Schedule a DEMO

Privacy Policy

 

GENERAL INFORMATION AND DECLARATIONS

This document sets out the Privacy Policy applicable to the website operated at dataoctopus.io. It contains information on how personal data is processed in connection with the use of the Website and the provision of services by the Personal Data Administrator.

Hereinafter the dataoctopus.io website will be referred to as the “Website” or “Data Octopus”.

Other words used in capital letters have the meaning given to them in the Regulations of the dataoctopus.io website and the provision of Data Octopus Services available on the Website (“Regulations”).

The controller of the personal data of Users and Customers (hereinafter referred to as the “Controller”) is Data Octopus, a limited liability company, with its registered office in Kraków, at ul. Wadowicka 8A, 30-415 Kraków, entered into the register of entrepreneurs of the National Court Register maintained by the District Court for Kraków-Śródmieście in Kraków, 11th Commercial Division of the National Court Register, under the KRS number: 0001010501, Tax Identification Number (NIP): 6793256417, National Business Registry Number (REGON): 524025419, with the share capital of PLN 10,500.00.

The privacy policy is available on the website of the Online Service, in a manner enabling its acquisition, reproduction and recording of its content by printing or saving on a medium.

Personal data collected by the Controller are processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119, p. 1), hereinafter referred to as: “GDPR”.

The Administrator’s Services are intended for individuals over the age of 16. The Administrator does not knowingly collect personal data from children under 16. If such data is transferred without the required consent of a parent or legal guardian, the Administrator will take steps to immediately delete it.

The Administrator makes every effort to protect the privacy and information provided to it by Customers and Users using Data Octopus services. Due to the nature of the services provided, the Administrator also processes personal data for which it is not a controller within the meaning of the GDPR, but rather acts as a processor. This applies in particular to data entrusted by Users, such as the data of their customers or contractors. The principles for entrusting the processing of personal data to the Administrator are regulated in a separate agreement concluded between the parties. The Administrator, within the means available to it, takes all possible measures to ensure the highest level of service, including appropriate security of the entrusted personal data.

The Administrator carefully selects and implements appropriate technical and organizational measures, particularly software solutions, that ensure the protection of processed data. In particular, it protects it against unauthorized access, unauthorized disclosure, loss, or destruction.

If the User requests an offer or other information from Promo Traffic sp. z o.o. based in Krakow using the Data Octopus feature, this company will also become the sole controller of their personal data. Information regarding the processing of this data will be provided to the User directly by Promo Traffic in a separate communication.

The Website may use so-called plugins and other social media tools, including, in particular, those that enable Customers with an Account to log in to that Account using accounts on social media and similar sites, such as Facebook.com and Google.com. The providers of these sites may also process personal data as independent controllers. In such a case, the Controller and the plugin provider are joint controllers of personal data.

CONTACT WITH THE ADMINISTRATOR

Contact with the Administrator in matters concerning personal data is available via:

  • electronic mail, at the email address: hello@dataoctopus.io,
  • traditional mail, sent to the following address: ul. Wadowicka 8A, 30-415 Kraków.

PERSONAL DATA

The personal data controller processes personal data for the following purposes and scope, and on the basis of the following legal provisions:

Basis: Article 6(1)(b) of the GDPR – for the purposes of performing the contract, as well as taking steps before entering into the contract at the request of the data subject and if data processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party – the Controller processes personal data on the basis of Article 6(1)(f) of the GDPR.

Purpose: contacting the data subject at his/her request in order to present the Service or offer, arrange a meeting, or enable such person to place an order for the Service, or directly conclude an Agreement by the Parties;

Agreeing on the details of the Service and concluding the Agreement, including the data provided by the data subject when establishing contact;

Scope: name, surname, email address, telephone number, IP address.

Purpose: to provide Services and functionalities – regardless of the method and scope of the concluded contract. This applies to both Services and functionalities implemented and delivered using Data Octopus’s IT resources, as well as all other services and benefits provided by the Controller.

Scope: first name and last name, e-mail address, telephone number, address details, Tax Identification Number, payment details, IP address, and in the case of logging in to the Data Octopus Account using an account on external websites – also data from these websites such as: first name and last name of the user.

Purpose: to provide Services to a given person and to provide functionalities that do not require any contact, i.e. browsing the Website, searching for content or Services.

Scope: personal data regarding activity on the Website, i.e. data regarding viewed content or Services, data regarding device sessions, operating system, browser, location and unique ID, IP address.

Legitimate interest of the Controller: In the case of processing personal data for the above purposes, the legitimate interest pursued by the Controller consists in building and maintaining positive relationships with data subjects, including in particular responses to their inquiries, as well as building and maintaining an appropriate image of the Controller itself and improving the standard of the Services offered and provided.

Basis: Article 6(1)(f) of the GDPR – data processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

Purpose: to determine the scope and maintain statistics on the use of individual functionalities and Data Octopus Services, to facilitate or optimize the use of the Website or other Services, to ensure the IT security of the Website and the Services themselves.

Scope: personal data regarding Users’ activity on the Website, including their use of the Data Octopus infrastructure and its individual components, the amount of time spent on each subpage, search history, clicks, location, IP address, device ID, data regarding the User’s web browser, and operating system – in the case of Users solely visiting the Website. For Customers with an active Service, the scope of data processing is extended to include information regarding the Service being provided and its use by such Customer.

Purpose: establishing, pursuing and enforcing claims and defending against claims in court proceedings or before other enforcement authorities.

Scope: personal data provided by the User on the Website, data obtained during contact with the Controller, including when placing an order for the Service, including data for the purpose of concluding the Agreement or in connection with it, data regarding the use of the Services or functionalities (including data provided or collected in individual parts and resources on the Website) and other data necessary to prove the existence of a claim or data resulting from legal provisions.

Legitimate interest of the Administrator: the ability to establish, pursue and enforce claims and defend against claims in proceedings before courts and other state authorities, improving the level of Services provided and the efficiency and security of the Website, as well as building and maintaining positive relationships with Users.

Basis: Article 6 paragraph 1 letter f of the GDPR and Article 6 paragraph 1 letter a of the GDPR – data processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party, the consent of the data subject was also required for the processing of personal data;

Article 6(1)(b) of the GDPR – personal data are processed for the purposes of performing the contract, as well as taking steps before concluding the contract at the request of the data subject;

Scope: personal data provided by the data subject when ordering the Service, data on the person’s activity on the Website, including data that is recorded and stored via cookies, in particular the history of activities and actions in Data Octopus, including data on the Service being performed, payment data, history and activity related to communication with the Controller, and in the case of subscription to the Newsletter, including ordering a service or digital content – also data provided during this registration/order;

Purpose: market research, opinion research, measurement and statistics conducted by the Administrator itself or its partners or suppliers.

Scope: data such as: information about the order or provided when ordering the Services.

Basis: Article 6(1)(f) of the GDPR and Article 6(1)(b) of the GDPR – necessary cookies;

Article 6(1)(a) of the GDPR – Analytical, Functional, Performance and Advertising cookies.

Purpose: the use of cookies by the Administrator on the Website.

More information on this subject can be found in the provisions regarding cookies, specified in a separate document regulating the rules for the use of these files, which is available on the Website.

Basis: performance of the Agreement, as well as in the event that data processing is necessary for purposes arising from legitimate interests pursued by the Controller or by a third party – legitimate interest of the Controller, i.e. pursuant to Article 6 paragraph 1 letter f of the GDPR and pursuant to Article 6 paragraph 1 letter b of the GDPR.

Purpose: to consider complaints, grievances and requests, and to answer Users’ questions

Scope: personal data in the contact form, chat, and other forms on the Website, in emails, text messages, complaints, grievances, and requests, as well as questions submitted in other forms. For this purpose, the Controller also processes certain personal data relating to the order for Services and other Services provided on the Website that are the cause of the complaint, grievance, or request, questions, and data contained in documents attached to complaints, grievances, grievances, and requests;

The legitimate interest of the Administrator: the ability to lawfully consider complaints, respond to Users’ comments or questions, as well as to improve the level of Services provided and build positive relationships with them.

Basis: Article 6(1)(c) of the GDPR – data processing is necessary to fulfil a legal obligation incumbent on the Controller.

Purpose: fulfillment of the legal obligation incumbent on the Administrator, in particular consisting in the Administrator’s implementation of the obligations imposed by the provisions of tax law.

Scope: personal data provided by the data subject for the purpose of placing and settling an order for Services and functionalities/Agreements and their implementation.

Basis: Article 6 paragraph 1 letter f of the GDPR and Article 6 paragraph 1 letter b of the GDPR – performance of the Agreement, as well as in the event that data processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party – the legitimate interest of the Controller.

Purpose: performance of the contract as well as taking steps before concluding the contract at the request of the data subject;

maintaining profiles run by the Administrator on social media, providing information about the Administrator’s activities, sharing opinions expressed about the Administrator.

Scope: personal data (in particular: identifiers, content of comments, opinions) relating to persons (users) visiting profiles maintained by the Administrator within social media or other websites (e.g. Facebook, Instagram, Google).

Legitimate interest of the Administrator: building the image of the Administrator, providing information about the conducted activities, building positive relationships with users, the ability to pursue or defend against possible claims.

Basis: Article 6 paragraph 1 letter f of the GDPR and Article 6 paragraph 1 letter b of the GDPR – performance of the Agreement, as well as if data processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party – the legitimate interest of the Controller.

Purpose: performance of the Agreement and the legitimate interests of the Controller and its contractor. In connection with concluding agreements as part of its business activities, the Controller obtains data and also receives from clients or contractors the data of persons involved in the performance of such agreements (e.g., authorized contact persons, collaborators in the provision of Services, etc.).

Scope: personal data of staff members of contractors or clients cooperating with the Controller.

Legitimate interest of the Controller: the possibility of proper and effective performance of the Agreement.

Basis: Article 6 paragraph 1 letter f of the GDPR and Article 6 paragraph 1 letter b of the GDPR – performance of the Agreement, as well as if data processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party – the legitimate interest of the Controller.

Purpose: processing of data collected within the framework of business contacts;

initiating and maintaining business contacts.

Scope: personal data such as: name and surname, contact details.

Legitimate interest of the Controller: creating a network of contacts, building relationships, maintaining a positive image in connection with the conducted business activity.

Basis: Article 6 paragraph 1 letter b of the GDPR and Article 6 paragraph 1 letter f of the GDPR – performance of the Agreement, as well as in the event that data processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party – the legitimate interest of the Controller.

Purpose: organization of events and training;

identifying event or training participants and contacting them;

handling participation in an event or training;

surveying satisfaction with participation in an event or training, for statistical purposes;

providing participants with appropriate confirmation of participation, certificates, etc.

Scope: personal data such as name and contact details. In connection with the organization of events, including online events, or training courses, the Controller collects personal data from individuals registering for and participating in events or training courses. The scope of the data transferred is in each case limited to the extent necessary to organize the event and typically does not include information other than the participant’s name and email address.

Events or training sessions may be recorded. In such a case, the participant will be notified of this fact, in particular in a message displayed within the tool used by the Administrator to organize the online event or training, or by notification prior to the commencement of the in-person training or event. Recordings may be made available, in particular, to event participants.

Legitimate interest of the Controller: organizing the event in connection with the submitted application for participation in the event, as well as collecting information and conducting analyses related to the satisfaction survey regarding participation in the event or training and for general statistical purposes.

 

The purposes, scope, and principles of personal data collection and further processing by these entities can be found in their privacy policies. The Administrator encourages you to review them, including at the following addresses:

http://www.facebook.com/policy.php.

https://policies.google.com/privacy;

 

 

Categories of personal data

The personal data controller processes the following categories of personal data:

contact details;

data regarding activity on the Website;

data regarding orders for Services and functionalities;

data regarding the Services provided;

billing data – payments;

data relating to complaints, grievances and requests;

data regarding contractors or partners,

data of employees and co-workers.

Voluntary provision of personal data

The provision of the required personal data by the data subject is voluntary, but constitutes a necessary condition for the provision of the Services by the Administrator.

Data processing time

The period of data processing by the Controller depends on the type of Service provided and the purpose of processing. The period of data processing may also result from generally applicable law, when it constitutes the basis for processing. In the case of data processing based on the Controller’s legitimate interest – for example, for security reasons – the data is processed for a period necessary to fulfill that interest or to effectively object to data processing. If processing is based on consent, the data is processed until its withdrawal. When the basis for processing is the necessity to conclude and perform a contract, the data is processed until the contract is terminated or expires.

Personal data will be deleted in the following cases:

when the data subject requests their deletion or withdraws their consent;

when the data subject takes no action for more than 10 years (inactive contact);

upon receipt of information that the stored data is out of date or inaccurate.

Some data may be processed for the time necessary to pursue or defend against potential claims, for evidentiary purposes regarding claims related to the provision of Services by the Administrator, as well as for the purpose of processing complaints, grievances, or other requests – until the claims expire. This data will not be used by the Administrator for marketing purposes.]

Data regarding orders for Paid Services, including data necessary for maintaining accounting records and settlements, will be stored for the period necessary – resulting from the provisions of generally applicable law, including in particular accounting and bookkeeping.

Data collected through cookies and other online identifiers is retained by the Administrator for a period corresponding to the life cycle of cookies stored on devices or until they are deleted from the User’s device by the User. Details on the lifetime of a given cookie can be found in the cookie policy, set forth in a separate document regulating the use of these files, which is available on the Website.

 

Recipients of personal data

Due to the necessity of concluding and implementing Agreements and providing Services, including Services provided electronically, personal data processed by the Controller may be transferred to the following categories of recipients:

state authorities, e.g. the prosecutor’s office, the Police, the President of the Personal Data Protection Office (PUODO), if they request it from the Controller, indicating the legal basis for their requests;

service providers with whom the Controller cooperates, in particular for the purpose of providing its Services, i.e. in the scope of providing the Services as well as processing payments, enabling the use of the Website – suppliers responsible for the proper operation of the Controller’s IT resources, ICT systems, entities providing accounting services to the Controller, Google Inc. with its registered office in the USA or Google Ireland Ltd. with its registered office in Ireland, as well as other external entities cooperating with the Controller within the scope of their business activities. Depending on the contractual arrangements and circumstances, these entities act on behalf of or independently determine the purposes and methods of data processing;

Personal data may also be transferred to other entities – providers of tools whose cookies are used. Information about these entities and the purposes of using cookies is included in a separate document regarding cookies.

A detailed list of suppliers may be made available by the Controller at the request of the data subject.

The aforementioned suppliers are based primarily in countries of the European Economic Area (EEA). The Personal Data Controller may outsource certain activities to recognized subcontractors operating outside the EEA. Personal data transferred outside the EEA will be secured with appropriate legal safeguards to ensure that the receiving suppliers guarantee a high level of personal data protection. These guarantees result, in particular, from the obligation to use standard contractual clauses adopted by the Commission (EU) or binding corporate rules duly approved by a supervisory authority within the meaning of the GDPR. The data protection method complies with the principles set out in Chapter V of the GDPR. The data subject may request additional information from the Controller regarding the safeguards applied in this regard, obtain a copy of these safeguards, and information about the location of their disclosure. Additionally, the Controller will inform the recipient of the intention to transfer personal data outside the EEA at the stage of personal data collection.

 

Automated decision making

As part of the Website, the Administrator takes actions aimed at monitoring the activity of Website Users and analysing these activities, but does not make automated decisions with a significant effect within the meaning of the GDPR, including profiling.

RIGHTS OF THE DATA SUBJECT

Under the GDPR, the data subject has the right to:

request access to your personal data – Article 15 of the GDPR

The data subject may obtain information from the Controller whether his or her data is being processed and, if so, he or she has the right to:

access to data;

obtain information on the purposes of processing, the categories of personal data processed, the recipients or categories of recipients of such data, the planned period of data storage or the criteria for determining that period, the rights under the GDPR and the right to lodge a complaint with a supervisory authority, the source of such data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of such data outside the European Union;

obtain a copy of your personal data;

request rectification of your personal data – Article 16 of the GDPR

If personal data is incorrect, the data subject may request that the Controller immediately rectify it. They may also request that the Controller supplement the data. They can also independently change the data in their Customer Account;

request the deletion of your personal data, the so-called “right to be forgotten” – Article 17 of the GDPR

The data subject may request their deletion when:

his or her personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

withdrew specific consent to the extent that personal data were processed based on that consent;

her personal data were processed unlawfully;

has objected to the processing of his or her personal data in connection with the processing necessary for the performance of a task carried out in the public interest or the processing necessary for the purposes of legitimate interests pursued by the Controller or a third party;

request to limit the processing of personal data – Article 18 of the GDPR

The data subject may request this when:

questions the accuracy of his/her personal data – the Personal Data Controller will limit the processing of his/her personal data for a period allowing for the accuracy of such data to be verified;

the processing of his or her data is unlawful and instead of deleting the personal data, the person requested the restriction of the processing of his or her personal data;

his or her personal data are no longer necessary for the purposes of processing, but they are needed for the establishment, exercise or defence of legal claims;

has objected to the processing of personal data – until it is determined whether the legitimate interests of the Personal Data Controller override the grounds indicated in her objection;

 

 

object to the processing of personal data – Article 21 of the GDPR

The data subject may object at any time to the processing of his or her personal data, including profiling, in connection with:

processing necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of legitimate interests pursued by the Controller or a third party;

the right to request the portability of personal data – Article 20 of the GDPR

The data subject has the right to receive his or her personal data from the Controller in a structured, commonly used and machine-readable format and to send it to another controller of personal data or to request that the Controller send his or her personal data directly to another controller (if technically possible);

the right to complain to the supervisory authority

If a data subject believes that the processing of his or her personal data violates the GDPR, he or she has the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office (PUODO).

The method of exercising rights

You can exercise all of your rights by contacting the Administrator at the contact addresses provided in this Policy. The Administrator will provide information on the actions taken in connection with your request without undue delay.

Use of Google user data

Our app uses Google user data only to provide or improve its functionality. We do not use this data for marketing, advertising, analytics, or profiling purposes. We do not sell, share, or combine Google user data with other sources for commercial purposes.

Data may only be transferred in cases required by law or when it is necessary to perform the application’s functions (e.g. server operation, security).

Our processes comply with the Google API Services User Data Policy.

Contact
Data Octopus Sp. z o.o
st, Wadowicka 8A
30-415 Cracow
VAT ID: 6793256417

mail: hello@dataoctopus.io
Platform
Data&Feeds
Reports
Pricing
Contact
Benefit calculator
List of functionalities
For Teams
For E-commerce
For a Digital Marketing Agency
For E-commerce Owners
For PPC Specialists
For the Business Analyst
Company
Changelog&Road map
Case studies
Blog
Help center
About us
privacy policy regulations cookie policy
Image 1 Image 2 Image 3