Privacy policy.

UUID SP. Z O.O. with its registered office in Wrocław, Poland, ul. Beaty Artemskiej 11/44, 52-234, entered in the Register of Entrepreneurs of the National Court Register under KRS number: 0001165376, NIP: 8993021217, REGON: 54131830600000.

1. Personal data means information relating to an identified or identifiable natural person on the basis of a name and surname, as well as on the basis of one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, an identification number and information collected through cookies and similar technologies; personal data within the meaning of Article 4(1) GDPR.

2. EEA means the European Economic Area, a free trade area and common market covering the countries of the European Union and the European Free Trade Association, except Switzerland.

3. Cookies means IT data commonly referred to as cookies, saved as text-and-number files and placed on the User’s end devices, such as a mobile phone, laptop or tablet. Basic types of cookies:
1. necessary cookies are used to provide the User with services and functionality available in the Service. Necessary cookies may be installed through the Service by the Controller;
2. functional cookies are used to remember and adapt the Service to choices made by the User, for example language preferences. Functional cookies may be installed through the Service by the Controller or third parties whose services are used by the Controller;
3. analytical cookies are used to obtain, among other things, information about the number of visits and traffic sources in the Service and to improve the performance of the Service. Analytical cookies may be installed through the Service by the Controller or third parties whose services are used by the Controller;

The use of cookies other than necessary cookies and the processing of personal data in connection with the use of such cookies depend on obtaining the User’s consent. This consent may be withdrawn at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

4. Privacy Policy means this document.

5. GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

6. Service means the website at https://www.uuid-group.com and all of its subpages.

7. Information society service means any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient. In Poland, an information society service is referred to as a service provided electronically; a service within the meaning of Article 1(1)(b) of Directive (EU) 2015/1535 of the European Parliament and of the Council.

8. Act on Providing Services by Electronic Means means the Act of 18 July 2002 on providing services by electronic means (Journal of Laws No. 144, item 1204, as amended).

9. Telecommunications Law means the Act of 16 July 2004 Telecommunications Law (Journal of Laws No. 171, item 1800, as amended).

A User is any natural person visiting the Service, social media operated by the Controller or using one or more services or functionalities described in the Privacy Policy.

The Service is not intended for children. The User:
- should be at least 16 years old to independently consent to the processing of personal data;
- if under 16 years old, must obtain the consent of a legal guardian in order to receive information society services.

The Controller is entitled to take actions to verify the User’s age.

Personal data of persons using the Service are processed by the Controller:

1. saving data in functional and analytical cookies, using cookies for the proper operation of the Service and its subpages and collecting data from the Service;
2. enabling opinions about a product or service;
3. targeting advertising in social media;
4. targeting advertising on the website;
5. enabling participation in a webinar or online training;
6. informing about promotions and offers;
7. sending the Controller’s offers.

1. saving data in necessary cookies, using cookies for the proper operation of the Service and its subpages and collecting data from the Service;
2. sending an offer for the Controller’s services or products;
3. accepting and performing an order, performing a service or carrying out a concluded contract;

1. ensuring accountability and demonstrating compliance with obligations imposed on the Controller by law, including creating records and other documentation required under the GDPR;
2. issuing an invoice, bill or fulfilling other obligations arising from tax and accounting law, including for archival purposes.

1. ensuring the security of the Service and managing the Service, including improving its functionality and performance;
2. creating databases;
3. operating the Facebook account under the name UUID Group, operating the LinkedIn website under the name UUID Group and interacting with Users in those social media places;
4. operating the Google Business Profile under the name UUID sp. z o.o. and managing published opinions;
5. targeting advertising in social media;
6. targeting advertising on the website;
7. conducting research and analyses of the Service, including its functionality and improvement, as well as satisfaction with the offered services and products;
8. measuring the effectiveness of sales and advertising campaigns;
9. contacting Users, in particular to obtain feedback on a purchased product or service;
10. protecting the Controller’s rights by establishing, pursuing or defending claims;
11. statistical and analytical purposes, including analysing Users’ activity in the Service, the way the account is used and User preferences in order to improve the functionalities used;
12. storing data for archival and evidentiary purposes, to secure information that may be used to demonstrate facts.

The User has the following rights in relation to their personal data:

1. right of access to personal data – the User has the right to request information about processed personal data. On this basis, the Controller provides the requesting person with information about the processing of personal data, including the purposes and legal bases of processing;

2. right to request rectification of data – the User has the right to request removal of inaccurate or erroneous personal data and completion of data if incomplete;

3. right to obtain a copy of data – the User has the right to obtain a copy of processed data concerning them;

4. right to erasure – the User has the right to request erasure of personal data whose processing is no longer necessary for the purpose or purposes for which they were collected;

5. right to restriction of processing – the User has the right to request that the Controller cease operations on personal data. This right applies in the following cases:
1. the data subject disputes the accuracy of personal data;
2. the data subject does not want the data to be erased;
3. personal data are no longer needed for the purposes for which they were collected, but cannot be erased due to applicable law;
4. the person who objected to data processing is awaiting a decision in that matter;

6. right to data portability – the User has the right to have the Controller, to the extent that personal data are processed by automated means in connection with a contract or on the basis of consent, provide the personal data in a machine-readable format. Under this right, it is possible to request that such data be sent to another entity, provided that this is technically possible for the Controller and the indicated entity;

7. right to object to processing of personal data based on the Controller’s legitimate interest for marketing purposes – the User may object at any time to the processing of personal data for marketing purposes without having to justify the objection;

8. right to object to processing of personal data based on the Controller’s legitimate interest for a purpose other than marketing – the User has the right to object for reasons related to the User’s particular situation;

9. right to withdraw consent – to the extent that the User’s personal data are processed on the basis of consent, the User has the right to withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal;

10. right to lodge a complaint – the User has the right to lodge a complaint with the supervisory authority for personal data processing if they consider that the processing of personal data violates the GDPR or other data protection laws. In Poland, the supervisory authority is the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.

The User’s rights are not absolute and do not apply to all personal-data processing activities. To exercise their rights, the User may contact the Controller by email at kontakt@uuid-group.com or by traditional mail at ul. Beaty Artemskiej 11/44, 52-234 Wrocław, Poland, specifying the scope of their request.

The Controller’s business activity is supported by external entities to whom the Controller discloses personal data, in particular providers responsible for IT systems, an accountant, banks and payment operators.

The main recipients of data include:

1. Ruszniak SP. Z O.O., entered in the Register of Entrepreneurs maintained by the District Court for Wrocław-Fabryczna in Wrocław, 6th Commercial Division of the National Court Register, under number 0000812185, with its registered office in Mędłów, ul. Czereśniowa 59, 55-020 Mędłów, share capital PLN 50,000.00 fully paid up, REGON 384812329, NIP 8992871126.

2. UUID SP. Z O.O. – an entity providing administrative and technical support;

3. Google Analytics, GOOGLE POLAND SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, ul. RONDO IGNACEGO DASZYŃSKIEGO 2C, 00-843 WARSAW, MAZOWIECKIE.

The Controller reserves the right to disclose personal data when required by a legal obligation imposed on the Controller, including the obligation to provide information to competent administrative authorities or law-enforcement bodies.

The level of personal-data protection in the European Union differs from that outside the EEA. The Controller cooperates with entities both within and outside the EEA.

The Controller transfers personal data outside the EEA only when necessary, mainly when using services of entities with an international reach. In such cases, service providers have branches or subsidiaries in the EEA. In addition, legal mechanisms are used to ensure an adequate level of protection, primarily compliance mechanisms such as binding corporate rules approved by the competent supervisory authority, international certification standards or standard contractual clauses adopted by the European Commission under Article 46 GDPR. The adequacy decision applies to third countries covered by a decision confirming an adequate level of protection. Personal data may also be transferred outside the EEA on the basis of the User’s consent.

More information on the rules for transferring data outside the EEA is available here.

Personal data are stored for the time necessary to achieve the purpose for which they were collected, including:

1. personal data processed in connection with handling the contact form – for the period necessary to handle the report or inquiry;

2. other personal data processed on the basis of consent – until consent is withdrawn or the processing purpose is achieved;

3. personal data processed because a contract must be performed or action must be taken on request – for the period of talks and negotiations preceding conclusion of a contract or performance of a service in relation to data provided in an offer inquiry, or for the period of service performance and cooperation;

4. personal data processed on the basis of the Controller’s legitimate interest – until an effective objection is submitted under Article 21 GDPR;

5. personal data processed in connection with the Controller’s legal obligations – for the period required by law, including tax law, accounting law and the GDPR;

6. personal data processed in connection with the Controller’s use of social media platforms, including functionalities of those applications – for the period during which business pages or accounts exist on the relevant social media portal;

7. personal data processed for analytical purposes and in connection with website administration – until the data become outdated or lose usefulness, or until an objection is submitted under Article 21 GDPR.

The User’s personal data will additionally be processed to protect the Controller’s rights by establishing, pursuing or defending claims in accordance with the limitation period for those claims.

Providing personal data is voluntary. Failure to provide personal data may, however, result in the inability to use a given functionality of the Service, access certain content or perform a service or order.

The Controller analyses the browsing history in the Service and the activity history on social media profiles on Facebook and LinkedIn. This analysis is carried out in an automated manner according to the rules offered by the providers of those services. Data analysis does not, however, produce legal effects or similarly significantly affect the User’s situation, including their rights or freedoms.

The purpose of automated data processing is for the Controller to learn User preferences in order to adapt the content, offers or messages created by the Controller to aggregate preferences.

The Controller uses cookies to provide the User with electronically supplied services and improve the quality of those services, ensure the proper operation of the Service, including improving navigation, remembering cookie preferences, ensuring security and managing the Service, conducting statistical and analytical research, for marketing purposes, connecting with social media portals and ensuring the proper operation of an online shop.

During the User’s first visit to the Service, a message is displayed about the use of cookies, including their type, together with a request for consent to use specific cookies.

The consequence of accepting cookies is that information originating from the provider of a given service, over which the User has no control, will be stored in the memory of the device used by the User, such as a tablet, computer or phone.

The User can manage cookies.

1. Managing files during the first visit to the Service – the User is shown a message about the use of cookies, including their type. Within the message, the User can consent to selected cookies;

2. Deleting cookies from the device – the User can delete cookies from the end device. To do this, the User should clear the browsing history in the browser. This removes all cookies from all visited websites. The User should be aware that saved information, such as login data, may be lost;

3. Preventing cookies from being stored – the User can configure the web browser to prevent cookies from being stored. Unfortunately, this may hinder proper operation of the Service. Because cookies are also used to remember the User’s cookie preferences, the User should be aware of the consequences of changing settings, especially disabling the ability to save cookies on the end device, which may make it impossible to use certain functionalities and may cause some content made available by the Controller to be invisible;

4. Incognito mode – the User can use incognito mode offered by web browsers. In that case, cookies will be deleted when the browser is closed;

5. Other devices – if the User uses another end device, computer profile or web browser, cookie preferences will need to be set again.

The Controller uses the tools below to improve the conducted business activity, including the created Service.

The Controller enables contact through an electronic contact form available in the Service. Using it is not mandatory. To use the contact form, the User must provide personal data necessary to establish contact and answer the inquiry. The User may also provide other data to facilitate contact or handling of the inquiry. Providing personal data marked as mandatory is required to accept and handle the inquiry. Failure to provide such data prevents use of the contact form or handling of the inquiry. Providing other personal data is voluntary.

The Controller operates social media profiles on Facebook and LinkedIn. Personal data provided in social media will be processed to administer and manage those profiles, communicate with the User, including answering questions, and for statistical and analytical purposes, interactions, informing about events, interesting information, services and products offered by the Controller and creating a community around the profile. The legal basis for processing personal data is the Controller’s legitimate interest.

Rules applicable on social media portals are set by the Controller, but the rules for using a given social media portal arise from the terms and community rules of those platforms.

The User can stop following the Controller’s profile at any time. It is also possible to block a given account, including the Controller’s profile. Due to the nature of platforms used by the Controller, only using the “block user” option will cause no content created by the Controller to be displayed to the User. Otherwise, content available on a given social media platform is public.

The Controller processes publicly available personal data of Users, such as name, surname or general information placed on profiles, marked as public or shared with the Controller by the User. Other personal data are processed by the owners of social media portals under the terms of those platforms.

The Service uses plugins linking to Facebook, TikTok and Instagram social media portals. These plugins are marked with the logo of the relevant social media service.

Personal data are sent to social media portals only when the User actively clicks the relevant plugin button. After pressing the icon with the social media logo, the User’s web browser connects to the servers of that social media portal and the User is redirected to the website of the external service provider, i.e. the owner of that social media service. At the same time, the User’s web browser establishes a direct connection with the servers of the selected social media portal. Using these functions may involve external cookies. From the moment the User actively clicks a plugin button, the User’s personal data are processed on that social media portal and its owner becomes a joint controller of the personal data. The Controller informs that from the moment the plugin button is actively clicked, the Controller has no influence over the nature and scope of personal data collected by the owner of the social media portal.

Data are sent regardless of whether the User has an account on the relevant social media portal or is logged in. If the User is logged in on a given social platform, such as Instagram, the collected personal data will be directly assigned to the account or profile used by the User.

The Controller uses the following security tools:

The Service uses the reCAPTCHA service, whose purpose is to secure the Service and limit the possibility of sending data not completed by a human, but generated by automated programs or bots. During use of this tool, occasional checks are carried out to determine whether the behaviour of a person visiting this website shows signs of robotic behaviour, and in such a situation personal data, namely the IP address, are collected, with Google LLC as the recipient.

The Controller uses the following statistical and analytical tools:

The Controller uses Google Analytics in the Service for analytical purposes. A special tracking code has been installed in the Service website code, using Google LLC cookies for the Google Analytics service. Information generated by the cookie about use of the Service is usually sent to a Google server in the USA and stored there. Google Analytics has been extended in the Service with the “gat._anonymizelp();” code to ensure anonymous recording of IP addresses, known as IP masking. Thanks to IP anonymisation in the Service, the user’s IP address is shortened by Google LLC within the EEA. Only in exceptional cases is the full IP address sent to a Google LLC server in the USA and shortened there. Within Google Analytics, information such as operating system and web browser used by the User, subpages viewed within the Service, time spent in the Service and on its subpages, transitions between subpages of the Service and the source from which the User enters the Service is used.

The Controller uses the Facebook Pixel service in the Service for marketing purposes. It allows tracking the effectiveness of Facebook advertising for statistical and market research purposes by checking whether Users visiting the Service were redirected to the Service after clicking a Facebook advertisement, known as a conversion. A special tracking code has been installed in the Service website code, using Meta cookies for the Meta Pixel service.

The Controller uses statistical functions available on social media profiles, namely Facebook and LinkedIn, provided by the owners of those portals.

Using the website involves sending requests to the server on which the Service is located. Each request sent to the server is recorded in server logs, which include, among other things, the public IP address of the computer from which the request came, the username provided during authorisation, the time of the request, browser information, language, access times and address, the page from which the user was redirected, and information about the web browser or information system used by the User. The data referred to above are not associated with specific persons using the Service, but are used only as auxiliary material for administrative purposes. The Controller does not use server logs in any way to identify the User.

The Controller continuously analyses whether personal data are processed securely. The Controller takes all necessary actions to ensure that subcontractors and other cooperating entities provide guarantees of applying appropriate security measures when acting on the Controller’s behalf.

The Controller strives to continuously improve the procedures used and the protection of personal data, so the Privacy Policy is reviewed on an ongoing basis and changed when needed. The Controller encourages Users to regularly check the content of this document for updates. The latest version of the Privacy Policy is published in the Service.

UUID SP. Z O.O. with its registered office in Wrocław, Poland, ul. Beaty Artemskiej 11/44, 52-234, entered in the Register of Entrepreneurs of the National Court Register under KRS number: 0001165376, NIP: 8993021217, REGON: 54131830600000.