The privacy policy serves as an aid to understanding what data we collect and for what purpose and what we use it for. This information is important, so please read this document carefully. By using the website, its User entrusts us with information about him/herself.
It also happens that we also entrust this information to our trusted partners, i.e. third parties that exist in the environment of our Services. We work with them to provide you with the highest quality Services, as well as who carry out marketing activities, who directly or indirectly outsource marketing activities to us in the environment of our Services.
Data controller and definitions
1 The administrator of Users’ personal data, is OPERATOR SYSTEMS A/S,: Vandtårnsvej 62A, 1B 2860 Søborg, Denmark, telephone: +45 4485 0190; hereinafter referred to as Operator Systems A/S.
2. OPERATOR SYSTEMS A/S
1. is not a public body or entity,
2. its core business does not consist of processing operations that, due to their nature, scope or purposes, require regular and systematic monitoring of data subjects on a large scale;
3. its main activity does not involve large-scale processing of special categories of personal data referred to in Article. 9 (revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, or data concerning a person’s health, sexuality or sexual orientation), or personal data relating to criminal convictions and criminal acts, as referred to in Article. 10 (personal data on convictions and criminal acts or related security measures).
3. words used in the document mean:
1. User – a natural person with full legal capacity, a natural person who is a Consumer, a legal person or an organizational unit without legal personality, to which the law grants legal capacity, entering the site or using the services or functionalities described in this Privacy and Cookies Policy.
2. Internet Service – the Internet service run by the Administrator, available at the electronic addresses (pages): operatorsystems.pl through which the Customer/User may obtain information about the Administrator, its activities, offer, contact the Administrator.
3. Newsletter – information, including commercial information within the meaning of the Act of July 18, 2002. on the provision of electronic services from
OPERATOR SYSTEMS A/S, sent to the User electronically; its receipt is voluntary and requires the User’s consent.
4. Account – a set of data stored on the Website and in the ICT system of OPERATOR SYSTEMS A/S concerning a given User, his/her activity on the Website and contacts and their forms with OPERATOR SYSTEMS A/S.
5. RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation).
Basic safety rules
4. The content of the Website is the property of Operator Systems A/S. All personal and property copyrights to any elements of the Service (text, graphics, page layout, etc.) are reserved.
5. The Site and all its elements are protected by law, in particular the Act of February 4, 1994 on Copyright and Related Rights, and the Act of April 16, 1993 on Combating Unfair Competition. Every user should take care of the safety of their device. The computer should have an antivirus program with an up-to-date virus definition database, an up-to-date and secure version of the Internet browser, and a firewall enabled.
6. In addition, the user should periodically check that the operating system and programs installed on it have the latest updates, as attacks take advantage of bugs found in installed software. Software manufacturers are trying to eliminate such vulnerabilities with updates.
7. Access data to services offered on the Internet – such as logins, passwords, PINs, electronic certificates, etc., – should be secured. They should not be disclosed or stored on the device in a form that allows easy access and reading.
8. Caution is advised when opening attachments or clicking on links
in messages we did not expect, for example, from unknown senders.
If you have any doubts, it is worth contacting the shipper.
9. It is recommended to run tools in the web browser that check whether the displayed website is phishing, such as by impersonating a person or institution. The use of anti-phishing filters significantly reduces the risk of data theft.
10. It is important to use antivirus software to protect computers from malware and a firewall to control the transmission of information to and from the Internet, thus preventing the transfer of confidential data.
11. Files should only be downloaded from trusted sites. It is highly risky to install software from unverified sources. This includes mobile devices, e.g. smartphones, tablets.
12. When using a home wireless network (Wi-Fi), set a secure and hard-to-break password to access the network. The use of trusted Wi-Fi encryption standards is also recommended.
13. It is also important to maintain physical access control over equipment as much as possible. If an unauthorized person attaches any additional devices to it, tampers with it, it can become infected with a malicious program or connect spying devices such as keyloggers, which are used to capture text typed on the keyboard.
14. Operator Systems A/S attaches particular importance to respecting the privacy of users visiting our website. The data collected, in logs, is used only for the purpose of administering the service. We do not solicit identification of Site Users.
15. Identification data is not associated with specific persons browsing the Operator Systems A/S website, with the exception of data posted by Users in contact forms.
16. The privacy policy applies only to the websites of Operator Systems A/S.
17. If Operator Systems A/S links to other websites, Operator Systems A/S is not responsible for the privacy policies of these websites. When you access third-party websites, it is necessary to read the privacy policy established there.
Data protection
18. Provision of data is voluntary.
19. However, failure to provide data (including refusal to access information and its storage on your device, including with the use of cookies) marked as necessary for the use of the Website or the provision of services to you will prevent the use or their provision, in particular the inability to provide you with the information, content and offers you are looking for, the inability to process and respond to a complaint, the inability to respond to an inquiry or other request.
20. Personal data is all information about a natural person identified or identifiable by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including image, voice recording, contact data, location data, information contained in correspondence, information collected through recording equipment or other similar technology.
21. The Data Controller can be contacted:
1. at the mailing address: OPERATOR SYSTEMS A/S,: Vandtårnsvej 62A, 1B 2860 Søborg, Denmark;
2. at the email address: gdpr@operatorsystems.com.
22. In connection with the website and its own business activities, the Administrator collects and processes personal data in accordance with the relevant regulations, including in particular the RODO (Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC), and the data processing rules provided for therein.
23. The controller shall ensure transparency of data processing, in particular, always inform about the processing of data at the time of collection, including the purpose and legal basis for processing. The controller shall ensure that the data is collected only to the extent necessary for the stated purpose and processed only for the period of time necessary.
24. When processing data, the Administrator shall ensure its security and confidentiality, as well as access to information about the processing to data subjects. Should there be a breach of personal data protection (e.g., data “leakage” or loss) despite the security measures in place, the Administrator will inform data subjects of such an event in a manner consistent with the regulations.
25. In connection with the conduct of activities requiring processing, personal data are disclosed to external entities, including, in particular, suppliers responsible for the operation of IT systems and equipment, entities providing legal or accounting services, couriers, marketing or recruitment agencies.
26. The Administrator reserves the right to disclose selected information concerning the data subject to the competent authorities or to third parties who make a request for such information, relying on the relevant legal basis and in accordance with the provisions of the applicable law.
Period of personal data processing
27. The period of data processing by the Administrator depends on the type and purpose of processing. The period of data processing may also result from regulations when they provide the basis for processing.
28. In the case of data processing based on the legitimate interest of the Controller – e.g. for security reasons – the data shall be processed for a period of time enabling the fulfillment of this interest or until an effective objection to the data processing is made.
29. If processing is based on consent, data are processed until the consent is withdrawn.
30. When the basis for processing is the necessity for the conclusion and performance of the contract, the data shall be processed until the termination of the contract.
31. The period of data processing may be extended if the processing is necessary for the establishment or assertion of claims or defense against claims, and after this period – only if and to the extent required by law. At the end of the processing period, the data are irreversibly deleted or anonymized.
Rights of data subjects
32. A data subject is any natural person whose personal data is processed by the Administrator, such as a person who visits the Administrator’s premises or directs an e-mail inquiry to the Administrator.
33. Operator Systems A/S shall ensure that personal data subjects exercise their rights under the RODO.
34. Data subjects shall have the following rights:
1. the right to information about the processing of personal data – on this basis, the requesting person is provided by the Administrator with information about the processing of data, including, in particular, the purposes and legal grounds for processing, the scope of data held, the entities to which they are disclosed, and the planned date of deletion;
2. the right to obtain a copy of the data – on this basis, the Administrator provides a copy of the processed data concerning the person making the request;
3. the right to rectification – the Administrator is obliged to remove any inconsistencies or errors in the processed personal data and complete them if they are incomplete;
4. right to erasure – on this basis, you can request the erasure of data, the processing of which is no longer necessary to carry out any of the purposes for which they were collected;
5. the right to restrict processing – if such a request is made, the Administrator shall cease performing operations on personal data – with the exception of operations consented to by the data subject – and their storage, in accordance with the established retention rules, or until the reasons for restricting processing cease to exist (e.g., a decision is issued by a supervisory authority authorizing further processing);
6. the right to data portability – on this basis – to the extent that the data are processed in connection with a contract concluded or consent given – the Administrator shall issue the data provided by the data subject in a computer-readable format. It is also possible to request that this data be sent to another entity – provided, however, that the technical capabilities exist in this regard, both on the part of the Administrator and that other entity;
7. right to object to processing for marketing purposes – the data subject may object at any time to the processing of personal data for marketing purposes, without having to justify such objection;
8. right to object to other purposes of processing – the data subject may object at any time to the processing of personal data that is carried out on the basis of a legitimate interest of the Controller (e.g. for analytical or statistical purposes or for reasons related to the protection of property);
The objection in this regard should include a justification;
9. right to withdraw consent – if the data are processed on the basis of an expressed consent, the data subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before the withdrawal of consent;
10. to complain – if the processing of personal data is deemed to violate the provisions of the RODO or other regulations on personal data protection, the data subject may file a complaint with the President of the Office for Personal Data Protection, based in Warsaw, ul. Stawki 2, who can be contacted as follows: by mail: ul. Stawki 2, 00-193 Warsaw; via electronic mailbox available at: https://www.uodo.gov.pl/pl/p/kontakt; hotline: 606-950-0000.
Making demands related to the exercise of rights
35. A request for the implementation of the rights of data subjects can be submitted:
1. in writing to: OPERATOR SYSTEMS A/S,: Vandtårnsvej 62A, 1B 2860 Søborg, Denmark;
2. by e-mail to: gdpr@operatorsystems.com
36. If the Administrator is unable to identify the applicant on the basis of the application made, he will ask the applicant for additional information. The application can be submitted in person or through a proxy (such as a family member). For the sake of data security, the Administrator encourages the use of a power of attorney in a form certified by a notary public or authorized legal counsel or attorney, which will significantly speed up the verification of the authenticity of the application. The application should be answered within a month of receipt. If it is necessary to extend this deadline, the Administrator shall inform the applicant of the reasons for the delay.
37. The response shall be provided via snail mail, unless the request is made by e-mail or electronic transmission of the response is requested.
Purposes and legal basis for processing
38. General Assumptions
1. providing access to the service – based on Art. 6 paragraph. 1(b) RODO;
2. performance of obligations under the law – based on Art. 6 paragraph. 1(c) RODO;
3. realization of the following legitimate interests of the Administrator or a third party – on the basis of Art. 6 paragraph. 1(f) RODO:
4. self-marketing, including profiling, in particular displaying marketing content to the User on the Website or directing notifications of offers or content to designated Users by means of electronic communication, in particular by e-mail, provided that the User has given the appropriate consent, as well as conducting other types of activities related to marketing e.g. satisfaction surveys.
5. internal purposes related to the provision of services and the conduct of business, including evidentiary, analytical and statistical purposes.
6. The implementation of the above purposes causes the Administrator to use profiling in some cases. This means that through automated data processing, the Administrator assesses selected factors about individuals in order to analyze their behavior or create a forecast for the future. As a result of these analyses, no significant decisions regarding the User are made in an automated manner.
39. Email and traditional correspondence
1. In the case of directing to the Administrator via e-mail or traditional correspondence unrelated to the services provided to the sender or other agreement concluded with him, the personal data contained in this correspondence shall be processed solely for the purpose of communication and resolution of the matter to which the correspondence relates.
2. The legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(f) of the RODO), consisting of correspondence addressed to it in connection with its business activities.
3. The administrator shall process only personal data relevant to the matter to which the correspondence relates. All correspondence is stored in a way that ensures the security of the personal data contained therein (and other information) and is disclosed only to authorized persons.
40. Telephone contact
1. When contacting the Administrator by telephone, on other matters, the Administrator may request personal data only if it is necessary to handle the matter to which the contact relates. The legal basis in such a case is the legitimate interest of the Administrator (Article 6(1)(f) of the RODO) consisting of the need to resolve a reported case related to its business activities.
2. Telephone conversations may also be recorded – in this case, appropriate information is provided at the beginning of the conversation. Calls are recorded to monitor the quality of the service provided and verify the work of consultants, as well as for statistical purposes. The recordings are available only to the Administrator’s employees and the Administrator’s hotline attendants.
3. Personal data in the form of a recording of the conversation is processed:
1. for purposes related to service through a hotline, if the Administrator provides such a service – the legal basis for processing is the necessity of processing to provide the service (Article 6(1)(b) RODO);
2. to monitor the quality of service and verify the work of hotline attendants, as well as for analytical and statistical purposes,
3. the legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(f) of the RODO) to ensure the highest possible quality of service for the benefit of clients and customers, as well as the work of consultants, and to conduct statistical analysis of telephone communications.
41. Presentation of our service offerings
1. Scope of data: In order to prepare and present an offer of our services, we process personal data sent via the contact form: Name, e-mail address, website address, telephone number, content of the inquiry.
2. Legal basis: Processing is necessary to take action at the request of the data subject before entering into a contract.
42. Handling other inquiries from the contact form
1. Scope of data: In order to respond to inquiries that are not a request for an offer of our services, we process data sent via the contact form: First and last name, e-mail address, website address, telephone number, content of the inquiry.
2. Legal basis: Our legitimate interest (processing at the request of the data subject).
43. Newsletter mailing
1. Scope of data: In order to send our newsletter containing information about our services, we process your email address and name provided in the newsletter sign-up form or in the contact form, if you clearly agree to receive the newsletter.
2. Legal basis: Consent to process personal data for the purpose of sending the newsletter.
44. In the case of personal data obtained by means other than the Internet service (by telephone, e-mail, etc.), we also process them only for the purpose for which they were provided and for the time necessary to fulfill this purpose. In the case of a planned change in the purpose of processing, we always ask the owner of the personal data for consent and inform them of the changing terms of processing.
Data security
45. In order to ensure the integrity and confidentiality of data, the Administrator has implemented procedures to allow access to personal data only to authorized persons and only to the extent necessary due to their tasks. The administrator uses organizational and technical solutions to ensure that all operations on personal data are recorded and performed only by authorized persons.
46. In addition, the Administrator shall take all necessary measures to ensure that its subcontractors and other cooperating entities also provide a guarantee of the application of appropriate security measures whenever they process personal data on behalf of the Administrator.
47. The Administrator shall conduct a risk analysis on an ongoing basis and monitor the adequacy of the data safeguards applied to the identified risks. If necessary, the Administrator shall implement additional measures to enhance data security.
Other disclosures (cookies)
48. When you visit our site, code snippets are stored on your computer, where user settings are saved.
49. They are used to provide an optimal user experience when visiting our site and allow faster and easier access to information.
50. Cookies are not used to process personal data and their content does not allow to identify the user.
51. On the next visit from the same device, the browser can check whether the corresponding cookie (i.e. a file containing the name of the site) is stored on the device and send the data contained therein again to the site that stored the cookie. This allows you to recognize that a particular User has visited in the past, and in some cases tailor the content presented to the recipient.
52. The cookie policy is a separate document.
Third-party partner functionalities or technologies
53. We use the Google Analytics tool provided by Google Ireland LTD or Google LLC. We carry out activities in this regard based on our legitimate interest in creating statistics and analyzing them in order to optimize our websites.
54. The Google Analytics tool records users of our site and allows us to recreate a record of its traffic on our site.
55. The Google Analytics tool does not provide us with any information that identifies you because your data is encrypted at the browser level and is not sent to the tool’s servers.
56. The information we have access to within Google Analytics is, in particular:
1. information about the operating system and web browser you are using,
2. time spent on our site and on its sub-sites, the sub-sites you view within our site,
3. transitions between different sub-pages within our website,
4. the source from which you go to our service,
5. the places you click your mouse on our pages.
57. In order to use the above data, we have implemented in the source code of our site monitoring code of Google Analytics tool it uses cookies. From our website, using the mechanism used to manage cookies, you can disable the Google Analytics tracking code.
Transfers of data outside the EEA
58. The level of protection of personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when necessary and with an adequate degree of protection, primarily by:
1. cooperation with processors of personal data in countries for which a relevant decision of the European Commission has been issued;
2. use of standard contractual clauses issued by the European Commission;
3. application of binding corporate rules approved by the relevant supervisory authority.
59. The controller shall always inform about the intention to transfer personal data outside the EEA at the stage of collection.
60. Specifically, the entity outside the European Economic Area to which we transfer certain data is: Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, United States,
Change in privacy policy
61. The Privacy Policy is reviewed on an ongoing basis and updated as necessary.
62. The current version of the Privacy Policy has been adopted and is effective as of 01.01.2023.
