Privacy Policy

I. The Controller of Personal Data

WIMBA POLAND Spółka z ograniczoną odpowiedzialnością (limited liability company incorporated under the laws of Poland) with its registered seat in Cracow, Fabryczna Str. 20A, 31-553 Cracow, entered into the entrepreneurs register of National Court Register maintained by the District Court for Krakow-Śródmieście in Krakow, XI Commercial Division of the National Court Register under the KRS number: 0000974000, NIP (Tax Identification Number): 6751765315 REGON (Statistical number): 522124301

II. Contact with the Controller of Personal Data

Contact with the Controller of Personal Data is possible:

  1. by email at: hello@wimba.vet 

III. Processing of Personal Data

In connection with your use of the website, information about user activity on this website is collected, including data recorded in the form of cookies and server logs. As a rule, the Controller of Personal Data does not process users’ personal data in connection with the use of cookies, as the information obtained through these files does not make it possible to identify and determine the User’s identity (the Controller of Personal Data only processes statistical, anonymised data).

In connection with the operation of the website and the available functionalities, the Controller of Personal Data collects the following personal data:

  1. Email address of the user subscribing to the newsletter,
  2. First name and/or surname – if included in the email address of the user subscribing to the newsletter,
  3. Data processing in the form of cookies and server logs, to the extent indicated in paragraph XI of the Privacy Policy – collected whenever the user uses the website for the sole purpose of reading its content.

IV. Collection of personal data

Users’ personal data are collected by the Controller of the Controller of Personal Data at the time of subscribing to the Newsletter and, in the case of cookies and server logs, in connection with the user’s use of the Controller of Personal Data’s website.

V. Purposes and grounds for processing personal data

The Controller of Personal Data collects and processes your personal data to fulfil the following purposes:

  • for marketing purposes, where the User consents to receive commercial or marketing communications from the Controller of Personal Data (including, for example, newsletter services) – the legal basis for data processing is Article 6(1)(a) of GDPR;
  • to provide customer service and to contact the user, including for the purpose of informing the user, upon request, of details of the offer, products and services offered by the Controller of Personal Data – the legal basis for the processing of the data is Article 6(1)(b) or (f) of GDPR;
  • processing of personal data in order to comply with legal obligations – the legal basis for processing is Article 6(1)(c) of GDPR;
  • for analytical, development, improvement purposes (including to improve user experience), administration, maintenance, technical and security support of the website, which is a legitimate interest of the processing – the legal basis for the processing is Article 6(1)(f) of GDPR;
  • the possible establishment, investigation or defence of claims, the enforcement or investigation of potential violations of the terms and conditions of use of the website or other actual or alleged unlawful activities, the protection of the rights, property or security of the website, users, customers and employees of the Administrator and other third parties, which constitutes a legitimate interest of the Administrator’s processing – the legal basis for the processing is Article 6(1)(f) of GDPR;
  • in order to use the tools of our partners supporting the operation of the website and to use these tools to enable the use of the functionality of the website of the Controller of Personal Data in accordance with point XIV of this policy – the legal basis for the processing of the data is Article 6(1)(f) of GDPR, and in situations required by applicable law Article 6(1)(a) of GDPR, i.e. the User’s consent.

VI. The Recipients of Personal Data 

1. The recipients of personal data processed on the website may be:

  • Providers of hosting services, mailing services,
  • Entities providing legal services to the Controller of Personal Data,
  • Persons cooperating with the Controller of Personal Data on the basis of civil law contracts, supporting the Controller of Personal Data’s activities,
  • Entities providing marketing services,
  • Entities providing technical support,
  • Entities with a capital relationship with the Controller of Personal Data, if the provision of such data is necessary in connection with the pursuit of the Controller of Personal Data’s interests. 

2. In the event that such an obligation arises from generally applicable law or from a decision of a competent authority, or if the User himself/herself submits such a request, the Controller of Personal Data may make the User’s personal data available to the competent public authorities.

VII. Duration of personal data storage

1. Users’ personal data shall be stored for the period necessary to fulfil the purposes of personal data processing indicated in paragraph III of this Privacy Policy, while taking into account the provisions of commonly applicable law, i.e:

  • In the case of processing on the basis of Article 6(1)(a) of GDPR, until the User withdraws his or her consent or the purpose of the processing is achieved, but no longer than until the User opts out of the newsletter or website (depending on the subject of the consent to process personal data).
  • In the case of processing of personal data on the basis of Article 6(1)(b) of GDPR – until contact is made or questions sent to the Controller of Personal Data at the email address provided on his website are answered.
  • In the case of the processing of personal data on the basis of Article 6(1)(f) of GDPR – until such time as an objection is successfully lodged or the purpose of the processing is achieved, but for no longer than 3 years, calculated from the end of the year in which the Controller of Personal Data started to process the personal data.
  • Data processed for analytical purposes and website administration – until the data is no longer relevant or up to date.

2. Once the purpose of the processing has been achieved, the Controller of Personal Data will delete or anonymise the personal data and, where the Controller of Personal Data intends to process the data for analytical purposes, the Controller of Personal Data undertakes to use the data to the extent adequate and necessary for the specified purposes of the processing and, in particular, in a manner that prevents the identification and identification of the data subjects (e.g. by using pseudonymisation mechanisms).

VIII. Transferring personal data to third countries

1. The Controller of Personal Data uses services and technologies offered by entities such as Google or Mailchimp, which are based outside the European Union and consequently – under the GDPR – are treated as third country entities.

2. The GDPR provides for restrictions on the transfer of personal data to third countries. Due to the fact that European legislation does not, in principle, apply there, the protection of personal data of EU citizens may unfortunately be insufficient. Therefore, it is the responsibility of each Controller of Personal Data to establish a legal basis for such transfers.

3. Where service and technology providers are based outside the EEA (European Economic Area), the Controller shall ensure that transfers of data outside the EEA are carried out in accordance with the applicable legal provisions in this regard. The level of data protection in countries outside the EEA may differ from that guaranteed by European law. We may transfer data to providers of services and technologies used in the operation of the website based outside the EEA, in particular on the basis of decisions issued by the European Commission or standard data protection clauses (e.g. when the transfer occurs in connection with the Controller of Personal Data’s use of the Google Analytics tool).

4. At any time, the Data Controller shall provide you with additional explanations regarding the transfer of personal data, especially if this issue raises any concerns for you.

5. At any time, you have the right to obtain a copy of personal data that has been transferred to a third country.

IX. Rights of data subjects

A person using the website has the right to:

1. Access to personal data and receive a copy thereof,

2. Request for rectification or supplementation of personal data,

3. Request to delete personal data – if you decide that there are no grounds for the Controller of personal data to process your personal data and there are no grounds justifying further processing.

4. Restriction of the processing of her personal data – You may request that the Controller of Personal Data restrict the processing of your personal data only to storing them or performing actions on them as agreed with you, if the data are inaccurate or processed without a legal basis, or the data subject does not wish to have them erased due to the necessity of preserving the data for the establishment, assertion or defence of claims, or for the duration of the recognition of an objection to the processing of personal data. 

5. Object to the processing of personal data:

  • Processing of personal data for direct marketing purposes: you have the right to object to the processing of personal data for direct marketing purposes. By exercising this right, the Controller of Personal Data will cease to process personal data.
  • Objection due to a special situation: You have the right to object to the processing of your personal data on the basis of a legitimate interest for purposes other than direct marketing. The objection should then indicate what special situation applies to the data subject that justifies the request to stop processing personal data. The Controller of Personal Data will cease processing personal data for these purposes, unless he proves that the grounds for further processing override the rights of the data subject or that the data are necessary to establish, assert or defend claims.

6. Data portability – you have the right to receive, in a structured, commonly used, machine-readable format, personal data concerning you, which have been provided to the Controller of Personal Data on the basis of the consent granted. The User may order the Controller of Personal Data to send them directly to another entity.

7. The User may exercise his / her rights by sending an email to the following address: hello@wimba.vet

X. The right to withdraw consent to the processing of personal data

The data subject may at any time withdraw consent to the processing of personal data processed on the basis of his consent. Withdrawal of consent does not affect the lawfulness of data processing carried out before its withdrawal.

You can exercise your rights by sending an email to the following address: hello@wimba.vet.

XI. Right to lodge a complaint with a supervisory authority

The data subject who believes that his/her personal data is being processed unlawfully, may submit a complaint to the President of the Personal Data Protection Office, Stawki 2 Street, 00-193 Warsaw.

XII. The requirement to provide personal data

The provision of personal data is voluntary, but nevertheless necessary if you wish to use the website and make full use of its functionalities, including in particular the use of the newsletter provided by the Controller of Personal Data on the website.

XIII. Cookies and server logs

1. The cookies files,  which are short textual information stored in your browser, are used in website for its operation. 

2. When you reconnect to the website, it recognises the device on which the page is opened. The files can be read by the system used by the Controller of Personal Data, as well as by the service providers used in the creation of the website.

3. Some of the cookies are anonymised, which makes it impossible to identify the user without additional information.

4. By default, your web browser allows the use of cookies on the devices you use, so when you visit the website for the first time, a message asking you to agree to the use of cookies appears. 

5. Cookies used in the operation of the website perform the following functions:

  • essential – cookies used to provide Users with the services and functionalities of the website that the User intends to use. Essential cookies come exclusively from the Personal Data Controller and are installed by him on the Users’ terminal device;
  • functional cookies – cookies make it possible to remember and adapt the Website to the User’s choices, e.g. in terms of language preferences;
  • creation of statistics / analytical cookies – these cookies are used to analyse how users use the website (how many people open the website, how long they stay on it, which content is of most interest, etc.). This allows the website to be continuously improved and adapted to users’ preferences.

6. In the event that you do not wish cookies to be used when browsing the Website, you should change your browser settings as follows:

  • completely block the automatic handling of cookies, or
  • request notification whenever cookies are placed on your device. You can change your settings at any time.

7. Disabling or restricting the use of cookies may result in significant difficulties in using the website, e.g. in the form of longer page loading times, restrictions on the use of functionalities, etc. 

8. Certain events triggered by persons using the website and information about them are recorded in the form of logging on the server. The data stored in this way is used exclusively for the proper administration of the operation of the website, to ensure its correct operation and the uninterrupted functioning of its various functionalities.

9. The following information can be stored as server logs:

  • the brand and model of the device on which the page is opened;
  • hardware ID; 
  • type and version of the operating system 
  • the date and time of the login, 
  • the IP address of the device.

10. Logs of individual user’s actions may also be recorded in the form of logs. In this case, the logs are available in the tools designed to handle the individual functionalities of the Website.

11. The data indicated in sec. 10 above are not associated with specific users and their use only covers the activities indicated in sec. 9 above.

XIV. Automated decision making and profiling

The website of the Controller of Personal Data does not use mechanisms based on profiling and automated decision-making for its operation.

 XV. Profiles in Social Media

1. The website uses links to the Controller’s social media profiles, allowing redirection to those profiles that are maintained on social networks (Facebook, LinkedIn, Instagram). With the help of the links to the social media profiles, the user of the website can go to the fanpage (page) run by the Controller of Personal Data on the selected social network and read the information about the Controller of Personal Data made available on the fanpage to which the redirection is made.

2. The exchange of data between the user and the social network takes place when using links to social profiles to which the link is redirected, however, the Controller of Personal Data does not process data, which are collected during the use of the plug-ins by the controllers of the individual sites indicated.

3. The Controller of Personal Data encourages you to read the regulations and privacy policies of the respective sites before using the respective plug-in. 

4. The use of certain functions of the providers indicated in sec. 1 may involve the use of cookies of external entities.

5. Personal data provided voluntarily on fanpages in social networks will be processed by the Controller of Personal Data in order to manage a given fanpage, communicate with users, including answering questions asked by users, interact with users, inform about the Controller’s offer, organised events, create a fanpage community in a chosen service, to which redirections in the form of social plug-ins lead.

6. From the moment the user clicks on a given link, the personal data of the user is processed by the respective website or social network (and including the communicators provided therein) and the owner of the website or social network becomes a joint controller of the personal data in accordance with Article 26 of GDPR. 

7. With regard to the data voluntarily provided by the user on social networking sites, the user has the rights set out in paragraphs VII, VIII and IX of this Policy. 

8. For more information on the technologies used, please refer to the privacy policy of the respective provider:

XVI. Other tools used by the Controller of Personal Data

1. For certain functions available on the website, the Controller of Personal Data uses the services of external providers. 

2. The respective services are mostly optional functions that must be expressly selected or used by the user of the website. 

3. In connection with the use of third-party providers, the Controller has entered into contractual agreements with the relevant providers for the provision or integration of their services and, within the limits of our capabilities, we endeavour to ensure that the third-party providers also transparently communicate the extent of the processing of personal data and comply with data protection laws.

4. As part of the operation of the website, the Administrator uses the following services:

  • Google Analitycs – provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94034, USA: 

Google Analytics uses its own cookies primarily to report on user interaction with the website. The cookies are used for this service for the Controller’s analytical and statistical purposes (information about user activity and website usage). 

Google Analytics also supports an optional browser add-on, which, when installed and activated, disables Google Analytics measurements on all pages viewed by the user: https://tools.google.com/dlpage/gaoptout/.

In some cases, the data collected by using the aforementioned tool may constitute personal data, i.e. information such as pseudonymised cookie identifiers, pseudonymised ad display identifiers, IP addresses, other pseudonymised user identifiers. In some cases, Google may also use IP addresses to determine the place of origin of users (geolocation creation).  

The legal basis for the application of the service described above to users is consent pursuant to Article 6(1)(a) of GDPR in conjunction with the controller’s legitimate interest, i.e. Article 6(1)(f) of GDPR.

More information about the service is available at: https://support.google.com/analytics/answer/6004245#zippy=%2Cpliki-cookie-i-identyfikatory-google-analytics .

  • MailChimp – provided by The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce De Leon Ave Ne Suite 5000 Atlanta, GA 30308 USA

MailChimp is a tool used for the handling and distribution of newsletters that can be subscribed to on the website of the Data Controller. When signing up for the newsletter, the user enters his or her email address, which is then processed for the purpose of sending the newsletter to its subscribers, as well as for statistical and analytical purposes related to the distribution of the newsletter. In connection with the use of this newsletter tool, personal data of users who have subscribed to the newsletter may be transferred to the United States of America. The transfer of this data was based on standard contractual clauses.

The newsletter uses a “web-beacon” – a pixel-sized file downloaded from the MailChimp server when the newsletter is opened. When the newsletter is opened, the web-beacon enables the collection of technical information – system and browser data, as well as the user’s IP address and the date the newsletter was downloaded. The data collected is used:

  1. For the technical improvement of the service, based on technical data or data about the target group and its behavioural characteristics when using the newsletter, including location, which can be determined by IP or access time,
  2. for analytical and statistical purposes, in particular to determine whether and when a newsletter sent is opened, which of the links in it are clicked on by users.

The analysis of the above information allows us to know the reading preferences of the recipients and to adapt the content published in the newsletter to them and to send content relevant to the interests of the newsletter users. The data is used for analytical purposes only – neither the Data Administrator nor MailChimp assigns the data to a specific user.

The legal basis for the use of the indicated tool is consent pursuant to Article 6(1)(a) of GDPR in conjunction with the controller’s legitimate interest, i.e. Article 6(1)(f) of GDPR .

More information about the service is available at:

https://www.intuit.com/privacy/statement

https://mailchimp.com/legal/data-processing-addendum

The newsletter uses a “web-beacon” – a pixel-sized file downloaded from the MailChimp server when the newsletter is opened. When the newsletter is opened, the web-beacon enables the collection of technical information – system and browser data, as well as the user’s IP address and the date the newsletter was downloaded. The data collected is used:

a) For the technical improvement of the service, based on technical data or data about the target group and its behavioural characteristics when using the newsletter, including location, which can be determined by IP or access time,

b) For analytical and statistical purposes, in particular to determine whether and when a newsletter sent is opened, which of the links in it are clicked on by users.

The analysis of the above information allows us to know the reading preferences of the recipients and to adapt the content published in the newsletter to them and to send content relevant to the interests of the newsletter users. The data is used for analytical purposes only – neither the Data Administrator nor MailChimp assigns the data to a specific user nor carry out profiling on their basis.

The legal basis for the use of the indicated tool is consent pursuant to Article 6(1)(a) of GDPR in conjunction with the controller’s legitimate interest, i.e. Article 6(1)(f) of GDPR .

  • Polylang – provided by WP SYNTEX SARL, 28, rue Jean Sébastien Bach, 38090 Villefontaine, France.

Polylang is a tool that enables the provision of website content in several foreign languages selected by the Data Controller for websites using the WordPress infrastructure. Polylang does not separately process the personal data of website users, but only enables the Administrator to provide the website in different language versions. 

The legal basis for the use of the indicated tool is the Administrator’s legitimate interest, i.e. Article 6(1)(f) of GDPR.

More information about the service is available at:

  • Facebook analytics and advertising services – provided by Meta Platforms Inc. 

The Controller of Personal Data may use tools on its website to display personalised advertising on Facebook, i.e. company Meta Platforms, Inc. 1601 Willow Rd Menlo Park, CA, 94025-1452, USA.

Ads will be presented only to users who have an account on the social networking site “Facebook”, and the website Users’ data will only be processed to recognise the User in order to present him/her with a customised advertising message using cookies, but will not allow the User’s identity to be determined. The Controller of Personal Data does not combine the data used for retargeting or remarketing with any other data. We may also use the tools from Facebook, in addition to advertising purposes, i.e. such as the “Facebook Pixel Tag”, for analytical and statistical purposes. The legal basis for the use of the “Facebook” service and cookies from this provider is your consent in accordance with Article 6(1)(a) of GDPR in conjunction with the administrator’s legitimate interest, i.e. Article 6(1)(a) of GDPR.

Read more about privacy policies for tools from Facebook:  https://www.facebook.com/privacy/explanation.

XVII. Security measures

The Controller of Personal Data shall apply appropriate and adequate technical and organisational measures to ensure an adequate level of security and integrity of users’ personal data, using proven technological standards to prevent unauthorised access to users’ personal data or other threats to personal data.

XVIII. Final provisions

  1. To the extent not covered by this Policy, the relevant generally applicable regulations shall apply, in particular the GDPR and the Act of 16 July 2004. Telecommunications Law.
  2. The user will be informed of any changes made to this Policy by publishing the new text of the Policy on the website and displaying a message when entering the website. 
  3. This Policy is effective as of October 10, 2022.