Privacy Policy
We aim to process your data securely
1. Introduction
This policy applies to all processing of personal data carried out by Oxido Marek Jeleśniański (hereinafter referred to as “Oxido”) and aims to inform you about how we process personal data (including details of the type of personal data collected and the purpose of processing) and about your rights in relation to your personal data.
Oxido is a company registered in Poland, European Union. It may be referred to as “we”.
By “Sites” we mean any websites owned by Oxido. Whenever we refer to Oxido’s services we mean any products or services offered by Oxido, through the Sites or by different channels.
You may be hereinafter referred to as “user”.
Using the Sites signifies your acknowledgment and acceptance of Oxido’s Privacy Policy and, if applicable, terms and conditions. Similarly, by completing the request for services or providing personal data in any manner, you agree to this Privacy Policy, and service’s terms and conditions.
2. Contact
In case you have any questions about the Privacy Policy, you can contact Oxido using the form or also by sending an email message to: gdpr@oxido.pl.
We kindly ask you to direct any requests concerning personal data processing through the same means. Additionally, we’d like to remind you that every newsletter contains an “unsubscribe” option, which, when used, will immediately stop the delivery of that bulletin.
3. Data collection methods
In accordance with the current regulations on the protection of personal data, especially:
-
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR),
- Switzerland’s new Federal Act on Data Protection (nFADP),
- The California Consumer Privacy Act (CCPA), Assembly Bill No. 375,
- The Virginia Consumer Data Protection Act (VCDPA),
- Australian Privacy Act No. 1988 (APA),
- Canada’s Anti-Spam Legislation (CASL) & Personal Information Protection and Electronic Documents Act (PIPEDA),
Oxido collects personal data when you:
-
- complete the forms on any of the Sites;
- make an order or establish any sort of agreement;
- subscribe to the newsletter or register on event (for example, webinar);
- post a comment or upload the image;
- respond to a survey;
- fill out a paper form or give us a businesd card;
- send an e-mail or a letter, as well as communicate by telephone or in any other way.
Additionaly, Oxido may process personal data that are publically available or data received from another entity, but only under proper legal basis, according to GDPR and other regulations.
4. Data collected and user responsibilities
Oxido collects information mainly when you visit the Sites, and primarily by completing its registration forms. When you fill out the form, you will have full control over the scope of data made available to Oxido.
Generally, when we ask for personal data to use a service, providing it is not obligatory, except in cases where it is specifically indicated as necessary for the service. In such cases, you may freely choose not to register and/or not to use the services.
By providing personal data to Oxido, you fully and unreservedly accept its processing by Oxido. You give your free, express, and informed consent for Oxido to use the data collected for the purposes indicated in Section 5 and for its incorporation into Oxido’s databases.
You declare and guarantee that all the data provided is accurate and commit to keeping it updated. Please inform us of any changes (contact details are in Section 2).
Moreover, you acknowledge that the data required by Oxido is necessary, adequate, and not excessive to carry out the purposes expressed in Section 5 hereof, which would be impossible to fulfill if said data were not provided.
Any misrepresentation or inaccuracy that occurs as a result of the information and data provided, as well as the damage that such information may cause, shall be the responsibility of the user.
When Oxido receives data from another entity or process data publically available, the typical information collected pertains to the data subject’s professional activities. This include: the name, surname, email address, telephone number, position, company name and potentially other data (for example, in accordance with the agreement under which the personal data is being provided).
5. Purpose of collecting personal data
The personal data requested from the user will be used for the following purposes:
-
- In case of contracting services, to create and maintain the business relationship, to conduct activities, and to provide the services of Oxido (including, without limitation, the management, administration, provision and improvement of the services).
- To process orders and transactions, to prepare and send you invoices, and to fulfill legal obligations to which Oxido is subject, such as tax obligations.
- To enforce agreements, and terms and conditions of services.
- To provide support and resolve disputes.
- To create and manage user accounts.
- To send you information and updates related to your inquiry or services (including information and updates on related services as well).
- With additional consent: to send newsletters, as well as commercial communications, promotions and/or announcements from Oxido, occasionally or periodically.
- To conduct surveys or receive testimonials and feedback.
- To personalise the user experience by enhancing our ability to respond to your needs.
- For advertising, including targeted advertising.
- To improve Sites and services’ offering, based on Oxido’s legitimate interest in constantly improving our services.
The data subject to processing shall not be used for purposes other than or incompatible with those mentioned above and which motivated their collection. Notwithstanding the above, it is hereby stated that the recorded data may be used, in addition to the purposes for which they were expressly collected, for the purposes of statistics, incident management or carrying out market research.
If we want to use your data for a different reason, we’ll ask for your consent first. We will only use it in the way you agree to, unless the law says otherwise. In exceptional situations, we may process personal data without your consent, but only when it is necessary to protect a legitimate interest and it does not violate your fundamental rights and freedoms.
We remind you that at any time you can object to receiving commercial messages from Oxido (including unsubscribing from the newsletter). We will stop sending them as soon as possible after receiving your request. To do this, follow the instructions at the end of each newsletter or contact us (contact details are in Section 2).
6. Data usage and retention
We will use the information about you for the purposes mentioned in Section 5, either directly by Oxido or with data processors (more information in Section 7).
Your data may be used for profiling to deliver personalized commercial or marketing content (aligned with your interests and professional activities). However, your information will not be used for automated decision-making processes.
The data will be deleted or archived when it is no longer strictly necessary or relevant for the purposes described in Section 5.
We will retain your personal information for 24 months if your account remains idle or you are inactive. We will also keep it for as long as necessary to fulfill the purposes for which it was collected. In particular, we will store your personal data for the duration of our business relationship and until any related obligations or issues are resolved, unless you ask us to delete it earlier (however, to data deletion other rules apply that may cause our refusal – more information in Secion 9).
7. Data sharing
Oxido will keep collected personal data private and confidential, and will not use it for purposes other than those set out in Section 5 hereof. When providing access to Oxido’s databases, we mandate that both our employees and third parties servicing us sign confidentiality and personal data processing agreements. Alternatively, such obligations are included in the service agreements we sign with these providers (details below).
The personal data collected by Oxido will not be transferred, sold, exchanged, transmitted, or communicated to third parties outside of Oxido without your consent, except for legal obligations or for the purpose of providing you with the services. This exclusion applies to employees and service providers who enable Oxido to keep the Sites operational and fulfill the objectives set out in Section 5 of this document. These individuals and entities have committed to maintaining the confidentiality of the data provided and to comply with applicable regulations on the protection of personal data at the time of contracting. Contracts with service providers specify the purpose, scope, content, duration, nature, and objectives of data processing, the type of personal data, the categories of data subjects, and the obligations and responsibilities of both Oxido and the contracted third parties.
Oxido may share the personal information provided with affiliates, subsidiaries, related companies and/or intermediaries associated with us. Oxido may share personal data internally within Oxido, with departments like administration, marketing, or IT.
** Social Networks.** Oxido also uses social networks, such as Facebook, Instagram and LinkedIn, and we have integrated functions of these networks into its services. In particular, the Sites may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
You can only use all of the features of these social networks if you are registered on them and have accessed the corresponding social network with your user account. Social networks have their own privacy policies and terms and conditions, over which Oxido has no interference or control. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content
Lastly, you should be aware that Oxido may (and reserves the right to) disclose your information in the following cases:
-
- if required by a judicial or administrative authority;
- if necessary to exercise your rights under Oxido’s terms and conditions and this Privacy Policy;
- if necessary to comply with the law;
- if such data may be useful for the protection of the rights of third parties;
- if it is useful for the protection of the rights, property or safety of Oxido, its controllers, subsidiaries, affiliates, directors, managers, employees, users or the general public;
- and if there are well-founded reasons relating to public safety, national defence or public health.
8. Security measures
Oxido commits to adopting the necessary technical and organisational measures to ensure the security, integrity and confidentiality of the data in accordance with the provisions of GDPR ,CCPA, PIPEDA-CASL, VCDPA ,APA and nFDPA Swiss in order to prevent its tampering, loss or unauthorised processing.
Oxido does not guarantee absolute privacy when using the Sites, as there are several possibilities for unauthorized entities to obtain information about you. You acknowledge that no security measures are entirely foolproof and that even when all reasonable security precautions are taken, it is possible to suffer manipulation, destruction and/or loss of information. In the event that a security incident is detected and entails a significant risk to the data owner, it will be promptly reported to the competent control authority, together with the corrective and remedial measures implemented and/or to be implemented.
Oxido is not responsible for the loss or deletion of data by users. Similarly, Oxido accepts no responsibility for possible damage caused by computer viruses, especially when the user’s device is infected.
Additionally, it’s essential for you to take measures to safeguard your personal data. Oxido strongly recommends taking precautions while being online. At a minimum, consider changing your password regularly, incorporating a mix of letters, numbers, and special characters. Ensure you’re using a secure browser.
Oxido employees involved in data processing are trained to ensure the best possible protection of personal data and the rights of data subjects.
9. Data owner rights and procedures
The data owner may at any time exercise the rights of access, rectification, cancellation, opposition, limitation of processing, portability, confidentiality and deletion of his/her personal data, in accordance with the provisions of Articles 15 et seq. of the GDPR, the provisions of the CCPA, the provisions of the PIPEDA-CASL, the provisions of the VCDPA, the provisions of the APA, the provisions of the nFDPA, as applicable.
You can exercise your rights by sending an email (address provided in Section 2), or through any other methods outlined in the relevant regulations mentioned earlier. To verify your identity, Oxido may ask for additional information.
Data deletion will not be executed where it may cause damage to the legitimate rights or interests of third parties, or where there is a legal obligation to retain the data. Additionally, we may refuse to erase your data if the processing is required for the establishment, exercise or defence of legal claims.
10. Links to third parties
The Sites may contain links to third-party websites, whose privacy policies are distinct from Oxido’s. The linked third-party websites are not affiliated or associated with Oxido, and their inclusion does not imply any endorsement, invitation, or recommendation to visit them. Oxido is not responsible for the content, use, and activities of these linked sites, or for any actual or potential, material or moral, direct or indirect damages suffered by you, arising from the information contained in such sites or the relationships you may establish with third parties
Notwithstanding the above, any feedback regarding these linked websites is valuable to Oxido as we aim to enhance our services and ensure the integrity of the Sites. We are committed to diligently working to prevent the inclusion of links to websites with illegal content.
You can recognize Oxido’s Sites by the appropriate note in the footer.
11. Cookies
When you visit the Sites, Oxido may store certain information on your computer in the form of a “cookie” or by using similar technology. The Sites use cookies to:
-
- manage your session,
- track advertising,
- collect traffic data (including statistics),
- and improve the user experience when using the Sites.
Please be aware that while it is not mandatory to permit the installation of cookies from the Sites during general browsing, some cookies might be essential for the Sites to function correctly (and might load by default if your browser has not entirely switched off its acceptance). Additionally, your consent to use cookies might be required for certain features or services not described as necessary.
You can delete cookies from your computer’s hard drive, block them using your browser, or not give consent when asked about their use (lack of consent will not block essential cookies). You can also opt out of selected cookies at any time using the appropriate widget available on each of the Sites. The widget contains information about the cookies used.
Oxido reserves the right to use the services of third parties to analyze and understand (in general terms) the users of the Sites. These third parties are prohibited from using the collected information for any purpose other than enhancing Oxido’s services.
Cookies are files of information that a website (or a provider of certain services included on the website, like social network) sends to the user’s computer hard drive through a browser. By themselves, cookies can’t identify the user personally (though they might store the user’s IP address). They allow the website or service to recognize the user’s browser, and capture and store specific data (like the user’s operating system, the domain name from which the user enter the website, session ID, and more).
12. Policy updates
This is the current version of the Oxido Privacy Policy, updated on September 9, 2023.
Oxido may, at any time and without notice, modify this Privacy Policy. Such modifications will be operative as of their publication on the Sites or when you are notified about them by any means, whichever occurs first.
You are encouraged to periodically review this policy to stay informed about its terms.
13. Information for California users
This section supplements the information contained in the rest of the Privacy Policy. The provisions in this section apply to all users who are consumers residing in the state of California, United States of America, in accordance with CCPA. For such consumers, these provisions supersede any conflicting provisions in the Privacy Policy.
This section uses the term “personal information” as defined by the CCPA.
In this section, we summarize the categories of personal information we collect, disclose, or sell (the definition of “selling” is provided below). Please note that detailed information on the processing of personal data can be found throughout this document (including different sections).
The categories of personal information we collect
We collect the following categories of personal information about you: information from the Internet. We will not collect additional categories of personal information without notifying you.
How we collect information
We collect the above categories of personal information directly from you or indirectly when you use the Sites or Oxido’s services. This includes information you provide directly (for example, when you contact us through any forms on the Sites), information collected automatically when you browse the Sites, and information from third parties associated with the Sites’ operations.
How we use the information we collect: sharing and disclosing your personal information with third parties for a commercial purpose
We may disclose the personal information we collect to third parties for commercial purposes. In such cases, we ensure that the third party maintains the confidentiality of the information. We may also disclose your personal information when you explicitly request or authorize us to do so.
Selling your personal information
For the purposes of this section, the word “sale” means any “sale, rental, release, disclosure, dissemination, making available, transfer or communication orally, in writing, or electronically, of personal consumer information by the company to another company or to a third party, for monetary or other valuable consideration.”
Your right to opt out of the sale of personal information
You have the right to opt-out of the sale of your personal information. This means that whenever you ask us to stop selling your data, we will comply with your request. Such requests can be made freely, at any time, without any verifiable request.
To exercise this right, click on the “Do not sell my data” link in the appropriate widget placed on the Sites or contact us (contact details can be found in Section 2).
Purposes for Using Your Personal Information
Please refer to Section 5 of this document for detailed purposes. We will not use your personal information for different, unrelated or incompatible purposes without notifying you.
Your California privacy rights and how to exercise them
You have the right to request details about the personal information we collect, the purposes for which we use it, and with whom we share it. The disclosure described above will be limited to personal information collected or used over the past 12 months. We will deliver our response electronically and the enclosed information will be “portable”, i.e. delivered in an easily usable format to allow you to transmit the information to another entity without hindrance – provided this is technically feasible.
You have the right to request the deletion of your personal information, subject to exceptions provided by law (such as, but not limited to, where the information is used to identify and repair errors in the services or Sites, to detect security incidents and protect against fraudulent or illegal activities, to exercise certain rights, etc.).
How to exercise your rights
To exercise your rights, contact us using the details provided in Section 2. We will need to verify your identity before processing your request. You can submit up to 2 requests in a 12-month period.
If you cannot personally submit a verifiable request, you may authorize a person registered with the California Secretary of State to act on your behalf. If you are an adult, you may make a verifiable request on behalf of a minor under your parental authority.
Response time and processing
We will confirm receipt of your request within 10 days and aim to respond within 45 days. If we require more time, we will inform you. We may take up to 90 days to fulfill your request. If we deny your request, we will provide an explanation.
Our disclosure(s) will cover the previous 12 month period.
We do not charge a fee to process or respond to your request unless it is excessive or unfounded. In such cases, we may charge a reasonable fee or refuse the request, informing you of our decision.
14. Our community sites
This section supplements the information in the Privacy Policy and is specifically for users of our Sites that function as community and/or news websites, including blogs, hereafter referred to as “Media”.
Comments (including posts on the forums)
When you leave comments within the Media we collect the data shown in the comments form. This includes your IP address and browser user agent string to assist in spam detection. (Comments may undergo automated spam detection.)
An anonymized string (hash) created from your email address may be sent to the Gravatar service to check if you’re using it. The Gravatar service’s privacy policy can be found at https://automattic.com/privacy/. Once your comment is approved, your profile picture becomes publicly visible next to your comment.
Regarding content publishing, additional rules apply. Failure to adhere to these rules will result in the refusal to publish the comment, its editing, or removal.
Images published on Media
If you upload images to the Media, avoid including embedded location data (EXIF GPS). Other visitors can download and extract this location data from images.
Data retention
Comments and their associated metadata are stored indefinitely. This allows us to automatically recognize and approve subsequent comments without placing them in a moderation queue. It is also necessary to secure our legitimate interest to offer great quality of services (for example, to make the discussion complete).
For users who register on our Media (if applicable), we store the personal information provided in their profile. Users can view, edit, or delete their personal information at any time, but cannot modify their username. Media administrators have the ability to view and edit this information.