The Administrator of the Website is Devopsbay Limited Liability Company with its registered office in Sopot, at Leśna 1 Street, registered in the District Court of Gdańsk - Północ in Gdańsk, VIII Economic Division of the National Court Register under the KRS number: 0000918660, with share capital of 9,900PLN, REGON: 520136961, NIP: 5851495033 [Administrator].
To contact the Administrator, you can send a message to the email address:
contact@devopsbay.com
or traditionally, via post to the address: 81-876 Sopot, Leśna 1 Street.The Privacy Policy is dedicated to both visitors of the website - https://app.descrb.com, users of the descrb web application, whether they act as consumers or entrepreneurs. The Privacy Policy is a part of the descrb Regulations.
Our goal is to inform about issues related to personal data processing, especially in view of the new provisions on personal data protection, including the European Parliament and Council Regulation (EU) 2016/679 of 27.04.2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("GDPR"). Therefore, in this document, we inform about the legal grounds for personal data processing, methods of their collection and use, as well as the rights of data subjects associated with this.
Personal Data and their Processing
Personal data includes any information that allows the identification of a natural person ("Data"). The Administrator collects personal data to the minimum extent necessary to achieve the purposes specified below. Its goal is to ensure that every user using the website, application, both web and mobile, or contact forms is aware of what personal data is being processed, for what purpose, by whom, and what rights are associated with the processing.
Data processing does not always occur directly. The nature of the website and application causes the Administrator to also indirectly collect data, among other things, using so-called Cookies. Providing personal data is voluntary, but some of it may be necessary to ensure proper use of the website and Administrator's services.
How does the Administrator process personal data, based on what legal grounds and what types of personal data?
We strive to maintain transparency regarding the methods and legal bases of processing personal data, as well as the purposes for which the Administrator processes personal data. We make sure to provide necessary information in this regard to every person whose personal data we process as the data controller. To ensure that our explanation of these issues is as clear as possible, we present the following list of personal data processing operations.
At the same time, whenever we process personal data based on the legitimate interests of the data controller, we try to analyze and balance our interests with the potential impact on the person whose data is concerned (both positive and negative), as well as the rights of that person under data protection laws. We do not process personal data based on our legitimate interests if we conclude that the impact on the person whose data is concerned outweighs our interests (in which case we may process personal data if we have appropriate consent or if required or permitted by law).
General information
Individuals visiting the Website, using the application, or contacting us through the contact form on the Website have control over the personal data they provide to us. The Website limits the collection and use of information about its users to the necessary minimum required to provide services to them at the desired level, in accordance with Article 18 of the Act of 18 July 2002 on the provision of electronic services.
Processing of personal data of persons contacting the Administrator to obtain information about the offer or to share comments regarding Administrator's services, as well as those contacting the Administrator to conclude a contract with the Administrator - concerns users conducting business activity.
We collect the following personal data from individuals contacting the Administrator to obtain information about the offer or to share comments regarding the services, as well as those contacting the Administrator to conclude a contract: name, position, business address and company name, email address, and identification data for communication tools such as Teams, Whatsapp, Slack.
Registration on the Website
Personal data provided by you when registering on the Website to use the web application, such as your name, address, email address, telephone number, data concerning the conducted business activity, content necessary to generate a report as referred to in the Terms and Conditions, which may indirectly also indicate a specific natural person, are processed:
- to the extent necessary to establish, shape the content, change, terminate, and properly perform services provided electronically;
- to service and ensure the proper operation of your user account on the Website,
- to perform services related to placing an advertisement on the Website,
- to handle submitted complaints,
- to handle other inquiries or requests that you may address to us.
If you register or log in to your Account through External Services (e.g. Facebook, Google), we may additionally process your personal data, such as your information in External Services.
In each of the above cases, the legal basis for the processing of data, to a significant extent, is the necessity to perform the contract that you conclude with the Company, or to take actions leading to its conclusion (Article 6(1)(b) of the GDPR).
In addition, in order to fulfill our obligations imposed by law, e.g. by the Accounting Act or tax regulations (e.g. issuing and storing invoices and accounting documents), we will also process your data concerning transactions made on the Website and information from your user account. We may also process your data to comply with the accountability principle, i.e. the obligation for the Company to demonstrate compliance with data protection regulations. In cases mentioned in this paragraph, the legal basis for processing the aforementioned data is the legal obligation incumbent upon us (Article 6(1)(c) of the GDPR).
We will also process the following data based on the legitimate interests of the Company (Art. 6(1)(f) GDPR):
- Your data provided in your question, complaint, or suggestion to respond to your inquiries, complaints, or suggestions (our legitimate interest includes the ability to respond to customer inquiries, complaints, and suggestions)
- Your data indicated in the survey, which we may ask you to fill out in order to measure customer satisfaction and determine the quality of our service (our legitimate interest includes the ability to obtain information to improve customer service standards)
- Your data, as well as data of other users of the Website, for the purpose of conducting statistical research and analysis and improving the services and products we offer (our legitimate interest includes the ability to obtain information to improve our business activity)
- Your data, as well as data of other users of the Website, for the purpose of ensuring the safety of services provided electronically, including preventing possible abuses or frauds (our legitimate interest includes ensuring the safety of services, including preventing fraud and abuse)
- Your data in terms of directing an invitation to participate in the loyalty program to you (our legitimate interest includes conducting marketing activities).
Contact form
Personal data that you provide to us through the Contact Form located on the Website, including your name and contact information (email address), is processed to the extent necessary to respond to the message received through the Form and to contact you for this purpose.
Commercial information - marketing consent
Personal data that you provide us with for the purpose of receiving commercial and marketing information from the Administrator, namely your name, surname, e-mail address or telephone number, and data concerning your business activity, are processed to the extent necessary to send you the above-mentioned information based on the consent obtained from you beforehand. Such consent may be withdrawn at any time.
Links to other websites
We enable logging into our Services through:
- Facebook user accounts. This is a service provided by Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). More information can be found at: https://www.facebook.com/help/2230503797265156.
- Google user accounts. This is a service provided by Google Ireland Ltd. (Gordon House, 4 Barrow Street, Dublin, Ireland). More information can be found at: https://support.google.com/accounts/answer/10130420.
Cookies
Practically every website currently uses so-called Cookies, i.e. files that are used for automatic collection of personal data from website users ('Cookies'). The Administrator's website is no exception. The information obtained in this way is stored on the user's computer or other mobile device that is used to access the website.
There are two basic purposes for using Cookies: maintaining a user session and saving it, and providing security (e.g. detecting abuse). In this respect, the use of Cookies is necessary.
Cookies may not be necessary to a further extent, but they greatly facilitate the use of the website. They are used, among other things, to:
- remembering certain user choices regarding displaying a specific message or displaying it a certain number of times,
- monitoring user activity on the website,
- collecting anonymous, aggregate statistics to improve the functionality of the website,
- for marketing purposes.
In this respect, the Administrator uses services of third-party entities, whose list evolves depending on the market conditions and technical possibilities. These entities include:
- Google Analytics (Google Privacy Policy) - through it, the Administrator verifies users who have previously used the website, observes traffic, and user behavior on the website.
It should be emphasized that at no stage is the user obliged to accept Cookies (except for technical Cookies, necessary for the proper functioning of the website). Through the internet browser, it is possible to configure it in such a way as to prevent the storage of Cookies on the user's computer or other mobile device. There is also the possibility of deleting current Cookies. However, the lack of acceptance of Cookies may negatively affect the website's operation, and in some cases, even prevent the use of certain functions.
If you want to learn how to manage cookies, including how to disable them in your browser, you can use the browser's help file. Information on this topic can be found by pressing the F1 key in the browser. In addition, relevant instructions can be found on the following subpages, depending on the browser used.
By using the appropriate options in your browser, you can delete cookies at any time or block their use in the future.
Access Logs
Based on the analysis of access logs, the Administrator collects information regarding the use of the website by users and their IP addresses. The purpose of collecting this data is to diagnose any problems related to server performance, assess the risk of security breaches and manage the website.
The above information enables the creation of aggregate statistical reports that may be disclosed to third parties (e.g. issues related to website traffic). Sometimes, authorized state bodies, in connection with ongoing proceedings, may also require the Administrator to disclose information about the IP address of a specific user.
Automated Personal Data Processing
The information we collect in connection with the use of our Website may be processed in an automated manner (including profiling), but this will not have any legal effects on the data subject or similarly significantly affect their situation. We attach particular importance to profiling issues and specify that:
- We do not process any sensitive data for profiling purposes,
- We typically process aggregated data for profiling purposes,
- If we cannot achieve the purpose other than by profiling personal data that is not pseudonymized or aggregated, we use typical data such as email address and IP or cookies for this purpose,
- We profile for the purpose of analyzing or predicting personal preferences and interests of persons using our Website and adapting the content on our Website to those preferences,
- We profile for marketing purposes, i.e. matching the marketing offer to the above preferences.
Legal Basis for Processing
Personal data of website users is processed on the basis of obligations arising from applicable law (all), obtained consent (commercial information), the necessity of performing a contract (fulfilling a request) and the legitimate interest of the Administrator.
How Long Does the Administrator Retain Data?
The period of data retention depends on the legal basis for their processing:
- In the case of consent (e.g. for sharing commercial information), this period lasts until it is withdrawn,
- When processing data to perform a contract - for the duration of the contract and the limitation period for claims arising from it,
- When processing data based on obligations arising from applicable law, the Administrator processes data for as long as necessary under those provisions,
- When processing data as part of the legally justified interest of the Administrator, processing lasts as long as that interest lasts.
The period of processing the above data may be extended if processing is necessary to determine and pursue claims or defend against claims. After the above periods, the data is immediately deleted or anonymized.
Data Recipients
Sometimes, the Administrator has the right to transfer user data if it is necessary to provide services, fulfill obligations and comply with applicable law.
The Administrator may use the services of external entities in the scope of performing some tasks, e.g. in data storage, accounting, legal, marketing or IT services. If necessary, the data may also be received by authorized authorities.
When entrusting data to subcontractors in the implementation of the Administrator's goal, the Administrator of the data does not change, and the Administrator is still responsible for their security.
User data may be transferred to the following entities:
- the above-mentioned entities processing personal data on the basis of personal data processing agreements (processors),
- service providers: - hosting, - digital, including cloud computing services, - access to software for communication.
- performers and subcontractors of the Administrator providing services in the field of supplying software, software or hardware maintenance used by the Administrator, as well as suppliers of products we use for help,
- debt collection companies (where we provide personal data only to the extent that it is actually necessary to achieve a given goal),
- auditors and audit experts, legal advisers, tax advisers,
- supervisory authorities responsible for enforcing the law, regulatory authorities and other public administration bodies.
Does the Administrator share user data with anyone?
Outside of the above scope, data is not shared with third parties, except in situations where the user explicitly consents to it (which can be revoked at any time), the sharing of data is necessary for the performance of a contract or the provision of services, and in specific cases where an authorized entity requests access to the data based on universally applicable legal provisions (e.g. a law enforcement agency).
Each of the above situations is carefully analyzed by the Administrator, and data is only transmitted in the event that a valid and effective legal basis for the request to disclose user data by these entities is confirmed.
Sharing data with entities outside of the EEA (European Economic Area)
The Administrator may transmit the acquired data to other entities only if there is a legal basis for it.
Some of the service providers for the Administrator are located outside of the European Economic Area (EEA). When transferring data outside of the EEA, the Administrator exercises increased caution. They verify whether the suppliers guarantee a high level of personal data protection, compliant with the legal requirements applicable in the EEA and the adopted case law, including the ruling of the Court of Justice of the European Union of July 27, 2020, Schrems II. They minimize the scope of data sent outside the EEA, and in the case of using SCCs (standard contractual clauses adopted by the European Commission), they verify whether there is a risk of violating personal data protection by entities outside the EEA. Among other things, they examine the process of securing data and whether the disclosed data may potentially be of interest to third countries.
Data protection
The Administrator uses all available physical, technical, and organizational means to ensure proper protection of personal data. Specifically, they protect data from destruction, accidental loss, disclosure to unauthorized persons, and alteration and verify the scope of access. The Administrator exercises the rights of individuals whose personal data is being processed. They keep an appropriate register of data processing activities, notify the relevant authorities and individuals whose specific data has been affected by any violations related to personal data processing.
Rights of the user
The User has the following rights in relation to the processing of their personal data (Art. 12-21 GDPR):
- to information regarding the extent of personal data processing, i.e. the "duty to inform" (in accordance with Art. 12 and 13 GDPR),
- to access the contents of their personal data (in accordance with Art. 15 GDPR),
- the right to to rectification their personal data (in accordance with Art. 16 GDPR), i.e. to correct inaccurate data and to supplement incomplete data,
- the right to request the restriction of personal data processing (in accordance with Art. 18 GDPR),
- the right to to data portability their personal data to another Administrator (in accordance with Art. 20 GDPR),
- the right to to object the processing of data for reasons related to their particular situation (in accordance with Art. 21 (1) GDPR), but this right is not absolute - i.e. despite the objection, the Administrator may still process personal data if they demonstrate that there are compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise or defense of legal claims,
- the right to object to personal data processing carried out for direct marketing purposes, to the extent that the processing is related to such direct marketing. This objection does not require justification or conditions of effectiveness. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
- The User may object to our processing of their data by disconnecting their account in the External Service login from their account in our Services. More information can be found at:
You can object to us processing your data by disconnecting your account in the External Services login service from your Account in our Services. More information can be obtained at:
- logging in through Facebook account: https://www.facebook.com/help/2230503797265156
- login through Google account: https://support.google.com/accounts/answer/2541991
Additionally, the User has the right to file a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection.
Children's Privacy
This website is not directed to children under the age of 13. We do not knowingly collect personal information from children under the age of 13. If we discover that a child under the age of 13 has provided us with personal information, we will immediately delete it from our servers. If you are a parent or guardian and you know that your child has provided us with personal information, please contact us so that we can take appropriate action.
Privacy Policy Update
The Administrator declares that this Privacy Policy will be regularly updated, among others, in the event of new legal requirements or guidelines. The Administrator will also take into account changes in the technology used in the data processing and protection process, changes in the purposes of the processing, categories of data obtained, and legal bases for their processing.