Privacy Policy
English Version
I. The Controller of personal data
The Controller of personal data is TRIBE47 P.S.A. with its registered office in Warsaw, ul. Krucza 50, 00-025 Warszawa, entered in the register of businesses held by the District Court for the capital city of Warsaw in Warsaw, 12th Economic Division of the National Court Register under KRS number: 0001013329, represented by Ewa Wysocka – the President of the Management Board, (hereinafter referred to as “the Controller” or “Tribe47”). Contact with the Controller is possible by post to the above address of the Controller’s registered office or by e-mail: [email protected]
II. Data processing
In connection with its business activity, the Controller collects and processes personal data, making every effort to ensure that the processed personal data is adequately secured. Data is collected directly from data subjects, third parties, and publicly accessible registers. The processing of personal data is based on the applicable law, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“the GDPR”).
III. Purposes and legal basis for data processing
The legal basis for personal data processing is defined in Article 6 of the GDPR which governs general rules on the compliance of personal data processing. In any case, the Controller shall process the data relevant to a given case and for the purpose for which it was collected, ensuring its appropriate protection. The controller processes the personal data for the purposes related to the conducted business activity, in particular in order to:Provide and maintain business relationships Article 6 Paragraph 1(f) of the GDPR;Answer questions asked in connection with the use of contact forms available at Tribe47 by the user, including pop-ups (pursuant to Article 6 Paragraph 1(b) and (f) GDPR);Use the newsletter service, including the provision of business information and information about the events and training, and other information on the basis of the granted consent and no longer than until the consent is withdrawn;Promote and advertise of activities, products, and services offered by Tribe47 (pursuant to Article 6 Paragraph 1 (f) GDPR) but if we transfer you this marketing information via email or via phone the Controller acts on the basis of the granted consent, and no longer than until the consent is withdrawn;Monitoring your activity on the website www.tribe47.com and in social media Tribe47., in order to adapt the displayed content to your needs and improve the services we provide (pursuant to Article 6 (1) (f) of the GDPR), however, no longer than until the objection is raised;The conclusion and performance of contracts under Article 6 Paragraph 1(b) of the GDPR;Perform of legal obligations incumbent on the Controller under Article 6 Paragraph 1(c) of the GDPR);Protect against claims and asserting claims, are fulfilled under Article 6 Paragraph 1(f) of the GDPR).To the extent that the data is processed for the contract performance, the provision of the data is a condition for the contract conclusion. The data provision is voluntary but necessary for the conclusion and performance of the contract. If personal data is not provided, the contract may not be concluded. Providing certain information is also a legal obligation, e.g. necessary to issue an invoice or to pay remuneration.Providing data is necessary to deliver our services including sending commercial information. If this data is not provided, some services will not be provided.Providing personal data for marketing purposes is voluntary.Data processing for adjusting the content of the Tribe47 to your interests and expectations including profiling is necessary to ensure the appropriate level of our services. Failure to collect your personal data for these purposes may prevent the proper provision of services.
IV. Data recipients
In connection with the conducted business activity the Controller discloses the data to bodies of the Controller, employees, and associates and in some cases to third parties, in particular, to legal and accounting service providers, couriers and transport companies, providers of IT systems and equipment on the basis of relevant contracts for entrusting the processing of personal data and ensuring by the entities mentioned above of adequate technical and organizational measures ensuring data protection.
V. Data processing period
If personal data is collected for the purpose of performing an order or concluding a contract, the personal data is stored from the moment of data collection until the contract termination or contract performance after the moment of its termination. In the case of personal data collected in order to fulfill obligations resulting from the law, the data shall be kept for the period of fulfilling obligations and tasks resulting from individual law provisions. In the case of personal data processing for the purposes of the legitimate Controller’s interests, the data shall be kept for no longer than is necessary to achieve these aims or until a reasoned objection is raised to the processing for such purposes.In the case of personal data collected on the basis of consent, until the consent is revoked.If personal data is processed for direct marketing purposes, including profiling until the objection is raised.The period of personal data processing may be extended when the processing is necessary to establish, assert or defend against a possible claim, and after that period only if required by law and to the extent required by law.
VI. Rights related to personal data processing
In certain circumstances on the terms provided for in the provisions of the GDPR, in particular Articles 15 to 18 and Articles 20 and 21 GDPR, you have rights to:− Access to their personal data,− Rectify the personal data,− Erase the personal data,− Limit personal data processing,– Withdraw the consent at any time, (if the processing is carried out on that basis, without prejudice to the lawfulness of the processing carried out on the basis of the consent before its withdrawal),Object to the processing of personal data if Tribe47 processes personal data in order to implement the legitimate interests of the Controller for reasons related to the particular situation of the person, i.e. the facts that did not exist at the time of data collection, if the data were directly collected from the data subject, or the facts existed at the time of data collection but the Controller did not know about them at the time of collecting data, data was collected not directly from the data subject;Object at any time to the processing of personal data for the purposes of such direct marketing, including profiling, to the extent that the processing is related to such direct marketing.− Data portability,− To obtain a copy of your personal data in a machine-readable format.,In addition, the data subject has the right to lodge a complaint with the supervisory authority. In Poland, since 25 May 2018, the supervisory authority has been the President of the Personal Data Protection Office.
VII. Transfer your personal data
The platform provider for email information, especially commercial information is ActiveCampaign LLC. ( address: 1 North Dearborn St 5th Floor, Chicago, IL 60602, USA) with the seat in the USA. An active Campaign is an American tool so your personal data may be transferred to third countries outside the European Economic Area (EEA) and located on servers outside the European Economic Area (EEA). You can read the system’s privacy policy here https://www.activecampaign.com/legal/privacy-policy. According to the above, the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection shall be in accordance with the basis of art. 49 GDPR to fulfill contract obligations or your explicit consent. The Controller informs that the case above does not ensure an adequate level of protection of personal data.The Controller declares that he uses services offered by global suppliers of the services which are part of global organizations, such as Google Inc., operating in the European Economic Area (“EEA”), and which may transfer data from the EEA outside the EEA. These companies offer the Controller cloud solutions and declare that they implemented an appropriate level of protection and adequate security resulting from the GDPR. The processing of personal data also takes place on the basis of the EU Commission’s Standard Contractual Clauses which are part of the data processing agreements concluded between the Controller and the service providers. The Controller declares that they use services offered by Pipedrive OU with the seat in Estonia. Pipedrive OU declares that EU customers’ databases are hosted in Pipedrive’s EU data center located in Frankfurt, Germany.
VIII. Form of processing
Your personal data will be profiled and also profiled automatically. Your data will be processed automatically to evaluate some of your information, in particular, to analyze your personal preferences, behaviors, and interests. In addition, when profiling, we take into account statistical data on the behavior on our websites and social media.In spite of your personal data will be processed automatically, as also, will the form of its profiling, however, it will not have any legal effect or similar effect on your situation and making decisions.
IX. Final information
Information on personal data processing is updated in order to adapt it to the Controller’s business activity.In matters relating to the processing of personal data, please contact us at the e-mail address [email protected] or in writing at the Administrator’s address.