The purpose of this notice is to explain the policy of UpWare Sp. z o.o. [Ltd.] (’we’, ’us’, ’UpWare’ the ’Company’) on collecting, storing, using, processing, and safe keeping of personal and non-personal data, obtained when you are interacting with us via our websites including, without limitation NodeCheck.io and other websites that may be added to this policy from time to time.
It is likely that we will need to update this Privacy Notice from time to time. We will notify you of any significant changes, but you are welcome to come back and check it whenever you wish.
The terminology used in this notice, and explained in this section, is based on the EU General Data Protection Regulation (GDPR).
Personal data means any information relating to an identified or identifiable natural person (“data subject”).; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by the European Union or its Member State law, the controller or the specific criteria for its nomination may be provided for by the European Union or its Member State law.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with the European Union or its Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Cross-border processing means either: (a) processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the European Union where the controller or processor is established in more than one Member State; or (b) processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the European Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
GDPR sets out a number of different reasons for which a company may collect and process your personal data, including:
Consent – we can collect and process your data with your consent, for example, when you tick a box at the time of registering on our website. When collecting your personal data, we’ll always stipulate which data is necessary for provisiopn of a particular service.
Contractual obligations – in some circumsatances, we require your personal data to comply with our contractual obligations, for example, if you order a product from us for home delivery, we need to collect your address details and pass them on to the courier for delivering your goods.
Legal compliance – if required by the law, we may have to collect and process your data, for example, we can pass on details of people involved in fraud or other criminal activity affecting us to law enforcement.
Legitimate interest - In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we will use your purchase history to send you or make available personalised offers. We also combine the shopping history of many customers to identify trends and ensure we can keep up with demand, or develop new products/services.
You may at any time prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers.
When a data subject or automated system calls up the website, we collect a series of general data. This information is stored in the server log files. In this process we may collect: the browser types and versions used; referrers used; the operating system used by the accessing system; the sub-websites; the date and time of access; IP address; the ISP of the accessing system; and any other similar data or information that may be used in the event of attacks on our IT systems. The above information is needed to deliver the content of our website correctly and optimize its content; ensure the long-term viability of our IT systems and website technology, and if required to provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. The above data is processed to provide the data protection and data security of the Company, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data of data subjects.
We collect personal data in the following occasions: Registering on our website; Using the service provided by NodeCheck; Making purchases on our website.
We collect the following personal data: Names, emails, addresses, VAT ID; IP addresses; Payment data, orders and receipts, purchasing history on our website.
Personal data is collected for the following purposes:
Providing the service you have purchased, we need to send you notifications the way you have ordered them. We would not be able to comply with this contractual obligation without processing your personal data; Fulfilling any orders that you make by using our websites or apps. If we don’t collect your personal data during checkout, we would not be able to handle your order and comply with our legal obligations. Responding to your queries and complaints. Handling the information you sent enables us to respond. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience;
Protecting our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account. We will also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. We will do all of this as part of our legitimate interest;
Managing payments and preventing fraudulent transactions. We do this on the basis of our legitimate business interests. This also helps to protect our customers from fraud; If we discover any criminal activity or alleged criminal activity through fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts. We aim to protect the individuals we interact with from criminal activities; Compling with our contractual or legal obligations to share data with law enforcement; Developing, testing and improving the systems, services and products we provide to you. We will do this on the basis of our legitimate business interests; With your consent, we will use your personal data, preferences and details of your transactions to keep you informed by email, web, text, and telephone about relevant products and services updates, new releases, special offers, discounts, promotions, events, etc.
Complying with legal obligations that require processing personal data. The registration on the website, together with the voluntary indication of personal data, is intended to enable us to offer you the contents or services that may only be offered to registered users due to the nature of the matter in question. Registered persons are free to change the personal data specified during the registration at any time, or to have them completely deleted from our data stock. In case you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you have asked for. Upon your request we will provide information to you as to what personal data are stored by us at any time. In addition, we will correct or erase your personal data at your request or indication, insofar as there are no statutory storage obligations.
We regard our customers data security very highly. We treat their personal data with the utmost care and take all appropriate steps to protect it. We secure access to all transactional areas of our websites and apps using ‘https’ technology. Access to your personal data is password-protected, sensitive data is secured and tokenised to ensure it is protected. We regularly monitor our system for possible vulnerabilities and attacks.
Whenever we collect or process personal data, we will only keep it for as long as is necessary for the purpose for which it was collected. At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
It may be necessary to share personal data with trusted third parties. Examples of the kind of third parties we work with are operational companies such as delivery couriers, PayPal for payments; Google to show you products that might interest you while you are browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites.
When working with third parties, we provide only the information they need to perform their specific services and they may only use your data for the exact purposes we specify in our contract with them. If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
In specific circumstances we may share personal data with third parties for their own purpose. Examples of such circumstances are: For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies; We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by- case basis and take the privacy of our customers into consideration; From time to time, we may expand, reduce or sell the Company and this may involve the transfer of parts of or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice; Google Analytics and PayPal are currently the only third parties we use to process your personal data as part of their contract with us. We use their services to be able to provide the best customer experience.
On our websites we have integrated the component of Google Analytics (with the anonymizer function). Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
For the web analytics through Google Analytics the controller uses the application "_gat. _anonymizeIp". By means of this application the IP address of the Internet connection of the data subject is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us. Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.
The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. With each visit to our Internet site, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.
On this website, we have integrated components of PayPal. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which represent virtual private or business accounts. PayPal is also able to process virtual payments through credit cards when a user does not have a PayPal account. A PayPal account is managed via an e-mail address, which is why there are no classic account numbers. PayPal makes it possible to trigger online payments to third parties or to receive payments. PayPal also accepts trustee functions and offers buyer protection services.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If the data subject chooses "PayPal" as the payment option in the online shop during the ordering process, we automatically transmit the data of the data subject to PayPal. By selecting this payment option, the data subject agrees to the transfer of personal data required for payment processing.
The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. The processing of the purchase contract also requires such personal data, which are in connection with the respective order. The transmission of the data is aimed at payment processing and fraud prevention. The controller will transfer personal data to PayPal, in particular, if a legitimate interest in the transmission is given. The personal data exchanged between PayPal and the controller for the processing of the data will be transmitted by PayPal to economic credit agencies. This transmission is intended for identity and creditworthiness checks.
PayPal will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfill contractual obligations or for data to be processed in the order. The data subject has the possibility to revoke consent for the handling of personal data at any time from PayPal. A revocation shall not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing.
Right to request: Access to the personal data we hold about you; The correction of your personal data when incorrect, out of date or incomplete; Erasure of your personal data (Right to be forgotten). For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end (such as the end of a warranty). That we stop using your personal data for direct marketing (either through specific channels, or all channels). That we stop any consent-based processing of your personal data after you withdraw that consent. You have the right to request a copy of any information about you that the we hold at any time. Right to withdraw consent: Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. Where we rely on our legitimate interest In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data. Direct marketing You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request. Checking your identity To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act. Automated decision-making, incl. profiling We do not use automated decision-making or profiling
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the relevant data protection regulator in your country of residence.
We may provide public forums like bulletin boards, blogs, or chat rooms on our websites. These forums are provided as a service to our users to help them exchange ideas, tips, information and techniques related to our services. Any personal information you choose to submit in such a forum may be read, collected, or used by others who visit these forums, and may be used to send you unsolicited messages. We are not responsible for the personal information you choose to submit in these forums.
We also post users and customer testimonials on our websites that may contain information such as the users' names and titles. We will obtain the consent of each user prior to posting any information or testimonials on the websites.
Our websites may contain links to third-party websites. These third-party websites maintain their own policies regarding cookies and the collection and use of personal information. We assume no responsibility or liability for the actions of such third parties with respect to their collection or use of information. We encourage visitors and users to read the privacy policies of every website that you visit through a link on our websites.
For non-EU customers: By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes. Sometimes we will need to transfer your personal data between countries to enable us to supply the goods or services you’ve requested. In the ordinary course of business, we may transfer your personal data from your country of residence to ourselves and to third parties located in the EU. By dealing with us, you are giving your consent to this overseas use, transfer and disclosure of your personal data outside your country of residence for our ordinary business purposes. This may occur because our information technology storage facilities and servers are located outside your country of residence, and could include storage of your personal data on servers in the EU. We will ensure that reasonable steps are taken to prevent third parties outside your country of residence using your personal data in any way that’s not set out in this Privacy Notice. We will also make sure we adequately protect the confidentiality and privacy of your personal data.