Privacy policy and data protection

Our Users, Customers and Contractors are particularly important to us. For this reason, Sales&More guarantees high standards of privacy and protection of personal data processed on the website, www.salesmore.pl, and within the scope of the services provided and the business relationships established. We ensure that personal data is secure and that data subjects can exercise the rights to which they are entitled.

Taking into account the above and the requirements of legal regulations, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU, L 119, 04.05.2016) (hereinafter referred to as GDPR), this Privacy Policy is adopted by “Sales&More” S.A. to ensure the security of personal data.

This Privacy Policy specifies:

  • the principles for the processing and protection of personal data provided by Users, i.e. all persons using the website and other related sites, communications and services,
  • the principles for the processing of personal data provided by Clients and Contractors, i.e. all persons who use the services provided by the ADO or cooperate with it in the provision of these services.

The administrator of the personal data contained on the website is ‘Sales&More’ Spółka akcyjna with the registered office in Warsaw, 7 Bednarska Street, 00-310 Warsaw, entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court for the Capital City of Warsaw in Warsaw, XII Economic Division of the National Court Register under KRS number: 0000307674, NIP number: 5213486940 , REGON number: 141342719 (hereinafter referred to as the Administrator or ADO).

The Company has appointed a Data Protection Inspector, in the person of Agnieszka Bartkowiak-Kaczmarek, who can be contacted, in all matters related to the processing of personal data, at e-mail address: iod@salesmore.pl, by postal mail, at: 7 Bednarska Street, 00-310 Warsaw, Poland, or by telephone at +48 607 895 464.

To the extent necessary for the User to use the website and other related websites, communications and services, and to the extent necessary for the Administrator to take action at the User’s request, the processing of personal data is carried out on the legal basis for processing which is Article 6(1)(b), in order to operate the services, websites, communications and services offered.

For the rest, the provision of personal data by the User is voluntary and therefore based on the legal basis for processing which is Article 6(1)(a) of the GDPR, carried out for the purposes, indicated in the selection options, when the User first accesses the website www.salesmore.pl.

However, the extent of the consent given by the User for the processing of his/her personal data will affect the extent of access to the content and services offered by us, so the User must be aware that, when selecting the minimum option, he/she will not be able to take full advantage of certain products or services, offered by the Administrator.

I. USER CONSENT

By using the website, the User accepts that ADO collects, uses and shares non-personal and personal data in accordance with this Privacy Policy. However, the User has control over how their data is used and shared, as detailed in Section V of this Privacy Policy, entitled ‘User Rights’.

Where personal data is processed based on the User’s consent, the User has the right, at any time, to withdraw the consent previously given, but without affecting the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.

In the event that there is a change to this Privacy Policy and the User continues to use the website, such action shall be deemed to be acceptance of its new terms.

II. PERSONAL DATA PROCESSED BY THE CONTROLLER

  1. how personal data are obtained

a. Personal data obtained directly from the User

The Administrator obtains personal data in two ways. The first way is to obtain personal data directly from the User, by:

  1. sending a message by the User, thanks to the contact form made available on the site,
  2. creation of an account on the site by the User,
  3. using services and products offered by the Administrator,
  4. User contacts the Administrator to obtain technical assistance.

b. Personal data obtained from other sources

The Administrator also obtains personal data from sources other than directly from the User, i.e.:

  1. by recording the User’s use of the Administrator’s products and services through cookies and other technologies and receiving error reports or usage data from software running on the User’s device,
  2. from data brokers, from whom the Administrator purchases demographic data in addition to the data collected on its own,
  3. from service providers who provide the Administrator with information on the location of Users based on Users’ IP addresses,
  4. from partners with whom Administrator offers products and services or conducts joint marketing activities,
  5. from publicly available sources, such as publicly accessible registers or public domains where User data is made available.
2. Personal data processed by the Administrator

The scope of personal data collected by the Administrator concerning Users, Customers and Contractors may vary depending on the purpose of the processing of personal data.

Among others, the Administrator collects the following personal and non-personal data:

  1. Login name,
  2. Name and surname /name of the company /name of the entrepreneur or the names of the entrepreneurs in the form of a civil partnership,
  3. Address for correspondence,
  4. Website address,
  5. Telephone no,
  6. E-mail address,
  7. NIP,
  8. REGON,
  9. Computer IP,
  10. Payment details, if the User purchases on the website.

In addition, the Administrator collects data on the content of the files and messages of Users, Customers and Contractors, when it is required for the establishment and implementation of cooperation, making services and products available to him/her – the subject and content of e-mail messages, text or other content of instant messages, audio and video recordings of video messages, audio recordings and transcription of voice messages or dictated text messages are collected.

The Administrator also collects information provided by Users, Customers and Contractors, including feedback and evaluations of products and services, as well as information provided for technical support.

III. THE WAY THE DATA ARE PROCESSED – THE PURPOSES FOR WHICH THE CONTROLLER PROCESSES PERSONAL DATA

The way in which the Administrator processes the personal data obtained, depends on the way in which the Users, Customers and Contractors use the Administrator’s products and services and on the nature of the cooperation established, Thus, the particular purposes for which the personal data is processed, may vary depending on what is the subject of the cooperation and what product or service has been selected and how it is used.

1. Provision of services, performance of cooperation, other activities based on requests and agreements made in writing or concluded verbally

The Administrator processes the personal data of Users, Customers and Contractors in order to carry out the activities undertaken for the benefit of Users, Customers and Contractors or carried out jointly with them, including authentication activities and authorising their access to services or other accesses and activities, necessary for the performance of the contract and communication with the persons responsible for its performance, as well as for the performance of the services offered to the Administrator, based on the legal basis for processing, which is Article 6(1)(b) GDPR, for 5 years from the end of the calendar year in which the performance of the contract was completed.

In the event that the performance of a contract involves a financial settlement or other obligation of the ADO, resulting from separate regulations, the personal data of Users, Customers and Contractors will be processed in such case, on the legal basis of Article 6(1)(c) GDPR, for a period of 5 years from the end of the calendar year in which the contract was settled.

In the event that claims are brought by either party and to defend against them, personal data will be processed on the legal basis of Article 6(1)(f) GDPR, for a period of up to 6 years from the end of the calendar year in which the claim became due (in accordance with the applicable legislation).

2. Direct marketing (promotion of own services, products and activities, loyalty programmes and activities, surveys, statistics)

The Administrator processes the personal data of Users, Clients and Contractors, in order to communicate with it in a personalised manner. This communication consists of sending emails, posting notifications on websites and other means within the services offered, including text messages and push notifications. The content communicated relates to ADO’s own services offered, i.e. their services and how to use them, personal data security, web updates, reminders, but also suggested offers from the Administrator.

Such communication also concerns the service of Users, Customers and Contractors, in order to provide technical assistance, solve current problems and respond to complaints.

The Administrator also processes the personal data of Users, Customers and Contractors in order to enable them to comment on the Administrator’s activities, services and products, and thus to monitor the quality of the services provided and the level of satisfaction of Users, Customers and Contractors.

The processing described above will be based on the legal basis, which is Article 6(1)(f), for 5 years from the end of the calendar year in which the data was collected.

3. Advertising

The Administrator processes personal data in order to offer the User service, sites, communications and services, tailored advertisements to the User, if the User has consented to such actions or in the event that a business relationship develops between the Administrator and the User. These advertisements concern both the Administrator’s offers and those of entities cooperating with the Administrator.

The advertisements presented to the User are tailored individually to each User through the use of:

  1. data provided directly by the User,
  2. data collected through the use of the services of the Administrator,
  3. information provided by third parties,
  4. data from advertising technologies such as cookies,
  5. beacons, pixels, advertising tags and mobile identifiers.

The Administrator does not share the User’s personal data with third-party advertisers or advertising networks without the User’s consent. However, in the event that the User clicks on an advertisement displayed to them, the advertiser will be informed.

The Administrator will base such actions on the legal basis for processing, which is Article 6(1)(a) of the GDPR, until the User withdraws the consent given, but for no longer than 5 years from the end of the calendar year in which the consent was given.

4. Service improvement

The Administrator processes the User’s personal data for analytical and statistical purposes in order to continuously improve the products and services offered, to provide better solutions, to add new functions and opportunities, to gather a larger audience and to help establish contacts and find business opportunities.

Personal data relating to Users is also processed by the Administrator for market research, opinion polling and business analysis in order to continuously improve the service.

The processing described above will be based on the legal basis of Article 6(1)(f) for 5 years after the end of the calendar year in which the data was collected.

IV. DISCLOSURE OF PERSONAL DATA BY THE CONTROLLER

Personal data of Users, Customers and Contractors are or may be transferred to the following categories of recipients:

  1. entities to whom ADO has entrusted the processing of personal data based on separate agreements, including providers of legal and advisory services, supporting the Administrator in the enforcement of due claims (in particular law firms, and debt collection companies), subcontractors of ADO services, providers of server services, etc.
  2. entities authorised based on separate regulations, including control of the activities of ADO,
  3. entities authorised to handle deliveries (couriers, postal operators).

V. RIGHTS OF DATA SUBJECTS (Users, clients, contractors)

Should the User/Customer/Contractor wish to exercise his/her rights as a data subject, he/she may contact the Controller or the Data Protection Officer (DPO) appointed by the Controller, using the form, provided on the website or through the communication channels provided herein.

Depending on the legal basis for the processing, the data subject has the following rights.

1. Right of access to data

The User is entitled to obtain confirmation from the Administrator as to whether his/her personal data are being processed and, if this is the case, he/she is entitled to access information concerning the details of the processing of his/her data, including in particular information on the purpose of the processing and the categories of data processed.

The User is also entitled to request a copy of the personal data being processed.

2. Right to rectification of data

The user has the right to rectify personal data that is inaccurate. The user has the right to demand the replacement, supplementation or deletion of errors, faults and misleading information in the entire data filing system that concerns him.

The subject of supplementation may not be personal data which are incorrect, i.e. the User may not request the replacement or supplementation of existing data with incorrect data.

If the processed personal data is incomplete, the User may submit an additional statement in order to complete it. It is permissible to submit such a declaration in any form, including electronically.

3. Right to erasure (right to be forgotten)

The user has the right to request the deletion of personal data if one of the following circumstances applies:

a. The User’s personal data is no longer necessary for the purposes for which it was collected or otherwise processed;

b. The User has withdrawn the consent on which the processing is based and there is no other legal basis for the processing;

c. The User objects to the processing of personal data concerning them;

d. the personal data has been unlawfully processed;

e. the personal data must be erased in order to comply with a legal obligation under Union law or the law of a Member State to which the Administrator is subject;

f. the personal data was collected in connection with the offering of information society services.

The User has the right to be forgotten, only if the right to erasure is exercised and only if the personal data concerning him/her has been made public by the Administrator.

4. The right to restrict processing

A user has the right to restrict the processing of their personal data in the following cases:

a. The user contests the accuracy of the personal data—for a period enabling the Controller to verify the accuracy of the data;

b. The processing is unlawful, and the user opposes the erasure of personal data, requesting instead the restriction of its use;

c. The Controller no longer needs the user’s personal data for processing purposes, but the user requires it for the establishment, exercise, or defense of legal claims;

d. The user has objected to the processing—pending verification of whether the Controller’s legitimate grounds override the user’s objection.

In the event of a restriction of processing, the Controller may process personal data, except for storage, only:

a. with the user’s consent; or

b. for the establishment, exercise, or defense of legal claims; or

c. for the protection of the rights of another natural or legal person; or

d. for reasons of important public interest of the Union or a Member State.

5. The right to data portability

The user has the right to receive their personal data, which they have provided to the Controller, in a structured, commonly used format, and has the right to transmit such data to another controller.

The user also has the right to request that their personal data be transmitted directly by the Controller to another controller, provided that it is technically feasible.

6. The right to object

The user has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data:

a. in the public interest or in the exercise of official authority vested in the Controller;

b. for direct marketing purposes, including profiling related to such direct marketing;

c. for purposes based on the legitimate interest of the Controller.

The process of reviewing the objection and all related communication is free of charge, and the user may also submit an objection electronically.

7. The right to lodge a complaint

The user has the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of the user’s habitual residence, place of work or the place where the alleged infringement was committed.

8. The right not to be subject to a decision based solely on automated processing (including profiling)

The right not to be subject to a decision based solely on automated processing (including profiling) is granted to the user in light of the development of technologies and marketing techniques based on data collected during the use of online services.

Profiling is any form of automated processing of personal data that involves using personal data to evaluate certain personal aspects of the user—in particular, to analyze or predict aspects concerning their work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

The user may exercise this right when two conditions are met:

a. Firstly, the user is subject to a decision based solely on automated processing of personal data, including profiling;

b. Secondly, this decision produces legal effects concerning the user or similarly significantly affects them.

Automated decision-making in individual cases, including profiling, is not prohibited if the decision:

a. is necessary for entering into or performing a contract between the user and the Controller;

b. is authorized by Union law or the law of a Member State to which the Controller is subject, and such law lays down suitable measures to safeguard the user’s rights, freedoms, and legitimate interests;

c. is based on the user’s explicit consent.

VI. COOKIES AND OTHER TECHNOLOGIES USED BY THE CONTROLLER

The Controller uses cookies and other similar technologies to enhance efficiency, offer increasingly advanced website functionalities, and provide users with more tailored advertisements. Cookies are pieces of code in the form of text files corresponding to HTTP requests sent to the Controller’s server. They are used to ensure optimal support during the user’s visit to the website and enable quicker and easier access to information.

The storage or access of information does not cause configuration changes in the user’s device or the software installed on it. Information contained in cookies and similar technologies is considered personal data only when combined with other personal data available about the user.

If the user does not agree to the storage and retrieval of information in cookies, they can adjust the cookie settings via their web browser or apply an opt-out option on the website of the respective technology provider.

Detailed information about the technologies used by the Controller is available in the Cookies Policy located at Cookies Policy Sales&More.

VII. OTHER IMPORTANT INFORMATION

1. Protection of personal data security

The Controller implements various measures to ensure the security of the user’s personal data. The systems and procedures in use safeguard against unauthorized access and disclosure of data to unauthorized individuals, ensuring secure use of the provided services.

Additionally, the systems and procedures employed by the Controller are regularly monitored to identify potential threats. Personal data collected by the Controller is stored in computer systems with strictly limited access.

2. Changes to the privacy policy

The Controller reserves the right to amend this Privacy Policy if the information contained herein becomes outdated due to modifications in the services provided, the introduction of a new service or processing activity, changes in legal regulations, or other significant reasons justifying such amendments.

The user will be promptly informed of such changes via a notice posted on the website.

3. Contact information

For any inquiries regarding this Privacy Policy, the Controller provides a contact form on the website, through which the user can reach the Controller.

Additionally, the user may contact the Controller via email or traditional mail.

By email: iod@salesmore.pl

By conventional mail at the following address:

Sales&More S.A.
IOD
Ul. Bednarska 7
00-310 Warsaw
Poland

VIII. DISCLOSURE CLAUSES 

INFORMATION ON THE PROCESSING OF PERSONAL DATA ON THE PORTAL LINKEDIN
INFORMATION ON THE PROCESSING OF PERSONAL DATA ON THE PORTAL TikTok
INFORMATION ON THE PROCESSING OF PERSONAL DATA ON THE PORTAL X (TWITTER)
INFORMATION ON THE PROCESSING OF PERSONAL DATA ON THE PORTAL FACEBOOK/FANPAGE
INFORMATION ON THE PROCESSING OF PERSONAL DATA ON THE PORTAL INSTAGRAM