Privacy Policy

This Privacy Policy describes how we process information about you, including personal data and cookies.

1. General Information

1. 1. This Policy applies to the Web-based Service, operating under the URL: https://www.ihm.codes
   2. The Operator and Controller of the Web-based Service is: Instytut Handlu Międzynarodowego Sp. z o.o. Plac Bankowy 2, 00-095 Warszawa, Poland.
   3. Contact e-mail address of the Operator: [email protected]
   4. The Operator is the Controller with regard to the data you provide on a voluntary basis on the Web-based Service.
   5. The Web-based Service uses personal data for the following purposes:
      • Processing requests via the form
   6. The Web-based Service performs the functions of obtaining information about Users and their behaviour in the following way:
      • By means of data entered in the forms on a voluntary basis, which is entered into the systems of the Operator.
      • By storing cookie files (so-called ‘cookies’) on the terminal equipment.

2. Selected Methods of Data Protection Used by the Operator

1. 1. The login and personal data entry spaces are protected in the transmission layer (SSL certificate). This ensures that the personal and login data entered on the website is encrypted on the User’s computer and can only be read on the target server.
   2. The User passwords are stored in the hashed form. The hash function operates in a one-way fashion – it is not possible to reverse its operation, which is now the modern standard for storing the User passwords.
   3. The Operator shall periodically change its administrative passwords.
   4. For the purpose of data protection, the Operator shall make backup copies on a regular basis.
   5. A substantial element of data protection is the updating of all software used by the Operator to process personal data on a regular basis, which means in particular regular updates of software components.

3. Hosting

1. 1. The Web-based Service is hosted (technically maintained) on the servers of the Operator: a third-party company.

4. Your rights and Additional Information on How Your Data Shall Be Used

1. 1. 1. In certain situations, the Controller has the right to transfer your personal data to other recipients if this is necessary for the performance of a contract concluded with you or for the fulfilment of obligations incumbent on the Controller. This applies to such groups of recipients as:
         • persons authorised by us, employees and collaborators who need to have an access to personal data in order to perform their duties,
         • hosting company,
         • companies handling the mailings,
         • companies handling SMSes,
         • companies with which the Controller cooperates within the scope of its own marketing,
         • couriers,
         • insurers,
         • law offices and debt collectors,
         • banks,
         • payment operators,
         • public authority.
      2. Your personal data processed by the Controller for no longer than is necessary for the performance of the related activities defined by separate provisions (e.g. on keeping accounts). With regard to marketing data, data shall not be processed for longer than 3 years.
      3. You have the following rights:
         • of access by the data subject,
         • to rectification,
         • to erasure,
         • to restriction of processing,
         • to data portability

         the exercise of which you may request from the Controller.

      4. You have the right to object within the scope of the processing indicated in the point 3.3 c) to the processing of personal data for the purposes of the legitimate interests pursued by the Controller, including profiling, whereby the right to object shall not be exercisable where there are valid legitimate grounds for the processing which override your interests, rights and freedoms, in particular the establishment, exercise or defence of claims.
      5. You may lodge a complaint against the actions of the Controller with the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warszawa, Poland.
      6. The provision of personal data is voluntary, but necessary for the operation of the Service.
      7. Automated decision-making, including profiling, may be undertaken in relation to you for the purpose of providing services under the contract and for the purpose of direct marketing by the Controller.
      8. Personal data is not transferred to third countries within the meaning of data protection legislation. This means that we do not transfer it outside the European Union.

5. Information in the Forms

1. 1. The Web-based Service collects information provided by the User on a voluntary basis, including personal data if given.
   2. The Web-based Service may save information about the connection parameters (timestamp, IP address).
   3. The Service may, in some cases, store information to facilitate the binding of the data in the form with the User’s e-mail address completing the form. In such a case, the User’s e-mail address shall appear inside the URL address of the website containing the form.
   4. The data provided in the form is processed for the purpose resulting from the function of the specific form, e.g. to process a service request or sales contact, registration of services, etc. Each time the context and description of the form clearly informs what it is used for.

6. Controller Logs

1. 1. Information on User behaviour on the Web-based Service may be subject to logging. This data is used for the administration of the Web-based Service.

7. Relevant Marketing Techniques

1. 1. The Operator uses a statistical analysis of website traffic via Google Analytics (Google Inc., based in the USA). The Operator does not transfer personal data to the operator of this service, but only anonymised information. The service is based on the use of cookies on the User’s terminal equipment. With regard to the information on User preferences collected by the Google advertising network, the latter can view and edit the information resulting from the cookies using the tool: https://www.google.com/ads/preferences/.

8. Information on Cookie Files

1. 1. The Web-based Service uses cookie files.
   2. The cookie files (so-called ‘cookies’) are IT data, in particular text files, which are stored on the terminal equipment of the Web-based Service User and are intended for use on the websites of the Web-based Service. Cookies usually contain the name of the website they come from, the time they are stored on the terminal equipment and a unique number.
   3. The entity placing cookies on the terminal equipment of the Web-based Service User and gaining an access to them is the Operator of the Web-based Service.
   4. Cookie files are used for the following purposes:
      1. maintaining a session of the Web-based Service User (after logging in), thanks to which the User does not have to re-enter the login and password on each sub-page of the Web-based Service;
      2. achieving the objectives set out above under ‘Relevant Marketing Techniques’;
   5. The Web-based Service uses two main types of cookies: ‘session’ cookies and ‘persistent’ cookies. ‘Session’ cookies are temporary files that are stored on the User’s terminal equipment until they log off, leave the website or switch off the software (web browser). ‘Permanent’ cookies are stored on the User’s terminal equipment for the time specified in the parameters of the cookies or until they are deleted by the User.
   6. Web browsing software (web browser) usually by default permits the storage of cookies on the User’s terminal equipment. Users of the Web-based Service may change their settings in this respect. The web browser makes it possible to delete cookies. It is also possible to automatically block cookie files. Detailed information on this subject is contained in the Help section or documentation of the web browser.
   7. Limitations on the use of cookie files may have an impact on some of the functionalities available on the Web-based Service.
   8. Cookie files placed on the Web-based Service User’s terminal equipment may also be used by entities cooperating with the Operator of the Web-based Service, in particular companies: Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA), Twitter (Twitter Inc. based in the USA).

9. Managing Cookies – How to Give and Withdraw Consent in Practice?

1. 1. If the User does not wish to receive cookie files, the latter can change their browser settings. We stipulate that disabling cookies that are essential for authentication, security, maintaining User preferences processes may make it difficult, and in extreme cases may make it impossible, to use the websites.
   2. For the purpose of managing your cookie settings, select the web browser you are using from the list below and follow the instructions:
      • Edge
      • Internet Explorer
      • Chrome
      • Safari
      • Firefox
      • Opera

      Mobile devices:

      • Android
      • Safari (iOS)
      • Windows Phone