PRIVACY POLICY OF MSERWIS WEB PORTALS

The Privacy Policy, along with the Cookies Policy, of MSERWIS Web Portals describes how the Controller handles personal information (including Personal Data) when the User, especially a Client, uses the Services of Web Portals - Domeny.tv; MSERWIS.pl; Certyfikaty24.pl. This applies also to other information provided during use of the Web Portals, in any manner, including during purchase of Services. Below, we present the main aspects of operation of the Web Portals that affect or may affect the privacy of their Users.

This Document (Policy) is an attachment to the Terms and Conditions of MSERWIS Web Portals (Terms and Conditions). Unless stated otherwise, if this Policy uses a term defined in the Terms and Conditions, it has the meaning assigned in the Terms and Conditions. Otherwise, the definitions adopted in this Policy apply.

The Controller of the personal data of Web Portal users is “MSERWIS” (PDC): DOMENY.TV MSERWIS Sp. z o.o. with registered office at ulica Stacyjna 1/63, 53-613 Wrocław, entered in the Register of Entrepreneurs kept by the District Court for Wrocław-Fabryczna, Commercial Division VI of the National Court Register (KRS) under KRS number 0001090436, NIP (Tax Identification Number) 8971849179, REGON (National Official Business Register) 368943222. The Controller can be contacted via e-mail: info@mserwis.pl or via the contact form: https://www.mserwis.pl/kontakt.

I. SCOPE OF PROCESSED PERSONAL DATA AND THEIR SOURCES

During use of the Web Portal, the Controller may record such information as (including but not limited to):

  • name, surname
  • postal address;
  • telephone number;
  • e-mail;
  • registration IP;
  • registration confirmation IP;
  • logging IP;
  • IP of the entry on specific pages/sub-pages of Web Portals;
  • data on the elements “clicked” by the User on the website;
  • location information;
  • information on returns to the website - even of an unlogged User
  • information on purchase preferences, including on the basis of viewed products, previous purchases as well as articles temporarily added to the cart - even if ultimately not purchased;
  • data on subscription for the newsletter.

When you register on any of the Web Portals operated by MSERWIS and create an Account using the Web Portals, and then use the Web Portals, MSERWIS obtains your personal data directly from you.

On the other hand, when you register on www.domeny.tv Web Portal and create an Account using the Facebook Login option, MSERWIS obtains your personal data via Facebook. It is a service offered by Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, and for the users residing in the EU – Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). No additional registration is required if this service is used. To log in, the User is redirected to the Facebook page where he/she can log in using his/her user data. This way, the User profile on Facebook is connected with our Web Portal. Through this connection, we automatically receive information regarding you from Facebook, including your e-mail address. This information is required to conclude the contract for the purpose of identification of the Service Recipient. For more information on the Facebook profile and privacy settings, see the personal data guidelines available on https://pl-pl.facebook.com/about/privacy/update.

II. PURPOSES, LEGAL BASES OF PROCESSING AND PLANNED PERIOD OF DATA STORAGE

No PURPOSE OF PROCESSING OF PERSONAL DATA LEGAL BASIS FOR PROCESSING OF THE PERSONAL DATA
1. COOKIES - MSERWIS processes your data when you consent to use of cookies other than necessary to provide the electronic service, including installation of cookies by third parties and transfer of data collected through such cookies to the abovementioned third parties. For more information on the personal data collected by means of own cookies of MSERWIS and cookies installed by third parties based on your consent as well as on the option to withdraw your consent, see the Cookies Policy. CONSENT
The personal data are processed on the basis of the voluntarily granted consent until its withdrawal or (in the case of cookies) until the storage periods for individual cookies specified in the Cookies Policy expire if they expire before the consent is withdrawn.
2. GOOGLE ANALYTICS - the Controller can use Google Analytics or other similar systems from third-party providers on the Web Portal. Google Analytics uses its own cookies to report interactions of users on the websites of clients of Google Analytics (our Websites - Web Portal). For the purpose of operation of the Google Analytics advertising Functions (such as remarketing), Google’s cookies regarding advertisements are used in the Google’s advertising network, e.g. in Ads. For more information on this technology, additional cookies it uses as well as ways to disable this technology, see the websites devoted to security of data published by the developer of this technology on: https://support.google.com/analytics/answer/6004245?hl=pl.
3. UNSOLICITED MESSAGES - the Controller reserves the right to send unsolicited messages understood as information regarding directly its services and services of entities cooperating with it. These messages may contain information regarding services used by the client (e.g. information regarding payments, end of the subscription period, service use) as well as marketing information regarding other services (e.g. promotions, special offers, new services in the offer). The Controller sends such messages once a month on average. In exceptional cases (e.g. need to notify of important changes in provided services), the messages may be sent more frequently.
4. PROVISION OF SERVICES:
In case of use of www.mserwis.pl:
MSERWIS processes your personal data to take actions, on your request, aiming at conclusion of the contract with MSERWIS or when it is required to perform an already concluded contract which, in practice, entails the possibility of:
  1. conclusion of hosting service contracts;
  2. conclusion of programming service contracts;
  3. conclusion of contracts regarding provision of SSL certificates.

In case of use of www.domeny.tv:
MSERWIS processes your personal data to take actions, on your request, aiming at conclusion of the contract with MSERWIS or when it is required to perform an already concluded contract which, in practice, entails the possibility of:
  1. conclusion of domain registration service contracts;
  2. conclusion of domain maintenance service contracts;
  3. conclusion of hosting service contracts;
  4. conclusion of contracts regarding provision of SSL certificates.

In case of use of www.certyfikaty24.pl:
MSERWIS processes your personal data to take actions, on your request, aiming at conclusion of the contract with MSERWIS or when it is required to perform an already concluded contract which, in practice, entails the possibility of conclusion of contracts regarding provision of SSL certificates.
CONCLUSION/PERFORMANCE OF THE CONTRACT
The data are processed for the purpose of conclusion of the contract with MSERWIS or when it is required to perform an already concluded contract (Article 6(1)(b) of GDPR).

The personal data are processed in connection with performance of the contract as long as you are in commercial relations with MSERWIS.
5. REPORT HANDLING - sending of reports to MSERWIS via electronic mail or contact forms available on MSERWIS’s websites.
6. POSSIBILITY TO CREATE AN ACCOUNT - Creating an account on the Web Portal.
7. LEGAL OBLIGATIONS - your personal data will be processed in connection with performance of legal obligations arising from the law, including but not limited to obligations resulting from tax regulations, Accounting Act, Act on Electronic Services, Civil Code. LEGAL OBLIGATION

MSERWIS processes your personal data to perform the legal obligation imposed on MSERWIS (Article 6(1)(c) of GDPR).

Personal data processed under the law are processed for the period specified in the law.
8. PREFERENCE PROFILING - data obtained when you use the services, including websites administered by MSERWIS, can be used to profile users’ preferences, according to the idea of functionality of this type of services / websites (regards, among other thigs, the Clients’ preferences). LEGITIMATE INTEREST

MSERWIS can process your personal data if it is required for the purposes resulting from the legitimate interests of MSERWIS or a third party (Article 6(1)(f) of GDPR).

Personal data processed on the basis of the Controller’s legitimate interest are processed until an objection is filed or until expiry of the period of claims prescription, whichever occurs earlier.
9. MARKETING - MSERWIS processes your personal data also for the purpose of promotion of its own products or products of Trusted Partners, and to better match the services with your preferences.
10. ASSERTION OF CLAIMS - if you fail to comply with the contract concluded with MSERWIS, MSERWIS - under the applicable law - can file claims against you, e.g. for payment for sold goods. If you assert claims against MSERWIS, your personal data will be processed for the purpose of defence against such claims.
11. CONTACT FORMS - you can contact MSERWIS via electronic mail, telephone or online contact forms available on www.mserwis.pl. In such a case, we can process your personal data to communicate with you and review a case initiated by you.
12. ACCOUNTABILITY - we store your data also to ensure accountability, i.e. to prove compliance with the law regarding processing of personal data. Your personal data will be processed for the period required to document compliance with the legal requirements and enable control of compliance by competent public authorities.
13. WEBSITE OPERATION - MSERWIS uses necessary cookies for the purpose of proper Web Portal operation. Use of necessary cookies may entail processing of your personal data the basis of which is a legitimate interest of the Controller consisting in website operation.
14. REPORTING ILLEGAL CONTENT (DSA) - MSERWIS ensures that the content posted on the Portal complies with applicable regulations. Therefore, we can moderate the content you post on the Portal, and we can also transfer your personal data to authorized bodies (e.g. police, courts). This constitutes the fulfillment of legal obligations that rest on us.

III. RECIPIENTS OF PERSONAL DATA

The Controller can make your personal data available only to entities authorised to receive them under the law and/or relevant contracts, including personal data processing agreements. In particular, your personal data may be transferred to entities processing personal data upon the Controller’s instruction, including but not limited to IT service providers, programming service providers, acquirers (e.g. electronic payments), etc. Your data are also transferred to domain registers, domain registrars as well as issuers of SSL certificates for the purpose of performance of such contracts as: registration and extension of domains, hosting, SSL certificates, programming services. Furthermore, the Controller can transfer your data to processors, trusted Marketing Partners/marketing agencies, it being understood that such entities will process the data under a contract with the Controller, transfer of such data is subject to applied security measures and control of the Controller as the personal data controller, and if the data are processed on the basis of a consent, you will be first requested to grant it.

Personal data can be also transferred to third parties when it is required: for the purpose of preparation of an offer, execution of orders or provision of Services, for an additional purpose directly connected with the purpose for which the data were originally made available, for legal reasons or when competent government or court authorities so require to prevent a fraud or other illegal actions.

Your personal data can be transferred to other entities for the purpose of performance of the contract/Service under Article 6(1)(b) of GDPR as well as for the purposes provided for in Article 6(1)(f) of GDPR.

IV. TRANSFER OF DATA TO THIRD COUNTRIES

The Controller declares that it does not transfer the data to any third countries or international organisations (i.e. outside the European Economic Area (“EEA”)) - except for situations resulting from the nature of the given service (e.g. in the case of a domain registration service where the register is located in a third country or is kept by an international organisation). Furthermore, the Controller declares that it does not engage any subcontractors who transfer data outside the EEA unless the nature or specifics of the given service so requires.

If engagement of subcontractors or partners from outside the EEA is required, the Controller declares that it ensures, by means of relevant contracts, that such third parties guarantee a level of protection of processed data adequate to the level resulting from the requirements imposed for the EEA under GDPR.

If you accept cookies installed on the website by third parties, the data collected by means of such cookies may be transferred to third countries according to the information provided in the Cookies Policy.

V. VOLUNTARY PROVISION OF PERSONAL DATA

To the extent your personal data are processed for the purpose of conclusion and performance of a contract with the Controller, providing the data is required to conclude the contract. Providing personal data is voluntary, but refusal to provide them makes conclusion and performance of the contract impossible.

In the case of use of www.domeny.tv and the domain registration service, additional data may be necessary as certain requires require providing such additional data as, for example:

  1. France - https://www.domeny.tv/en/domains/fr - in the case of natural persons, registration of a domain.fr requires specification of the country and date of birth of the subscriber;
  2. Russia - https://www.domeny.tv/en/domains/ru - - in the case of natural persons, registration of of a domain requires specification of the date of birth and sending a scan of a passport containing the data of its holder;
  3. Italy - https://www.domeny.tv/en/domains/it - - in the case of natural persons, number of an identity document must be provided.

Providing personal data for marketing purposes is voluntary, but personal data can be processed for the marketing purposes also on bases other than a consent.

VI. RIGHTS OF DATA SUBJECTS

Under Article 17 of GDPR, you have the right to request erasure of data. The Controller guarantees this right for you and facilitates its exercise, including through the relevant option in the domain administrator panel where you can exercise it automatically.

You can obtain information whether we process your personal data. If so - you can access them to, for example, request their copy. You can also obtain detailed information on, among other things, how your data are processed, for what purpose, to whom they are transferred. If you have not provided the data to the given company/institution yourself - you can also request information regarding how the given company obtained them.

Another right you have is the right to data rectification. If the data are incorrect - you can request their correction.

You can also request erasure or restriction of processing of your data. Obviously, not always. If we have concluded a contract with you, we can process them under the law and your request will be ineffective. If, however, they are processed in breach of the law or there are no grounds to process them - your data should be erased.

If you believe your rights are infringed - you can file a complaint with a supervisory authority proper for protection of personal data.

VII. PERSONAL DATA SECURITY

To protect personal data against accidental or illegal destruction, loss or modification, or unauthorised disclosure or access, the Operator applies technical and organisational security measures (described, for example, in the internal documentation referred to, inter alia, in recital (78) of GDPR, including but not limited to the Personal Data Protection Policy implemented by the Controller).

The actions taken by MSERWIS may prove insufficient if you do not observe the safety rules yourself. In particular, you should keep the Web Portal login and password confidential and not disclose them to any third parties. MSERWIS will not ask you to provide them, except when logging in.

To prevent unauthorised persons from using the Account, you should always log out when you end using the Web Portal.

For more information on the security measures used by us, see here.

The Privacy Policy is effective as of 1.01.2023