Privacy Policy and Data Protection (GDPR)
This Privacy Policy is a document related to the 300Devs Website Regulations (“Regulations”). The definitions of the concepts used in this Privacy Policy have been incorporated into the Regulations. The provisions of the Regulations shall apply respectively.
This policy is for informative purposes only and meets the informational obligations imposed on the data controller by the GDPR, i.e. Regulation 2016/679 of 27th April 2016 on the protection of individuals (natural persons) in connection with the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC.
PERSONAL DATA
Personal data provided by the Client and Users is processed by 300Devs, who is the administrator of personal data. Contact with the administrator is enabled via email: contact@300devs.com
The scope of personal data being processed is determined by the scope supplemented by the Client and Users, and then sent to 300Devs using the appropriate data form. The processing of the Client’s and Users’ personal data may refer to the email address, first and last name, company address as well as the computer’s IP address.
The personal data of Clients and Users will be processed for the following purposes:
(a) implementing the law,
(b) performing Contracts, providing electronic services, in particular keeping the Account and other activities indicated in the Regulations,
(c) 300Devs’s promotional or marketing activities.Personal data of Clients and Users will be processed for the duration of the contract for the provision of services by 300Devs, and after its completion for the time necessary to demonstrate the correct fulfillment of this contract (this time corresponds to the length of the period of the limitation of claims) and after that time will be deleted, provided that their processing is not required based on another legal basis.
Providing personal data is voluntary but the lack of consent to the processing of personal data marked as mandatory will prevent the performance of services and the fulfillment of Agreements by 300Devs.
The legal basis for the processing of personal data in the case referred to in paragraph 1.3 of this Article (a) there is a statutory authorisation to process data necessary for the purpose of acting in accordance with the law, whereas in the case referred to in paragraph 1.3 (b) and (c), it is a statutory authorisation for the processing necessary for the fulfillment of the contract where the data subject is a party to it or if it is necessary to take action prior to the conclusion of the contract at the request of the data subject or voluntarily expressed consent of the Client or other User.
The personal data of Clients and Users can be entrusted for processing (which is the case of personal data recipients): 300Devs’s accounting firm, hosting provider for the Website, technical servicing company, a payment service company, a company providing the CRM system. The personal data collected by 300Devs can also be made available to: the relevant state authorities at their request on the basis of the specific legal provisions or other persons and entities – in the cases provided for by the mandatory legislation.
Each entity to whom 300Devs entrusts the processing of personal data of its Clients, based on the Entrustment Agreement: the processing of personal data (hereinafter the Entrustment Agreement), guarantees an appropriate level of security and confidentiality of the processing of that personal data. As of May 25th 2018, as part of the Entrustment Agreement, 300Devs will entrust the processing of the Clients’ personal data to the entities using the applicable corporate rules. The entity that processes Clients’ personal data based on the Entrustment Agreement will process – from the entry into force of the GDPR Customer’s personal data – through another entity solely on the basis of the prior written consent of 300Devs.
The disclosure of personal data to unauthorised entities in accordance with this Policy may only take place with the prior consent of the Client and the Users to whom the data pertains.
Each Client and User has the right to:
(a) delete personal data collected about them either from the system belonging to 300Devs or from the database of the entities with whom 300Devs is currently cooperating or cooperated,
(b) set restrictions on the data processing,
(c) transfer the personal data collected by 300Devs about the User, including the right to receive them in a structured form,
(d) demand from 300Devs access to their personal data and its rectification,
(e) raise objections to is processing,
(f) revoke the consent granted to 300Devs at any time without affecting its compliance with the law of processing, which was made on the basis of consent before its withdrawal;
(g) lodge a complaint against 300Devs to the supervisory authority.
In the event of 300Devs obtaining information about the Client’s or the User’s use of the service provided electronically in violation of the Regulations or the applicable rules (unauthorised use), 300Devs may process the personal data of the Client or Users to the extent necessary to determine the responsibility of the Client or Users.
300Devs does not transfer personal data to third parties or countries.
PROFILING
Personal data of Clients and Users will be processed in an automated way in the form of profiling, including via the click map, scroll map and eye tracking, which will consist in creating dynamic contact forms on the website, dynamic and automated messages and advertising content, post-sales communication, segmentation of contacts and e-mail messages, reminders about an abandoned shopping cart, automatic selection of communication channels, contact management, and its effect will generate personalised marketing activities and the formation of sales analyses and forecasts.
The Client will be able to refuse permission to conduct profiling, which automatically leads to decision-making relating to the him/her and expresses his/her disregard/objection of profiling the others, which will result in the lack of profiled messages addressed to the client.
You can send your objection to being profiled to the following email address: contact@300devs.com
OTHER DATA
This website may store https requests as a result of which some information may be stored in the server log files, including the IP address of the computer from which the query came, the name of the Partner’s station or that of another User, if possible, the date and system time of registration in the Service and incoming queries, the number of bytes sent by the server, the URL address of the site previously visited by the Partner or another User (if the Partner or User entered via the link), the information about the Partner’s or User’s browser and the language used in the browser, the country from which the Partner or User obtained access to the Services, the information on the errors that occurred during the execution of the https transaction, the information on the number and time of incorrect logins to the profile. Logs are collected as material for the correct administration of the Website. Access to information is only available to the persons authorised to administer the Website on the basis of the granted authorisations, containing confidentiality statements regarding the data being processed and the security used. Files with logs can be analysed in order to compile traffic statistics on the Website and errors. The summary of such information does not allow identification of the Partner or the User.
SECURITY OF INFORMATION
300Devs uses technical and organisational measures to ensure that the processing of personal data is protected against the hazards and the categories of data protection. It particularly secures the data technically and organisationally against unauthorised access, its removal by an unauthorised person, its processing in violation of the law and its change, loss, damage or destruction, for the purpose of which 300Devs uses the SSL (Secure Socket Layer) among others. The set of the personal data collected from Clients is stored on a secure server and the data is further protected by the internal 300Devs procedures regarding the processing of personal data and information security policy. 300Devs shall use all necessary technical means specified in art. 25.30, 32-34, 35-39 of the GDPR legislation providing increased protection and security of processing personal data of clients.
In order to log in to the Account, you must enter your login and password. To ensure an adequate level of security, the password to access the Account exists on the Website solely in an encrypted form. In addition, the registration and logging in to the Account both use a secure connection https. Communication between the client device and the servers is encrypted using the SSL protocol. In case of logging in via external platforms and sources such as facebook.com or google.com, the security level is defined by
At the same time, 300Devs points out that the use of the Internet and services provided electronically, especially the use of the publicly available Wi-Fi networks, may involve specific ICT risks, such as: the presence and operation of Internet worms, spyware or malware, including computer viruses, as well as the possibility of being exposed to cracking or phishing (password hunting), and others. In order to obtain detailed and professional information regarding the security of the Internet, 300Devs recommends contacting the entities specialising in this type of IT services.
COOKIES
In order for the website to function correctly, 300Devs uses the Cookies technology. Cookies are information packages stored on the Client’s device or that of another User, via the web-service, usually containing information in accordance with the intended use of the file by means of which the Client or the User uses the Website – these are usually: website address, upload date, expiry date, its unique number and additional information consistent with the purpose of the file.
This website uses two types of Cookies: (a) session cookies that are permanently deleted when the session is ended by the Client’s or User’s browser; (b) persistent, which remain after the browser session on the Client’s or User’s device has ended until they are deleted.
On the basis of cookies, both session and persistent, it is not possible to determine the identity of the Client or
This Website’s Cookies are safe for the device of the Client or User, in particular, they do not allow virus or other software to access the device.
Files generated directly by 300Devs cannot be read by other websites. External Cookies (i.e. Cookies placed by subjects cooperating with 300Devs) can be read by an external server.
The Client and the User may independently change the Cookies settings at any time by specifying the terms of their storage through the settings of the web browser or through the configuration of the service. Client and User can also delete the cookies stored on their device at any time in accordance with the browser’s instruction manual.
The Client or the User may disable the saving of Cookies on their device in accordance with the browser’s instruction manual, but this may result in part or all of the Website’s functions becoming unavailable.
300Devs uses its own Cookies for the following purposes: for the validating the identity of the Client or another User in the Web-service and for the maintenance of sessions of the Client or the User; for the configuration of the Website and adaptation of the content of the pages to the preferences or behaviour of the Client or the User; for the analysis and audience research such as the number of clicks and the website navigation pathways in order to improve the appearance and the organisation of content on the site, time spent on the website, the number and frequency of visitors to the Website, carrying out statistics on resellers.
300Devs uses external cookies for the following purposes:
Cookies of the following tool:
Popside: marketing automation, user behaviour analysys
Google Analytics: analysis of user activity on the website
facebook.com, linkedin.com: interactive functions such as sharing on an external platform
Google and Facebook: promotional and marketing activities in the retargeting process.
Google Tag Manager: control of the codes placed on the website
Google Optimize: testing the effectiveness of the website by using A / B tests, among others
Heap Analytics: analysis of users in terms of the activities performed on the website, the time spent on it as well as the actions performed while browsing
CrazzyEgg: creation of the so-called site heat maps in order to analyse which areas capture the focus of the users’ eyes, which also gives the option of checking if users are scrolling the page top to bottom
Hotjar: the analysis of user behaviour on the website allows for the creation of the so-called heat maps, the recording of activities, the analysis of the time frame points during which people leave the site
Kissmetrics: analysis in the field of web traffic identification, understanding and increasing it
Pingdom: monitoring the website and the user experience; analysis of, among other things: user behaviour on the login page, account creation, etc., and in terms of the speed of page loading or server efficiency
Visual Website Optimizer: service for carrying out A / B tests on the website supporting conversion optimisation
Optimizely: carrying out A / B tests as well as user-specific website personalisation
CallPage: phone calls made after the user has performed a specific activity on the website
Zopim.com: an online chat window with 300DEVS that allows you to keep in touch with the user
UserEngage: marketing automation based on user behaviour while browsing the website
Detailed information on Cookies is available in the web browser settings used by the Customer or User.