Revas Sp. z o.o. [limited liability company] (hereafter: Revas) as a service provider in the education sector, considers protection of personal data to be one of the most important aspects of its activity. Therefore, our goal is to duly inform our Users about matters related to the protection of personal data and its processing.
This statement also serves as a fulfilment of disclosure requirement pursuant to Regulation (EU) no. 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereafter: General Data Protection Regulation, GDPR).
The personal data Controller
The Controller of personal data of the https://www.revas.online/ website (hereafter: The Website) Users is:
Revas Spółka z ograniczoną odpowiedzialnością [limited liability company] with its registered address in Rzeszów at: ul. Popiełuszki 26 c, 35-328 Rzeszów. Entered into the Register of Entrepreneurs of the National Court Register held by the District Court in Rzeszów, 12th Economic Department of the National Court Register under the KRS (National Court Register) Number 0000638640, NIP [tax identification number] 5170376971 and REGON [statistical identification number]: 365460300.
What exactly is meant by personal data?
Personal data – means any information related to an identified or identifiable natural person. It may contain data such as: name and surname, identification number, location data, online identification number, but also one or several specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.
The processing of personal data is in general any activity related to it, e.g. collecting (gathering), storing, recording, viewing, sharing, using, erasure or destruction.
Information provided by the User, at the time of creating an account on the website:
Our aim is to maintain transparency about the manner and legal bases for the processing of personal data, which is why we ensure that each time we inform you about what data we collect and for what purpose.
To fully benefit from the services offered by the Website, it is recommended to register. In such cases, we request you to provide personal data in the application form, such as User’s: name and surname, e-mail address, country, phone number. We will store them together with the account details. The information provided in the application form is used by us to make necessary contacts with our Users and to better adapt the presented content as well as featured ads to Users’ needs and interests.
The collection of personal data of the Users is treated as a separate database stored on the server in a special security zone, to ensure its adequate safety. Only a small number of authorized individuals, who deal with database administration, have the full access to the database.
The collected personal data are not sold or lent to other persons or institutions, unless it is done with explicit consent of or upon the request of the User or upon the request of legally authorized state authorities for the purpose of their proceedings. We may, however, disclose collective, general statistical information developed by us to our partner websites and advertising agencies. Such statistical information may refer mainly to the viewership of our websites and do not contain data which allow to identify individual Users.
The right of access to data and User rights
According to the GDPR, every User has the following rights:
- Right of access to data (Article 15 of the GDPR)
The User shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her is being processed, and, where that is the case, access to the personal data. The Controller will provide the User with a copy of the personal data being processed upon his/her request.
- Right to rectification (Article 16 of the GDPR)
The User shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her.
- Right to erasure (“right to be forgotten”) (Article 17 of the GDPR)
The User shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- the personal data is no longer necessary in relation to the purposes for which it is collected or otherwise processed,
- the User withdraws consent on which processing is based,
- the User objects to the processing of personal data concerning him or her and there are no overriding legitimate grounds for the processing.
- Right to restriction of processing (Article 18 of the GDPR)
The User shall have the right to obtain from the Controller restriction of processing where one of the following applies:
- the data is inaccurate – for a period enabling to verify the accuracy,
- the User has objected to processing, pending the verification, whether the legitimate grounds of the Controller override those of the User,
- the processing is unlawful, and the User opposes the erasure of the personal data and requests the restriction of their use instead;
- Right to data portability (Article 20 of the GDPR)
The User shall have the right to receive the personal data concerning him or her, which he or she has provided to a Controller, in a structured, commonly used and machine-readable format and shall have the right to transmit those data to another Controller without hindrance from the Controller to which the personal data have been provided.
- Right to object (Article 21 of the GDPR)
Where personal data is processed for direct marketing purposes, the User shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
How can you exercise your rights?
We have appointed a group of employees who will answer the questions only related to the above mentioned issues. Please contact us at firstname.lastname@example.org.
For correct identification, the e-mail should be sent from the same e-mail address provided during registration.
Questions or requests can also be sent by post – via registered letter to the address of the data Controller.
Within a month, the Controller will provide the User with answers regarding the actions taken. If the Controller does not take such actions, the User will be informed of a such fact.
Every person has the right to lodge a complaint regarding the Controller to the President of the Personal Data Protection Office.
How long do we process data?
User’s data will be stored by the Controller for the duration of individual services /purposes and:
- for the period of limitation of claims in accordance with the provisions of the Civil Code;
- for the period required by tax law – in relation to personal data associated with the fulfilment of obligations under tax law;
- until an effective objection has been lodged – in relation to personal data processed on the basis of the legitimate interest of the Controller or for marketing purposes;
- until the consent is withdrawn or the purpose of processing is achieved – in relation to personal data processed on the basis of consent;
Our website employs safety measures in order to protect all personal data remaining under control of our Controller against loss, unauthorised processing and alteration. The Controller has also implemented an internal Personal Data Protection Policy in order to ensure the personal data are adequately protected in accordance with the applicable rules and norms and in particular:
- Only authorized employees or associates of the Controller and authorized persons responsible for the maintenance of the website to whom the appropriate authorization has been granted have direct access to personal data collected by the Controller.
- The Controller represents that by commissioning other entities to provide services, he/she requires maintenance of adequately high standards for the protection of personal data, signing of relevant entrustment contracts, in which the partners confirm the application of the standards and the right to audit the compliance of their activities with these standards.
- In order to ensure adequate protection of services provided by electronic means, the Controller applies a high level of security, including cryptographic protection for the transmission of personal data (the SSL protocol).
- Due to the public nature of the Internet, the use of services provided by electronic means may entail certain risks, regardless of due diligence exercised by the Controller.
How we use the information obtained:
Providing, improving and developing our services.
The availability of this information allows us to maintain the Services, personalize the content and suggest various solutions to Users, because our understanding of how users use elements of the services and resources that are of interest to them is contingent upon the information collected. We also use the information we collect to offer various types of facilitations and suggestions.
Communication with the User
We use information about the User while selecting the marketing content which we send, in communication about services, and in order to inform the User about our policies and regulations. We also use it to respond to your requests for contact.
Display and monitoring of ads and services
We use the information we have available to improve our advertising and measuring systems which, in turn, is intended to display ads that are of interest to the User, both within and outside the website, as well as to measure the effectiveness and scope – of both ads and services.
Cookies (and other similar technologies) Policy
In connection with providing the content of websites, we use so-called cookies. Cookies are small text files stored on the User’s computer or other mobile device while using the websites. These files are used, among others, for various functions provided on the website or to confirm whether the User has seen a specific content from the given website.
In this document, information pertaining to cookies also applies to other similar technologies used on our websites.
Information contained in access logs
Similarly to most of Internet services publishers, we collect information about the use of the websites by users and their IP addresses, based on the analysis of access logs. This information is used for technical purposes related to the administration of the servers of our websites, as well as for statistical purposes, for the demographic analysis of users. We may be required to provide information, in particular the computer’s IP address, contained in the access logs at the request of legally authorized state authorities, for the purposes of their proceedings.