Privacy Policy

Last Update: 17.02.2024
Wersja Polska

This document regulates the issues related to the processing of personal data at EXTRAMILE Sp. z o.o. with its registered office in Warsaw.

I. Personal Data Administrator

The administrator of personal data is EXTRAMILE Sp. z o.o. with its registered office in Warsaw, ul. Nowy Świat 33/13, 00-029 Warsaw, entered into the National Court Register by the District Court for the Capital City of Warsaw in Warsaw, XII Economic Division of the National Court Register under KRS number: 0001075272, using the tax identification number (NIP): 5252984719 and REGON: 52720567100000, with share capital of 30,000 PLN (hereinafter: "Company"/"Administrator").

II. Contact with the Administrator

You can contact the Administrator directly:

  1. by mail to the correspondence address: ul. Nowy Świat 33/13, 00-029 Warsaw;
  2. via email: karolina@extramile.network.
III. Processing of Personal Data
  1. The Company processes personal data, of which it is the administrator, in accordance with applicable legal regulations, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter "GDPR").
  2. The Administrator processes personal data:
    1. in accordance with the law, fairly and in a transparent manner to the data subject ("lawfulness, fairness and transparency");
    2. for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes ("purpose limitation");
    3. adequate, relevant and limited to what is necessary for the purposes for which the data is processed ("data minimization");
    4. accurate and, where necessary, kept up to date ("accuracy");
    5. in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the personal data is processed ("storage limitation");
    6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures ("integrity and confidentiality").
  3. The Company ensures that its processing of personal data will not infringe upon the rights and freedoms of the data subjects.
  4. Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Administrator implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
IV. Data Subjects

The Administrator processes personal data of the following data subjects:

  1. individuals contacting/making requests to the Company;
  2. participants of events organized by the Company;
  3. partners/contractors of the Company, their representatives and other agents, as well as employees and collaborators of partners/contractors of the Company.
V. Data Sources

The Administrator obtains personal data directly from you or your employer/entity you cooperate with, or from the entity you represent.

VI. Purpose and Scope of Data Processing
  1. Each time, the purpose of processing and the scope of processed personal data are determined by legal provisions, the content of consents provided by you or your employer/entity you cooperate with, or may be specified as a result of actions taken by you on the Administrator's websites, as some services may require you to provide additional personal data – the scope of which will be indicated by the Administrator on its website.
  2. Providing personal data to the Administrator is voluntary. However, failure to provide them may result in the Administrator being unable to provide services to the respective entity.
VII. Legal Basis for Data Processing by the Company
  1. The legal basis for processing personal data by the Administrator for the purpose of:
    1. participation in events organized by the Company, including registration of participants – is Art. 6(1)(b) of the GDPR, i.e., a contract with the event participant concluded through acceptance of the event regulations;
    2. contacting partners/contractors of the Company regarding the conclusion and performance of contracts – is Art. 6(1)(f) of the GDPR, i.e., the legitimate interests pursued by the Administrator;
    3. defense against claims or assertion of claims by the Company – is Art. 6(1)(f) of the GDPR, i.e., the legitimate interests pursued by the Administrator;
    4. ongoing contact and response to inquiries/requests addressed to the Company – is Art. 6(1)(a) of the GDPR, i.e., your consent;
    5. sending marketing content electronically – is Art. 6(1)(a) of the GDPR, i.e., your explicit consent given using the forms on the Administrator's website.
  2. With separately expressed consents by you, your personal data may be processed for the purpose of sending commercial information electronically about the Company's products/services or products/services of the Company's partners. You have the right to request the cessation of sending commercial information electronically at any time.
VIII. Transfer of Data to Event Partner

The transfer of personal data to a partner of an event organized by the Company is only possible after accepting the regulations of the given event and separately expressing your consent to such transfer.

IX. Period of Personal Data Processing
  1. The period of storage of personal data by the Administrator depends on the purpose for which the data was collected and the legal basis for their processing. li Personal data processed in connection with the conclusion of contracts will be stored until their execution, then until the expiration of claims arising from these contracts, taking into account any time necessary to fulfill tax and accounting obligations. li Data processed for the Company's marketing purposes electronically will be processed until the withdrawal of consent in this regard. li Personal data obtained for the purpose of contacting the Administrator will be processed for the duration of this contact, and then stored for the period of potential claims. li Regarding processing purposes based on the legitimate interests of the Administrator, data may be stored for the duration of the validity of these purposes or until an objection is raised.
X. Recipients and Entities Processing Personal Data
  1. Possible recipients of your personal data may include:
    1. employees and collaborators of the Administrator;
    2. specified entities based on appropriate data processing agreements;
    3. entities authorized to receive them under applicable legal provisions.
XI. Rights of the Data Subject
  1. You have the following rights regarding your personal data:
    1. the right to access your personal data,
    2. the right to rectify your personal data,
    3. the right to request the erasure of your personal data,
    4. the right to request the restriction of processing of your personal data,
    5. the right to object to the processing of your personal data,
    6. the right to lodge a complaint with a supervisory authority.
  2. Revoking consent or objecting to the processing of personal data, as well as changing or supplementing personal data, can be done by sending a message to the Administrator's email address: karolina@extramile.network.
  3. Revoking consent does not affect the lawfulness of processing carried out by the Administrator based on consent before its withdrawal.
  4. If you find any inaccuracies in the processing of your personal data by the Administrator, you can lodge a complaint with the supervisory authority, namely the President of the Office for Personal Data Protection (ul. Stawki 2, 00-193 Warsaw).
XII. Cookies

Information about the cookies used by the Administrator is provided in the Cookie Policy available at https://extramile.network/legal/cookies/.

XIII. Other Provisions
  1. The Administrator does not process personal data in an automated manner, including in the form of profiling.
  2. The Administrator does not transfer personal data to third countries or international organizations.
  3. The Company reserves the right to send unsolicited messages to entities using its services that are not commercial information, including information directly related to the operation of the Administrator's websites/portals or system messages. These messages may be sent by entities acting on behalf of the Administrator based on appropriate data processing agreements.
  4. The Administrator's websites may contain links, including in the form of logos of third-party entities, which may redirect to an external website of such an entity. The Company is not responsible for the content contained on such websites, including the documentation posted there and the solutions used, including in the field of personal data protection.
  5. In case of doubt or inconsistency between this Privacy Policy and consents given by data subjects for the processing of personal data, the basis for action and determination of the scope of actions by the Administrator are the consents voluntarily given by the data subjects.
  6. The Administrator reserves the right to make changes to this Privacy Policy for important reasons, while maintaining the rights acquired by data subjects, including, among others, due to the expansion of the scope of services provided.

Warsaw, February 17, 2024.