
  9. The Personal Data of Users or Clients can be made available to other Users or Clients, if it is necessary for the purposes of communication, using the Administrator's services, in particular including the conclusion or performance of the agreement concluded through the tools available on the Autenti Platform and verification of parties to such agreement, confirming their identity and confirming the submission of declarations of intent.
  10. If the User submits third party Personal Data to Autenti for the purposes of communication, recommendation or use of the Administrator's services, in particular for the conclusion or performance of an agreement concluded through tools within the Autenti Platform, then - depending on the given situation - the Client provides or entrusts the processing of Personal Data of these third parties to the Administrator. Through the submission of third party Personal Data to the Autenti Platform, the Client should be entitled to do so, for example, have the appropriate consent of the entity that the Personal Data refer to, as well as fulfil the information obligation towards these entities.
  11. If the third party Personal Data are made available, the Administrator becomes the administrator of these Personal Data and, in cases provided for by law, fulfils the secondary information obligation towards persons whose Personal Data were obtained in a way other than from the person they concern (in accordance with Art. 14 of the GDPR). The disclosure takes place when the shared data relates to other Clients of the Administrator.
  12. If the User entrusts the processing of Personal Data, the provisions of the Autenti Platform Regulations, constituting an agreement for entrusting the processing of Personal Data, will apply. 
  13. The Administrator uses the IP addresses collected during Internet connections for the purposes of verifying the User's identity (the IP address number can be found on the Signature Cards) and for technical purposes related to server administration. In addition, IP addresses are used to collect general, statistical demographic information (e.g. about the region which the connection is made from) and constitute material for statistical analysis and mechanisms for correcting system errors. These data may also be combined with data provided by Users in order to provide services under Autenti. 
  14. The Administrator uses "cookies". Information collected by means of "cookies" allows to customize the services and content according to individual needs and preferences of Users and other visitors of the Administrator's website, as well as serves to develop general statistics concerning their use of the Autenti Platform. Not consenting to cookies or disabling the option of saving "cookies" in the web browser does not prevent the use of the Autenti Platform or the Administrator's website, however, it may cause certain difficulties. Detailed provisions relating to Cookie files are set out in the Cookie Policy constituting an attachment to this Privacy Policy.

Article 5. Collection of Personal Data

  1. In order to register on the Autenti Platform, the User is obliged to complete the form available on the Administrator's website, in accordance with Chapter II of the Autenti Platform Regulations. 
  2. In the case of registration and logging in to the Autenti Platform, using the username (login) and password to access the websites indicated in Chapter II sec. 3 of the Regulations of the Autenti Platform, the data contained in the User profiles of these websites, provided and collected in the profile on the Autenti Platform are treated as data submitted by the User during registration on the Autenti Platform. 
  3. In order to increase its credibility when authorizing documents, the User may provide more data than required by the registration form referred to in Art. 3 sec. 1. The User may increase his or her credibility, in particular, by providing such data as: home address, correspondence address, PESEL number or other personal identification number, identity document number, telephone number, signature specimen or scan of an identity document, whereas if the user is a natural person conducting business activity or a representative of a legal person, by providing such data as: name, surname, address of the place where business activity is conducted, telephone number. 
  4. The User's activity on the Autenti Platform, including his or her Personal Data, may be recorded in the system logs. Information collected in the logs is processed in connection with the provision of services. The Administrator also processes the information collected in the logs for technical purposes, in particular, the data may be temporarily stored and processed in order to ensure the security and proper functioning of IT systems, e.g. in connection with creating backups, testing IT systems, detecting inconsistencies or protecting against misuse and attacks.

Article 6. The scope and time of Personal Data processing

  1. Personal Data provided by the Client are distributed to other Clients of the Autenti Platform or third parties indicated by the Client in order to sign or inspect the provided document. In addition, Personal Data are used by the Administrator to send Clients or Users information about its services, to provide services by the Administrator, and for statistical purposes. 
  2. The Administrator uses IP addresses collected during internet connections in order to protect the interests of Users or to clarify facts when considering disputes, inconsistencies or abuse and for technical purposes related to server administration. In addition, IP addresses are used to collect general, statistical demographic information (e.g. about the region which the connection is made from  in order to determine the default language of the user interface for a given region) and for the purpose of providing services. 
  3. Personal Data processed in order to perform the agreement for the provision of services specified in the Autenti Regulations will be stored for the duration of the agreement, and after its expiry for the period necessary to:
    a) provide after-sales client service (e.g. handling complaints);
    b) secure or pursue claims;
    c) if necessary - properly provide services in accordance with the Autenti Regulations, including documenting declarations of will made towards other Users, if any of the other Users still use the Administrator's services;
    d) comply with the legal obligations of the Administrator (e.g. arising from tax or accounting regulations).
  4. Personal Data processed for the purposes of marketing of products or own services based on a legitimate legal interest, will be processed until the person concerned declares his or her objection.
  5. Personal Data processed on the basis of a submitted consent are processed until the consent is  withdrawn. 
  6. After the expiry of the processing period, as long as it is technically possible and if the applicable law does not allow or require further processing of Personal Data, then the Personal Data are irreversibly deleted or anonymised.

Article 7. Control of Personal Data processing

  1. The User and the Clients have the right to request access to the content of their Personal Data, request a copy thereof , request their rectification or deletion, request to limit the data processing, request to transfer Personal Data, object to the processing of Personal Data based on the Administrator's legitimate interest or to processing for the purpose of direct marketing, withdrawal of consent at any time without affecting the lawfulness of processing (if the processing is based on the consent), which was made on the basis of the consent before its withdrawal.
  2. The User and the Client are required to provide complete, updated and correct Personal Data.
  3. The execution of the rights indicated above in sec. 1, is possible by contacting the Data Protection Officer or the Administrator. The application should specify the purpose of the request , and in particular which right the applicant wants to exercise, what kind of processing the request concerns and what is the expected way of fulfilling such a request.
  4. If the Administrator is not able to determine the content of the request or identify the person submitting the above mentioned application based on the submitted application, he or she will ask the applicant for additional information.
  5. The response to the application will be given within one month upon its receipt. If it is necessary to extend this period, the Administrator will inform the applicant about the reasons for such extension.
  6. If it is found that the processing of Personal Data violates the provisions of the GDPR or other provisions concerning the protection of Personal Data, the entity whom the data refers to may submit a complaint to the President of the Personal Data Protection Office.

Article 8. Sharing Personal Data

  1. Personal Data can be made available to entities authorized to receive them, under the relevant legal regulations, including those of competent judiciary authorities. Personal Data may also be transferred at the request of the Administrator to entities processing Personal Data indicated by the Administrator, that is partners providing:
    a) technical services, inter alias hosting (including data storage in the so-called cloud), concerning the development and maintenance of IT systems and websites,
    b) marketing services,
    c) debt collection services,
    d) bookkeeping and accounting services;
    e) advisory and consulting services,
    f) trust service providers
    g) other entities thanks to which the Administrator provides services by electronic means.
  2. Users' Personal Data may be transferred to third parties - in cases not indicated by the Administrator or by legal regulations - but upon the consent of the User, which may also be expressed through User's appropriate and intentional actions, in particular including: entities intermediating in payments made on the Autenti Platform.
  3. If the User agrees, his or her data can also be made available to other entities for their own purposes, including marketing purposes and sending commercial contents by electronic means.

Article 9. Administrator's contact details

Contact with the Administrator or the Personal Data Protection Inspector appointed by the Administrator is possible through: 

  1. electronic form available on the website: https://autenti.com/kontakt/; or
  2. at the email address: iod@autenti.com; or 
  3. at the traditional mail address: Autenti sp. z oo, ul. Sternbacha 1, 30-394 Kraków.