Privacy Policy Monterail

Data controller - Monterail Sp. z o. o. with its registered office in Wrocław, at 27-29 Oławska Street, 50-123 Wrocław, Poland, registered with the Register of Entrepreneurs of the National Court Register maintained by the District Court in Wrocław-Fabryczna, VI Commercial Division of the National Court Register, under entry number KRS 0000357415, NIP [taxpayer ID] 778-147-18-20, REGON [enterprise ID] 301447685, share capital: PLN 5.000, contact email: [email protected].

Personal data - all information that we process related to you. For example: first name and last name, email address, payment details etc;

Processing – all operations that we perform on your personal data. This includes e.g.: collecting, storage, updating, sending correspondence, analysing in order to issue an invoice, and erasure;

GDPR  - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/E

We may process your personal data, if:

1. you are our potential or current client or supplier;

2. you are an entity (or you are providing services to an entity), that we want to advertise or sell our services to;

3. you are providing services / work for our client or supplier or to an entity, that uses our services or products developed by us (you act on behalf of them e.g. as their employee, associate, representative);

4. you are interested in actions that we undertake (e.g. as part of contact with media).

Information that we DO NOT collect - children

We do not knowingly solicit personal information of children under the age of 18. We do not knowingly collect personal information of and from children under the age of 18. If we learn that a child under the age of 18 has provided us with personal information without parental consent, we will take steps to delete it.

We may process your personal data received directly from you or from other sources. Therefore your personal data may be processed:

1. If you have provided us with your personal data via various means of communication or via contact forms or registration forms (e.g. by sending us an inquiry / offer, via email, by telephone or via our website, by registering to an event organized by us);

2. If you sign up for our newsletter or download any content from our website;

3. In the case of conclusion or performance of a contract, including in cases when your personal data has been provided to us as contact data for the purpose of proper performance of the above contract;

4. If we have received your personal data from other source (e.g. from an entity that is our contractor / client, during events or from publicly available sources / websites).

The scope of personal data that we process depends on what information you or e.g. your employer provided to us, on the form of contact you’ve chosen and on the information that is vital for a given relationship – it primarily encompasses the content of documents, as well as of our correspondence/communication, along with other information we have obtained from publicly available professional sources regarding our business relations (e.g. industry websites). 

This data in particular includes:

1. first name and last name;

2. information regarding business and professional activity, including work place, work position or department, qualifications;

3. address, phone number, e-mail address, IP number or other contact data (such data may regard your work place or may constitute your personal data, depending on the relationship between you and the person (natural or legal) which you work for;

4. information provided directly by you when contacting us by telephone, email, through our website, via our social media or otherwise and also information provided by you e.g. in contact or register form (e.g. date of contact, duration of our conversation, communication history, e-mail content, audio record of our phone call if you were informed in advance about such recording).

Therefore, we obtain the above personal data directly from you or from other people, e.g. from your employers/clients or from public sources.

We may process your personal data under the following circumstances:

1. When you use contact or registration forms or other means of communication in order to estimate our services 
   
   If you contact us using our contact forms or any other means of communication, including registration forms for events organizes by us, we collect your name and email address and other personal data that you provided us with e.g. work place, work position etc. We store your data along with the message you sent us, information about the type of your project (in case you provided it), and the content of our communication (e.g. chat history, e-mail content, audio recording of our phone call if you were informed in advance about such recording).
   
   We process the above information in order to respond to your inquiries, enable you to participate in an event organized by us, improve our communication and the quality of customer service, as well as to promote our services and conclude an appropriate agreement for the provision of services with you or your employer or other person for whom you work.
   
   The legal basis of our actions depends on the context of our communication. If these are only general inquiries or conversations, or if you represent another entity/person the legal basis for such processing will be our “legitimate interest” (results from the purposes indicated above – Art. 6(1)(f) GDPR).
   
   However, if such inquiry leads to the conclusion of the agreement with you, including to enable you to participate in an event organized by us, the legal basis for such processing will be “taking steps at the request of the data subject prior to entering into a contract” (Art. 6(1)(b) GDPR).
   
   

2. When you are our client or contractor
   
   Once we have concluded a relevant contract, we may collect information necessary for the proper performance of this contract such as data on settlement of any due fees, on how you use our services and on the process of execution of our contract, and also our possible communication. 

   The purpose of processing the above mentioned data and the legal basis as well, is proper implementation of the agreement (Art. 6 (1)(b) GDPR) and compliance with a legal obligation to which we are subject to e.g. tax obligations (Art. 6(1)(c) GDPR).
   
   Regardless of the above, if you give us specific consent, we may process your image (photo provided by you or via public websites e.g. Linkedin) by publishing it on our website or in our social media along with your first name and last name, name of work place and sometimes your work position and description of such services or cooperation (case studies, testimonials etc.) in order to promote the services already provided to you or to the entity that you work for / which you represent, or to publicly inform about our cooperation. The legal basis for processing the above data is your consent (Article 6(1)(a) GDPR).
   
   

3. When we have obtained your personal data from other sources e.g. your employer
   
   If you haven’t given us your data on your own behalf, for example, you are acting on behalf of our client, supplier or another entity, we process your data in order to process the contact in the context in which you are acting in the name of the third party, as well as for the conclusion and/or processing of a contract with that third party and/or conducting a joint project. 
   
   The legal basis for processing your personal data in accordance with this purpose will be our legitimate interest (Art. 6(1)(f) GDPR) – building and maintaining relations with the third party in whose name you are acting, including the conclusion and performance of relevant contracts with that party, as well as the intention of building a positive image of Monterail.
   
   

4. When you visit our website
   
   When you visit our website (monterail.com), you may grant us with consent to use cookies technology, which allows e.g. for analysing information about how you use our website. We process this data in order to improve the quality of our website, match the content with visitors’ interests, and constantly improve its performance. Some cookies also allow the marketing of our products and services, both within our website and as part of our partners' websites.
   
   The legal basis for using the cookies and similar technologies is your consent, except when their use is necessary for the proper functioning of our website (providing you with electronic services), when the legal basis for such processing will be legal provision (Art. 173(3)(2) of the Telecommunications Law) and respectively – our legitimate interest (Art. 6(1)(f) GDPR).
   
   

5. When you have signed up for our newsletter or you have downloaded any content from our website
   
   We collect your email address if you fill the newsletter box on the bottom of our website, and we use your data only for this particular purpose of sending you our newsletter.
   
   If you want to download some promotional content from our website, in some cases you need to provide us with your email address. Depending on the topic of the content you are requesting, we can also ask you for some additional information, but providing it is always optional.
   
   In such cases we process your data to send you the content you requested and a follow up message regarding the content's topic (or in some campaigns a series of messages). 
   
   The legal basis for processing the above data is your consent (Article 6(1)(a) GDPR).
   
   

6. When we have participated in the same conference or industry event
   
   We may obtain some of your personal data from you during a conference or industry event, in which our representatives took part or we may have obtained them from such event’s organiser. In this case, data from your business card, inquiry or data from list of participants are processed in our database in order to send you information which were interesting for you, respond to your inquiry and to conduct further correspondence / contact in this matter, or in order to thank you for the meeting or participation in an event. 
   
   In such cases the legal basis for processing is our legitimate interest (Art. 6(1)(f) GDPR) or your consent (Article 6(1)(a) GDPR).
   
   

7. When we want to promote our services or build positive image of our company
   
   Regardless of the foregoing, your personal data, that is in particular, your first name and last name, as well as correspondence address and/or e-mail address, can be used by us in order to contact you occasionally (for example, to send holiday season greetings) or to contact you regarding the promotion of Monterail’s products or services. 
   
   The legal basis for processing your personal data in accordance with this purpose will be our legitimate interest (Art. 6(1)(f) GDPR) – maintaining relations and building a positive image of Monterail and marketing of Monterail’s products and services.
   
   Additionally, with regard to the processing of your personal data in order to:

   1. defend against potential claims, as well as for the purpose of potential directing claims, the legal basis for processing of your personal data will be our legitimate interest (Art. 6(1)(f) GDPR);

   2. fulfill the legal obligations of the data controller (e.g. tax, accounting), the legal basis for processing of your personal data will be the necessity for compliance with a legal obligation to which the controller is subject (Art. 6(1)(c) GDPR).

   In any case, we send commercial information on electronic addresses (email, telephone) only upon your prior consent (legal basis).
   
   Your submission of personal data is voluntary, but sometimes it may be necessary for purposes related to our cooperation, e.g. in order to conclude or execute the contract or to respond to your query or to conduct further correspondence. This means that failure to provide data may constitute grounds for refusal to enter into cooperation by Monterail, or to take legal measures to terminate possible contract by Monterail.

Please be reminded, that in any case when the processing of personal data is based on your consent, you may revoke it at any time, without affecting the legality of processing performed prior to such revocation. However, in case of processing your personal data based on our legitimate interest, you may object to such processing.

We process personal data only for the time necessary to achieve the purpose(s) for which it was originally collected, after which it will be deleted, except to the extent that it is necessary for us to continue to process it for the purpose of compliance with legal obligations to which we are subject or for another legitimate and lawful purpose. 

As a rule, personal data processed on the basis of our legitimate interest are processed until the objection to processing or the fulfilment of the purpose for which it has been processed. If you are not our contractor, we store data gathered only in connection with our current communication, depending on the category of each information - for a period of several weeks (some cookies) to the maximum of 3 years (more specific inquires and conversations, which may be important for our future contact).

Data processed on the basis of the consent are processed until its withdrawal or fulfilling the purpose, for which it has been granted.

Data related to the performance of a contract that we have concluded are stored for the duration of the contract and usually for a period of maximum 7 years after its termination, what results from the tax regulations and limitation period of some claims.

The above periods may be extended, as appropriate, in the event of any possible claims and court proceedings - for the duration of these proceedings and their settlement, and also if we are obliged to further processing of such data to meet legal obligations.

Your personal data will only be accessed by duly authorized employees or associates of Monterail, who are obliged to maintain them in secrecy and not to use them for purposes other than those for which Monterail obtained such data, and entities which support us in providing services such as email marketing platforms, IT service providers or contact tools (communicators), legal and consulting services providers, insurance providers.

All these persons and entities have access only to the personal data that are necessary to perform specific actions by them.

It is possible that some of the entities that provide us with solutions may be based outside the European Economic Area (EEA). In each case of data transmission outside the EEA, we apply all required safeguards, including standard data protection clauses adopted pursuant to decisions of the European Commission, we conclude data processing agreements that meet the requirements of the GDPR and in the case of data transmission to the US, we verify the participation of our partners in the Privacy Shield program (more: https://www.privacyshield.gov/) and their compliance with other relevant laws. You have right to access the list of such recipients and a copy of the security measures we apply for the transfer of personal data to third countries by contacting us at [email protected].

We may also be required to provide specific information to public authorities for the purposes of proceedings conducted by them. In this case, any information are provided only if there is a proper legal basis for it.

What are cookies and other similar technologies?

Cookies are small data files that are stored on your device (computer, phone, etc.) when you browse our website. We use cookies and other similar technologies, including pixel tags, to recognise you as a returning user, to improve the quality of our service, to collect statistical data, and also for marketing purposes. We also process them to analyse the popularity and effectiveness of our offers and content. These cookies enable the website to recognise the user's device and display the content accordingly, customising it to the user's specific preferences. 

Cookies usually contain the name of the website from which they originate, the length of time they are stored on your device and a unique number. Cookies can store, among others, the following information: (i) IP address; (ii) unique cookie identifier, cookie information and information about whether your device, as a visitor to our website, has software to access certain features; (iii) unique device identifier and device type; (iv) domain, browser type and language, (v) operating system and system settings; (vi) country and time zone; (vii) previously visited websites; (viii) information about your interaction with our website, such as content you have viewed and the preferences you have indicated; and (ix) access times and referring URLs.

Not all information collected through cookies would be considered personal data under the GDPR. However, if you have provided your personal data to us in the past, for example, by contacting us via a contact form, cookies can sometimes be linked directly to your data, for example, by linking ID numbers in cookies with other information related to you. 

What are cookies and other similar technologies?

We use cookies and other similar technologies in order to ensure that our website works properly and to perform its key functions. 

Notwithstanding the above, depending on the extent of cookie use to which you consent, we may – with your consent – track how visitors use the website to understand their preferences. We also use cookies to obtain aggregated data about site traffic and site interactions, to identify trends and obtain statistics so that we can improve our website. This also enables us to customise the content of our website and to present you with advertisements tailored to your preferences, even off our website. 

We use two types of cookies on our website: session cookies, which remain stored on your device until you leave our website or turn off your software (web browser), and permanent cookies, which remain on your device for the time specified in the parameters of the cookies or until they are manually deleted in your web browser.

We use the following types of cookies on our website:

1. necessary (technical) cookies – they include cookies that are essential for the proper functioning of the website and to enable the website to function properly;

2. preference cookies – they enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in;

3. statistical cookies – they are used to analyse user behaviour within the website, for statistical and analytical purposes (to improve the website performance); they help us achieve our legitimate objectives of improving the way our website works, for example, by ensuring that visitors to our website can easily find what they are looking for;

4. marketing cookies – they are used to analyse the behaviour of our website users in order to match their interests and preferences with the advertising content displayed to them, both on and off our website.

Detailed information on the cookies that we use (including information on their provider, file type, their function and how long they are stored) can be found in the “Manage cookies” or similar section on the cookie banner – you can open it at any time by clicking HERE.

Third-party cookies?

Detailed information on the cookies that we use (including information on their provider, file type, their function and how long they are stored) can be found in the “Manage cookies” or similar section on the cookie banner – you can open it at any time by clicking HERE.

We may also work with other companies in respect of their marketing (advertising) or analytical activities. Cookies from these entities may also be stored on your device for that purpose. These are called “third-party cookies”. 

The aforementioned entities may become controllers of your Personal Data in connection with the use of their cookies on our website. For more information on the cookies of these entities, please refer to their privacy policies. For a list of third-party cookies and the entities that provide them, and information on the privacy policies of these entities, see the cookie banner, which you can open by clicking HERE. 

Managing cookies

You can change the way cookies are used at any time by managing the consents you have given in the privacy settings on our website or in your browser. To do so, you need to change your privacy settings on our website or in your browser. In particular, you may withdraw consent you have previously given, however, this will not affect the lawfulness of any action taken on the basis of your consent before its withdrawal. 

If you wish to manage your cookie consents on our website, we provide a tool for this purpose. Its interface shows all types of cookies with their description and also allows you to decide which types of cookies you accept. You can easily change these settings at any time using the dedicated functionality available under the “Managing cookies” button. It is displayed at the bottom of the page at all times when you use our website. You can also see or manage your cookie settings by clicking HERE at any time.

Most browsers also provide functions for viewing and deleting cookies. Please remember that disabling or blocking certain cookies may prevent or significantly hinder the proper functioning of our website, for example by slowing it down.

Browser producers provide help pages on how to manage cookies in their products. You can find more information below

Google Chrome
Internet Explorer
Mozilla Firefox
Safari (Desktop)
Safari (Mobile)
Android Browser
Opera
Opera Mobile

For other browsers, please consult the documentation that your browser manufacturer provides.

The data controller of your personal data is Monterail Sp. z o.o. with its registered seat in Wrocław.
Address: 27-29 Oławska Street, 50-123 Wrocław, Poland
Contact e-mail address: [email protected]
Data protection officer – Mateusz Borkiewicz. Direct contact to DPO: [email protected]

Please note that the instructions given below are only a recommendation, not a requirement.

1. Access to your personal data
   You may ask us at any time for access to your personal data, in order to check what data about you we process and to obtain detailed information regarding:

   1. whether we are processing your personal data,

   2. for what purpose,

   3. what categories of data we are processing,

   4. who is the recipient of your data,

   5. what is the planned duration of processing (if possible), and if we are not able to say, the criteria for determining that duration,

   6. if the personal data has not been given by you – all available information about the source of the data.
      
      

2. Right to rectify the personal data

   If, in your opinion, information about you is or has become inaccurate or incomplete, you have the right to demand that data is rectified or made complete.
   
   

3. Right to erasure of the personal data
   In certain situations, GDPR gives you the “right to be forgotten.” You can invoke this right if we are still processing your personal data, particularly in the following cases:

   1. the personal data is no longer vital for the purposes for which it was collected or otherwise processed;

   2. you revoked consent to the processing of personal data and there is no other legal basis for continuing to process it;

   3. you object to the processing of your personal data when there are no overriding, legitimate grounds for processing;

   4. you object to the processing of your personal data for marketing purposes;

   5. your data is processed in a manner that violates the law;

   6. the law requires that we erase your data.
      
      

4. Right to restriction of processing

   You can demand that we limit processing of your personal data when:

   1. you question the correctness of personal data we are processing – for a period of time that allows us to determine the correctness of that data;

   2. the processing of your personal data violates the law, but you prefer that processing be restricted rather than the data be erased;

   3. we no longer need your personal data for the purposes of processing, but you need it for establishing, pursuing, or defending legal claims;

   4. you have objected to the processing of your personal data – only until the dispute has been resolved.

   Effective submission of a request for restriction of processing personal data, will limit the actions taken by us on the data indicated by you and in the scope of particular operations/purposes to necessary minimum - basically only to storage.
   
   

5. Right to data portability
   

   You have the right to receive your data in a commonly-used format that can be read by a computer, and also to have your data sent to another data controller.
   
   You may invoke this right, if:

   1. processing is done on the basis of your consent or a contract; and

   2. processing is done in an automated manner.
      
      

6. Right to object

   In certain situations, you have the right to object to some operations we perform on your personal data. You may invoke you right:

   1. when processing of your personal data is based on Article 6(1)(e) GDPR that is, when processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Monterail, including profiling, on grounds relating to your particular situation;

   2. when processing of your personal data is based on Article 6(1)(f) GDPR that is, when processing is necessary for the purposes of the legitimate interests pursued by Monterail or by a third party, including profiling, on grounds relating to your particular situation;

   3. when personal data are processed for direct marketing purposes, at any time and to the extent that it is related to such direct marketing;

   4. when we process your personal data for purposes related to scientific or historical studies, or for statistical purposes, on grounds relating to your particular situation.

   Remember, however, that when despite of your objection we conclude that there are important, legitimate grounds for processing that override your interests, rights and freedoms, or the basis for establishing, pursuing or defending claims, we will continue to process your personal data encompassed by the objection. If you disagree with such an assessment of the situation, you can exercise your right to file a complaint with the relevant public authority (more information below).
   
   

7. Complaints to the relevant public authority
   

   In connection with our actions as the data controller of your personal data, you have the right to file a complaint to the relevant data protection authority.

   If you would like to file a complaint to the data protection authority, you can find list of local authorities responsible for data protection across the EU and their contact details at: https://edpb.europa.eu/about-edpb/board/members_en. 

   In Poland this function is performed by President of the Personal Data Protection Office (PUODO). A detailed description of the complaint procedure is available on the website maintained by PUODO at: https://uodo.gov.pl/pl/83/155.