from May 25, 2018, all entities processing personal data in UE are required to apply Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals about the processing of personal data and the free movement such data and repealing Directive 95/46/EC (hereinafter "GDPR"). The same provisions also apply in the territory of the United Kingdom, where the Data Protection Act 2018 adapts the GDPR for the UK context.
ICEO respects the Users' right to privacy and declares that it makes every effort not to collect any data except those necessary for the proper functioning of the ICEO Website or those whose collection is aimed at increasing the usefulness of the ICEO Website.
In the interests of the security of your data, we have implemented procedures to prevent a breach of their security and are by applicable law, in particular with:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals about the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC;
- The Personal Data Protection Act of May 10, 2018 (Polish Journal of Laws of 2019, item 1781, as amended);
- Act on the provision of electronic services on July 18, 2002 (Polish Journal of Laws of 2020, item 344, as amended);
- Data Protection Act 2018 (UK 2018 CHAPTER 12).
The administrator attaches the utmost importance to the protection of the privacy and confidentiality of your data and with the utmost care selects and applies technical and organizational measures to ensure their proper protection. ICEO protects your data against disclosure to unauthorized persons, loss, destruction, or unauthorized modification, as well as against their processing in violation of applicable law.
On what basis do we process your data
Thus, we process your data for the following purposes and on the following grounds:
- By concluding a contract with us on our behalf - we process your data to the extent necessary to conclude and perform this contract. Without it, we would not be able to provide you with the service, and you would not be able to use it. Failure to provide such data will prevent us from concluding and performing the contract (legal basis: Article 6 sec. 1 (b) of the GDPR);
- By concluding a contract with us on behalf of and for the benefit of a legal person or organizational unit without the legal personality that you represent (hereinafter: "Organization") - we process your data based on a legitimate interest within the meaning of Article 6 sec. 1 (f) of the GDPR, which is the implementation of our rights and obligations under this contract. Without this, we would not be able to provide the Organization you represent, and the Organization would not be able to use it;
- By providing your data to make contact with us - we process your data based on a legitimate interest within the meaning of Article 6 sec. 1 (f) of the GDPR, which is the implementation of our rights and obligations under this contract, including contacting you that you requested;
Legitimate interests under Article 6 sec. 1 (f) of the GDPR. Such legitimate interests are in particular:
- establishing the contact requested by you,
- ensuring the security of the service,
- making statistical measurements, improving our services, and adjusting them to the needs and convenience of users (e.g. personalizing content in services),
- conducting direct marketing or promoting our services, for marketing purposes and to adjust the content of our websites, we can also analyze the content that has been launched or displayed on the pages you have visited and the method of launching or displaying them,
- pursuing or securing claims or defending against them.
- Processing is necessary to comply with legal obligations (legal basis: Article 6 sec. 1 (c) of the GDPR).
What data do we collect and process
To be able to conclude and perform the contract with you or the Organization you represent, and thus provide services by us, we require you to provide the following personal data:
- Identifying information - including name and surname that we use to contact you and - in the case of concluding a contract with us for the provision of services provided by us - to verify your identity.
- Contact details - including your telephone number, e-mail address, and other communication channels that you use to contact us for further information. We use them to verify you as our user and to contact you for a variety of reasons depending on the purpose.
ICEO can also collect the following categories of data:
- Device information - including information about your devices or browsers that indicate your behavior on the Internet or the way you use devices. Information about your devices is collected by the ICEO Website, and information about your browsers is collected by our cookies, tags, and pixels. This is often required for network security reasons. This includes, inter alia, IP address, date and time of entering our website, time of stay, amount of data transferred, referring URL (in the case of switching to our website from another website or via an advertisement), pages visited on our website, type of your browser (language and software version), browser add-ons, device identifier, and features, device type and version, operating system.
How we collect your data
By concluding a contract with us on your behalf or behalf of your Organization - we receive your data directly from you during the conclusion of the contract.
By providing your data to make contact with us - we receive your data directly from you when you provide it in the contact form on our website.
Recipients of personal data
The recipients of your data may be:
- entities providing services that ensure appropriate technical and organizational solutions for the Administrator (e.g. IT service providers, entities providing maintenance services);
- entities providing legal services, in the event of the need to pursue due claims (including courts or enforcement authorities) or financial services (e.g. banks);
- entities authorized based on generally applicable legal provisions;
- entities authorized to carry out inspections, supervision, or audits, including the Administrator's bodies or certifying entities.
As we deem appropriate, we will attempt to notify you of legitimate requests to disclose your data, unless prohibited by law or a court decision, or if the request is urgent. We may contest such requests if we believe they are too broad, inaccurate, or illegal.
How long do we keep the data
Data storage period
If you decide to withdraw your consent to the processing of your data by us or request their removal, all your data held by ICEO will be deleted, except for the data needed for ICEO to fulfill its legal obligations under the law and to comply with statutory limitation periods. They will not be removed, but only minimized to the necessary extent. These data will be stored for the period specified by tax regulations and financial reporting regulations, and in the scope of investigation or security against claims, no longer than until the end of the calendar year in which the longest possible period of limitation of potential claims under civil law contractual liability expires under the applicable provisions of law or tort related to cooperation with ICEO.
Withdrawal of consent. For future data processing, you can withdraw your consent at any time - in cases requiring consent to the processing. However, this does not affect the lawfulness of data processing based on the consent granted before its withdrawal. In some cases, we may continue to process your data after you withdraw your consent, if we have a different legal basis or if your withdrawal was limited to certain processing activities.
Right of access. You have the right to obtain (i) confirmation as to whether we process your data, and if so, (ii) more detailed information about this data. More detailed data include the purposes of the processing, categories of data, potential recipients, or the storage period.
Right to rectification. You have the right to rectify incorrect data concerning you. If the data processed by us is not correct, we will correct it without undue delay and notify you of the correction. Note: (i) a lot of data can be corrected in the settings.
Right to erasure. You have the right to delete the data we store about you. Removal of data may limit or prevent the use of the System.
Right to data portability. You have the right to (i) receive a copy of your data in a structured, commonly used and machine-readable format, and (ii) send this data to another data Administrator without obstruction on our part.
Right to object. You have the right to object at any time to the processing of data, the legal basis of which is our legitimate interest. This also applies to profiling based on these provisions. You also have the right to object to the processing of data for marketing purposes.
Right to restriction of the processing. In the following cases, you have the right to limit the processing of your data by us: you think that the processing of your data is unlawful, but you do not want to delete it; you still need the data to establish or pursue legal claims or defend against such claims; or you have objected to the processing.
Exercising your rights. To exercise the rights, as well as in the event of questions regarding the privacy rules and the processing of personal data, the Administrator should contact the following way:
- i. at the email address: [email protected]
- ii. in writing by sending correspondence to the following address: ICEO LAB LTD, Office 407b, 182-184 High Street North, E6 2JA London
However, we reserve that any such request, motion, or objection will be verified by us in advance by the applicable provisions on the protection of personal data. These rights are not absolute, the provisions provide for exceptions to their application.
Right to complain. You also have the right to complain with the relevant authorities if you believe that the processing of your data violates the provisions of the GDPR. The action should be brought, in particular, in the Member State of the person's habitual residence, place of work, or place of the alleged infringement. In the case of the territory of Poland, it will be the President of the Office for Personal Data Protection. For the UK it will be the Information Commissioner's Office. For Estonia, it will be Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate).
Transferring your data to countries outside the European Economic Area
Your data may be transferred outside the European Economic Area (EEA) to entities that meet an adequate level of protection, through:
- cooperation with entities processing personal data in countries for which a relevant decision of the European Commission has been issued.
- use of standard contractual clauses issued by the European Commission.
Processing of data in an automated manner
Your data will be processed in an automated manner (including in the form of profiling), however, it will not cause any legal effects to you or similarly significantly affect your situation.