This document has been prepared to provide transparent information to users of the Administrator’s websites regarding the processing of personal data and the use of cookies and other tracking technologies.

In order to ensure a reliable and transparent presentation of the applicable data processing rules, this policy has been divided into thematic categories. This structure is intended to ensure the highest possible level of transparency, accessibility, and comprehensibility of the information required by Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR).

If you have any questions, concerns, or requests regarding the content of this privacy policy, please contact us by email at: rodo@amazemet.com.

§ 1. Personal Data Controller

§ 2. Contact Details for Personal Data Matters

§ 3. Scope and Source of Personal Data

§ 4. Personal Data Security

§ 5. Purposes and Legal Basis for Data Processing

§ 6. Personal Data Retention Period

§ 7. Recipients of Personal Data

§ 8. Transfer of Data to Third Countries

§ 9. Profiling and automated processing of personal data

§ 10. User rights in relation to the processing of personal data by the Administrator

§ 11. Basic information about cookies

§ 12. Use of cookies by the Administrator

§ 13. Purposes of using cookies

§ 14. External Tools and Third-Party Cookies

§ 15. User Privacy Management

§ 16. Server logs

§ 17. Summary

§ 18. Changes to the Privacy Policy

The administrator of Users’ personal data processed in connection with the use of the amazemet.com website and the hub.amazemet.com customer service (hereinafter collectively referred to as the “Services”) is:

Amazemet sp. z o.o. with its registered office at Al. Jana Pawła II 27, 00-867 Warsaw,

NIP: 951-248-21-42,
KRS: 0000780516
Registry Court:
District Court for the City of Warsaw in Warsaw,
XIII Economic Division for the National Court Register
BDO Number: 000376403

represented by Mr. Łukasz Żrodowski – President of the Management Board (hereinafter referred to as the “Administrator”).

The administrator has not appointed a data protection officer, as there is no legal obligation to do so.

In all matters related to the processing of the User’s personal data, including the exercise of their rights, please contact us by email at: rodo@amazemet.com.

Users’ personal data is collected at various stages of interaction with the Administrator. The scope of data collected depends on the context and purpose of its processing.

During each visit of the User to the Websites (amazemet.com and hub.amazemet.com), the analytical systems of the Administrator and third parties automatically collect data on the User’s activity. This data includes, in particular:

• the User’s IP address,
• information about the operating system and web browser,
• subpages viewed and time spent on the Websites,
• paths between individual subpages,
• the source from which the User accessed the Website (e.g. search engine, external link),
• the approximate location of the User (limited to the city level),
• general demographic data (e.g. approximate age range, gender),
• interests determined on the basis of Internet activity.

The User may voluntarily provide the Administrator with their personal data for communication and marketing purposes. This occurs in particular during:

• Contact via email or contact forms: In this case, data such as name, email address, telephone number, and any other information that the User has voluntarily included in the correspondence is processed.
• Subscribing to the newsletter: In order to subscribe, the User provides their first name and email address. The newsletter system may also record data about interactions with received messages, such as statistics on opens and clicks on links.

Due to the fact that the sales process is carried out by correspondence and as part of tender procedures, the Administrator processes data necessary to prepare an offer, conclude and perform a contract. This data includes in particular:

• first and last name,
• name and form of business activity,
• business address,
• tax identification number (NIP),
• contact details (e-mail address, telephone number),
• bank account number,
• data contained in contracts and orders.

After making a purchase and obtaining Customer status, the User can access the hub.amazemet.com website. The following data is processed as part of this service:

• User account data: Data provided during registration (email address) and data that the User may optionally add to their profile, such as first name, last name, position, image (profile photo).
• User-generated data:
  • Content of posts, comments, and opinions published on the AMAZEMET USER’S GROUP forum.
  • Data on activity and progress in courses within AMAZEMET ACADEMY.
  • Information on the use of the website’s functionality.

The administrator attaches particular importance to ensuring the security of the personal data being processed. To this end, a risk analysis of individual data processing operations was carried out, followed by the implementation of appropriate technical and organizational measures in accordance with the requirements of the General Data Protection Regulation (GDPR).

The measures applied include, in particular:

• ongoing supervision of the technical infrastructure,
• regular reviews and updates of internal procedures,
• regular training of staff in the field of personal data protection,
• verification of compliance of processing with applicable law,
• implementation of necessary improvements to enhance data protection.

The Administrator conducts ongoing monitoring of processing operations, striving to minimize the risk of data security breaches.

If you have any questions, concerns, or requests related to the processing of personal data, you can contact the Administrator at the following e-mail address: rodo@amazemet.com.

The User’s personal data is processed for the purposes described below, depending on the stage of cooperation.

This section applies to all Users interacting with the Services or the Administrator’s communications.

• Handling inquiries (forms, e-mail): Article 6(1)(f) of the GDPR (legitimate interest – communication with the User).
• Newsletter dispatch: Article 6(1)(f) of the GDPR (legitimate interest – marketing to persons who have expressed a desire to receive content).
• Analysis and statistics (cookies): Article 6(1)(f) of the GDPR (legitimate interest – optimization of the Websites).
• Own marketing (remarketing, audience groups): Article 6(1)(f) of the GDPR (legitimate interest – promotion of products and services).
• Social media management: Article 6(1)(f) of the GDPR (legitimate interest – promotion and communication).
• Automated email communication (cold mailing): Article 6(1)(f) of the GDPR (legitimate interest – direct marketing of own services).

This section applies to Users who have entered into the purchasing process. These processes are initiated through contact with amazemet.com or other channels (e.g., tenders) and carried out by correspondence.

• Execution of a contract for the sale of a device or service: Article 6(1)(b) of the GDPR (necessary for the performance of a contract).
• Handling the offer and tender process: Article 6(1)(b) of the GDPR (steps taken to conclude a contract) or Article 6(1)(f) of the GDPR (legitimate interest – presentation of an offer).
• Fulfillment of tax and accounting obligations (issuing and storing invoices): Article 6(1)(c) of the GDPR (legal obligation).
• Handling complaints: Article 6(1)(f) of the GDPR (legitimate interest – handling complaints).
• Archiving of data for the purposes of establishing, pursuing or defending claims: Article 6(1)(f) of the GDPR (legitimate interest – legal protection).

This section applies only to verified Customers who, after purchase, have gained access to digital services on hub.amazemet.com.

• Verification of rights and maintenance of the User’s account: Article 6(1)(b) of the GDPR (necessary for the performance of a contract for the provision of digital services).
• Enabling the use of the AMAZEMET ACADEMY training service: Article 6(1)(b) of the GDPR (performance of a contract).
• Enabling the use of the AMAZEMET USER’S GROUP forum: Article 6(1)(b) of the GDPR (performance of a contract), including the processing of profile data, content of posts and comments of the User.

As a rule, personal data is stored for the period necessary to achieve the purpose for which it was collected, and then for the period resulting from applicable law or until the expiry of the limitation period for any claims that may arise in connection with the achievement of that purpose.

After the expiry of the specified periods, personal data is irrevocably deleted or anonymized, making it impossible to identify the data subject.

The administrator uses the support of specialized external entities, which in some cases involves the need to transfer personal data to them. Below are the categories of entities to which personal data may be entrusted or made available:

• hosting service providers, which maintain server resources containing personal data,
• cloud solution providers, which store files that may contain personal data,
• mailing system providers used to handle electronic correspondence and newsletters,
• CRM system providers that process personal data for customer service and archiving purposes,
• invoicing software providers that issue accounting documents containing personal data,
• accounting offices performing accounting and tax obligations on the basis of documents containing personal data,
• IT service providers who may have access to data to the extent necessary to perform the technical work commissioned,
• other cooperating entities to whom data is transferred to the extent necessary to perform the tasks entrusted to them.

All entities processing personal data on behalf of the Controller operate on the basis of appropriately concluded personal data processing agreements and ensure an adequate level of security in accordance with the requirements of Regulation (EU) 2016/679 (GDPR).

In justified cases, personal data may also be made available to the following categories of entities:

• law firms – if legal advice is required, to the extent necessary to provide legal assistance while maintaining professional secrecy,
• public administration bodies, including tax authorities – to the extent necessary to fulfill obligations under the law, in particular tax and accounting law,
• law enforcement authorities, courts, and public prosecutors – in cases provided for by law, upon their justified request.

In the case of order fulfillment, personal data is also transferred to courier companies or postal operators to the extent necessary to deliver the shipment. These entities act as separate personal data controllers.

The administrator uses the services of technology providers (including Google, Meta, LinkedIn, HubSpot) whose servers may be located outside the European Economic Area (EEA). Data transfer is based on mechanisms compliant with the GDPR, such as standard contractual clauses (SCC) approved by the European Commission.

The administrator does not make decisions regarding users based solely on automated processing of personal data, including profiling, which could produce legal effects or similarly significantly affect the situation of the data subject within the meaning of Article 22(1) of the GDPR.

However, the Administrator uses tools that can perform specific functions based on information obtained from tracking mechanisms, such as cookies and analytical and marketing technologies.

As part of its marketing activities, the Controller uses advertising tools such as LinkedIn Ads, Facebook Ads, and Google Ads, which enable the delivery of advertising messages to precisely defined audiences. The segmentation of target groups is based on selected criteria, such as age, gender, location, interests, industry, professional position, as well as the previous activity of users within the Administrator’s websites.

The solutions used may include, for example, the display of personalized content or advertisements tailored to the user’s previous activity on the website. Marketing profiling (e.g., remarketing) is used, which does not significantly affect the rights and freedoms of the User, e.g., the terms of contracts, access to services, or user rights.

The indicated marketing activities are carried out on the basis of the legitimate interest of the personal data controller, in accordance with Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), consisting in promoting own services and products in a manner tailored to the preferences of potential business customers.

These activities have the characteristics of so-called behavioral advertising, which consists in presenting marketing content tailored to the identified preferences of the user. Educational materials on behavioral advertising, available at www.youronlinechoices.com, among other places, help you to consciously manage your privacy settings.

In accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), users of the Administrator’s websites have certain rights related to the processing of personal data. Depending on the legal basis and purpose of the processing, users may exercise the following rights:

• Right of access to personal data – the right to obtain information about the processing of personal data and to receive a copy thereof;
• Right to rectification – the right to request the correction of incorrect or incomplete personal data;
• Right to erasure (right to be forgotten) – where there is no legal basis for further processing of the data;
• Right to restriction of processing – the possibility to request that the processing of data be restricted to storage or specific actions, e.g. in the event of a dispute over the accuracy of the data;
• Right to object to processing – in the case of data processing based on a legitimate interest, the right to object due to the user’s particular situation;
• Right to data portability – the possibility to receive data in a structured format and, where technically feasible, to request that it be transferred to another controller;
• Right to withdraw consent – if data processing is based on consent, the User has the right to withdraw it at any time;
• Right to lodge a complaint with a supervisory authority – if you believe that the processing of your data violates applicable regulations, you have the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).

The above rights are exercised in accordance with the provisions of Articles 16–21 of the GDPR. It should be noted that these rights are not absolute and will not apply to every case of personal data processing.

Notwithstanding the above, the User always has the right to obtain information about the personal data being processed and the purposes of its processing. To this end, you can contact the Administrator via email at: rodo@amazemet.com.

The Administrator takes the utmost care to provide comprehensive information on the processing of personal data in this Privacy Policy. The contact address may also be used for any other questions or concerns regarding the protection of personal data.

The Administrator’s website, like most modern websites, uses cookies.

Cookies are IT data in the form of small text files that are saved and stored on the user’s end device (e.g., computer, smartphone, tablet) and then read by the Administrator’s IT system (so-called first-party cookies) or by third-party IT systems (so-called third-party cookies) .

Cookies enable, among other things, the recognition of the user’s device, ensuring the proper functioning of the website, as well as the collection of statistical and analytical data in order to improve the functionality of the website. Cookies may store various types of information that IT systems can access again for specific purposes.

Cookies are divided into:

• session cookies – temporary, automatically deleted after the end of the web browser session (i.e., after it is closed),
• persistent cookies – stored on the user’s end device for a specified period of time or until they are deleted manually. They allow the user’s browser to be recognized when they visit the website again.

More information about cookies, how they work, and how to manage them can be found in educational materials provided by institutions involved in the protection of personal data and privacy on the Internet.

The use of cookies is based on the user’s consent, except in cases where the use of cookies is necessary to ensure the proper functioning of the website and the provision of electronic services – in accordance with Article 173(3) of the Telecommunications Law and Article 6(1)(f) of the GDPR.

Cookies that are not necessary from a technical point of view remain blocked until the user’s prior consent is obtained in the Google consent mode (Consent Mode 2.0) using the Cookiebot tool. Thanks to this solution, during the first visit to the website, an information message is displayed allowing the user to give their consent and manage their cookie preferences, i.e. to specify which categories of cookies the user agrees to and which are to remain blocked.

The user can also manage cookie settings at a later time, via the Cookiebot settings implemented on the website or via the web browser settings.

Please note that restricting or completely disabling cookies may affect the functioning of the website, preventing the use of some of its features (e.g., social media tools, comment systems, external multimedia content).

First-party cookies (i.e., those stored and read by the Administrator’s IT system) are used to ensure the proper functioning of the website and to support its basic functionalities. In particular, these files are used to:

• ensure the proper functioning of forms available on the website (e.g., contact forms, order forms),
• enable the saving and handling of newsletter subscriptions,
• remember the user’s preferences regarding cookie settings, defined using the Cookiebot tool, which is used to manage consent to the use of cookies,
• conduct statistical, analytical, and marketing activities.

All first-party cookies are technical or functional in nature and are necessary for the proper provision of electronic services within the Administrator’s Services.

Some cookies or other similar technologies are related to external tools, and the providers of these tools may access the information collected through these cookies or other similar technologies. Details about external tools can be found in the section below on third-party cookies.

The administrator uses external tools that may use their own cookies. The purpose of using them is to ensure the proper functioning of specific functions, conduct statistical analyses, optimize user experience, and conduct marketing activities. We use the following tools:

The Administrator provides the User with the ability to control the processing of their personal data. The available tools and methods for managing privacy are described below.

The Websites have implemented a professional mechanism for managing cookie consent (Cookiebot), which is integrated with Google’s consent mode (Consent Mode 2.0). This tool is the primary way in which the User can control the tracking technologies used on the Websites.

• Expressing and withdrawing consent: During their first visit, Users are asked to consent to the use of specific categories of cookies (e.g., statistical, marketing). The User has the right to refuse consent or to give consent only to selected categories. Consent can be modified or withdrawn at any time by reopening the consent management panel.
• Disabling analytics and marketing: Not giving consent (or withdrawing it later) to statistical and marketing cookies is the most effective way to block data collection by tools such as Google Analytics or HubSpot.
• Impact on functionality: The administrator informs that restricting or blocking the use of cookies may adversely affect the operation of certain features of the Website (e.g., media players).

Regardless of cookie management, the User may exercise the following rights:

• Unsubscribing from the newsletter: Each email sent as part of the newsletter contains a deactivation link, which, when clicked, immediately unsubscribes the User from the subscriber list.
• Objecting to processing: You have the right to object to the processing of your data for purposes based on the legitimate interests of the Administrator (e.g., direct marketing conducted using the Woodpecker tool). Objections should be sent to the following email address: rodo@amazemet.com.

The user also has full control over the settings on their own device and software.

• Managing cookies in your browser: Web browsers allow you to manage cookies yourself. In particular, it is possible to block all or selected cookies, block them for specific websites, and delete already stored website and plugin data.
• Incognito mode (private browsing): Using this mode causes your browsing history and cookies to be automatically deleted from your device when you close the browser window.
• Extensions and software: There are additional extensions (plugins) for browsers that support control over tracking technologies (e.g., Ghostery), as well as security programs (e.g., antivirus) offering similar functions.

User can manage advertising and analytics settings directly with the providers of these technologies:

• Behavioral advertising: The independent platform Your Online Choices allows you to manage your preferences for behavioral advertising across many different providers.
• Google Analytics: Users can block Google Analytics from collecting data about them on all websites by installing a browser add-on: Google Analytics Opt-out Browser Add-on.
• Google Ads Settings: Users can manage the personalization of ads displayed on Google services: Google Ads Settings.
• Meta Ads Settings (Facebook): Users can control how their data is used to display ads: Facebook Ads Settings.
• LinkedIn ad settings: Users can control how their data is used to display ads: LinkedIn ad settings.

The administrator encourages users to regularly review and update their privacy settings in accordance with their individual preferences.

When using the Administrator’s Services, queries are sent to the server on which they are hosted. Each such query is automatically recorded in the so-called server logs.

Server logs include, in particular, the following data:

• the IP address of the end device from which the query was made,
• the date and time of the query,
• information about the web browser used,
• information about the operating system.

This data is not associated with specific visitors to the website and is not used to identify users. Server logs are for support purposes only and are used to administer the website, ensure its security, and ensure its proper functioning.

The collected data is stored on the server in a secure manner and is only accessible to persons authorized to manage the server and IT infrastructure.

Issues related to the processing of personal data, the use of cookies, and privacy protection in the broad sense are complex and require due diligence and transparency. This document has been prepared with the utmost care to provide a precise and reliable presentation of all relevant information related to these areas.

If you have any doubts, need additional clarification, or wish to obtain detailed information on the personal data processing procedures, please contact the Administrator. All inquiries can be sent to a dedicated e-mail address: rodo@amazemet.com.

The Administrator reserves the right to make changes to this Privacy Policy, in particular in the event of technological, operational, organizational, or legislative changes that affect the processing of personal data or the functioning of the website.

The current version of the policy is always available on each of the Administrator’s Websites. Registered Customers using the hub.amazemet.com website may be notified of significant changes by email.

The current version of the Privacy Policy is the document published on this page. For transparency and to enable verification of the history of changes, archived versions of the Privacy Policy are available below in the form of links.