We care about your privacy. Your data is safe with us and is processed in accordance with the General Data Protection Regulation 2016/679 of 27 April 2016 (hereinafter: “GDPR”). We present to you the following policy to inform you about data processing and the rules on which it will take place.
1. What is personal data?
Information that identifies you or enables you to be identified, e.g. name, surname, telephone number or e-mail address. rexs.io collects your data in connection with the activities of rexs.io, for the purposes of contract implementation and marketing activities.
2. Who is responsible for processing personal data and who can be contacted in the rexs.io?
The administrator of your personal data is rexs.io sp. z o.o. with its registered office in Gdańsk (80-394) at ul. Kołobrzeska 14 (hereinafter referred to as “rexs.io”).
If you have questions about the processing of personal data and the exercise of rights related to data processing, please contact rexs.io:
- by directing correspondence to the following address: rexs.io sp. z o.o., ul. Kołobrzeska 14, 80-394 Gdańsk
- by electronic contact at the e-mail address: [email protected]
3. For what purpose does rexs.io process your personal data and on what legal basis?
rexs.io processes the personal data of rexs.io employees and associates in terms of name and surname, date of birth, address, education, and previous employment. Personal data is processed for the purpose of performing an employment contract or civil law contract, as well as for financial and accounting purposes.
rexs.io processes personal data provided by you in the contact form available on the website www.rexs.io in terms of name, email address, company name, position or telephone number, as well as the data contained in the content of the inquiry. Providing this data is voluntary, however, as regards the email address – necessary for us to answer the question addressed to us. Providing data more widely than an email address can help us understand the context of the case, and also enable telephone contact, which in certain cases can speed up the response.
rexs.io processes clients’ personal data. Personal data is processed only for the purpose of performing the contract.
As part of its activities, rexs.io collects and processes personal data based on:
- art. 6 clause 1 letter f) GDPR – for the purposes of legitimate interests pursued by the data controller, which is the rexs.io: to provide services to clients, marketing its services, including to inform about events organized by the rexs.io or in which the rexs.io participates and about rexs.io activities, as well as for analytical, statistical and to ensure IT security related to the rexs.io website;
- art. 6 clause 1 letter b) GDPR – to perform contracts concluded by the rexs.io with customers, to cooperate with suppliers and other entities cooperating with rexs.io;
- art. 6 section 1 letter c) and art. 6 clause 1 letter a) GDPR – to recruit people interested in working or cooperating in a rexs.io;
- art. 6 clause 1 letter c) GDPR – in the scope of fulfilling legal obligations incumbent on rexs.io.
4. Who can rexs.io transfer personal data to?
Personal data may be shared with other recipients in order to comply with the rexs.io legal obligation, based on your consent or for purposes arising from the legitimate interests of the rexs.io or a third party.
Recipients may be in particular: authorized employees and associates of rexs.io, institutions authorized by law to collect your personal data on the basis of relevant legal provisions.
In addition, data may be transferred to entities processing personal data at the request of rexs.io to their authorized employees, whereby such entities process data on the basis of a contract with the rexs.io only in accordance with rexs.io instructions and on condition that confidentiality is maintained.
5. Will your personal data be sent to a third country (outside the European Union)?
Some of our subcontractors may process your personal data in countries outside the European Union (“third countries”). However, if your data is transferred to third countries outside the EU, rexs.io will use appropriate instruments to ensure the security of your personal data and will only transfer data if there are legal grounds for such transfer, e.g. in the form of standard contractual clauses, or that the country to which the data is transferred has an adequate level of personal data protection, or in the case of data transfer and processing in the US, ensuring that the receiving entity is certified by the Privacy Shield Program.
Due to the fact that www.rexs.io uses tools such as Google Analytics, Google Adwords, Facebook Pixel, and GitLab, your data may be transferred to a third country (USA). In such a front.
6. How long will rexs.io process (store) your data?
Personal data will be processed for the period necessary to achieve the purposes of the processing, i.e.
- in the scope of implementation of the contract concluded with the rexs.io – until its completion, and after that time for the period required by law or for the implementation of any claims;
- in the scope of given employees and co-workers – for the period of employment or cooperation, and after its termination a maximum of 10 years from the end of the employment relationship or until the expiry of the limitation periods related to the performance of a civil law contract or the limitation of obligations arising from legal provisions;
- in the scope of fulfilling legal obligations incumbent on the rexs.io in connection with conducting business and implementation of concluded contracts – until such obligations are fulfilled by the rexs.io;
- in the field of direct marketing based on the consent until the consent for such processing is withdrawn;
- until the legitimate interests of the rexs.io on which the processing is based are fulfilled or until you object to such processing unless there are legitimate grounds for further processing of the data.
7. What rights do you have regarding personal data?
You have the right to:
- request access to your personal data and the right to rectify it, limit the processing of personal data or to delete it;
- to the extent that the basis for the processing of personal data is consent, you have the right to withdraw your consent to the processing of personal data at any time;
- object at any time to the processing of personal data:
- for reasons related to your particular situation, when the rexs.io processes data for purposes arising from legitimate interests (Article 21 (1) of the GDPR),
- for purposes related to direct marketing, including profiling for marketing purposes to the extent that the processing of your data is related to direct marketing (Article 21 (2) of the GDPR);
- requests to transfer personal data processed for the purpose of concluding and performing a contract or processed on the basis of consent. The transfer consists of receiving from the rexs.io your personal data in a structured, commonly used machine-readable format and sending such data to another data administrator;
- submitting a complaint to the supervisory body, i.e., to the President of the Office for Personal Data Protection, if it is found that the processing of your personal data violates the provisions of the GDPR.
8. Where do we obtain your personal data, and what are their categories?
First of all, the personal data collected by rexs.io comes directly from you. rexs.io also processes certain categories of personal data that were not obtained directly from you. Personal data may be obtained, among others from:
- persons representing you on the basis of a power of attorney;
- entities to which you have given consent to be transferred.
9. Website traffic monitoring and analysis