Privacy policy

1. Who is the Controller of personal data?

The Controller of personal data is Composable Security spółka z ograniczoną odpowiedzialnością, with headquater in Plac Wolnica 13/10, 31-060, Cracow.

2. How to contact the Controller?

If you have any questions or comments regarding data processing, please contact us by mail: info@composable-security.com

A request to correct or delete personal data should be reported to us at: info@composable-security.com

3. What data do we collect and for what purpose?

The scope and purpose of data collection depends on which services you use at Controller’s websites:

a) making purchases at the website, including the purchase of paid mailing service

If you placed an order at the website for products offered by the Controller, we collect following data: name and surname, e-mail address, home address and telephone number. If you want to receive a VAT invoice, we additionally require a tax identification number and invoice data, including the name and address of the company’s registered office.

Providing data marked as mandatory is necessary to carry out the order, and failure to do so results in the failure to receive the order. Providing other data is optional.

Personal data are processed:

• in order to perform the order or service ordered (including consideration of possible complaints) – the legal basis for processing is the necessity of processing for the performance of a contract to which the data subject is party;
• in order to comply with legal obligations to which the Controller is subject, resulting in particular from tax regulations and accounting regulations, including, inter alia, the need to issue a receipt or VAT invoice with respect to the sale of goods and their archiving – the legal basis for processing is the legal obligation;
• in order to establish, investigate or defend against claims – the legal basis for processing is a legitimate interest consisting in the protection of our rights;
• for archival and statistical purposes – the legal basis for processing is the legitimate interest of conducting analyzes of Users’ activity at the website in order to improve the functionalities used and improve our offer.

b) newsletter subscription

If you have provided us with your e-mail address for this purpose, we provide newsletter services, i.e. sending commercial information regarding the products or services we offer. Providing this data is voluntary, but necessary to send the newsletter.

Personal data is processed:

• in case of sending marketing content to the user as part of the newsletter – the legal basis for processing is legitimate interest in connection with the consent granted by you;
• for analytical and statistical purposes – the legal basis for processing is legitimate interest of conducting analyzes of user activity at the website in order to improve the functionalities and improve our offer;
• in order to possibly establish, investigate or defend against claims – the legal basis for processing is a legitimate interest consisting in the protection of our rights.

c) contact via e-mail, ordering a service

In the event that you contact us via e-mail, you also provide us with your e-mail address as the sender of the message. We collect following data: name and surname, e-mail address, project website. You may be asked to provide additional data only if it is necessary to handle the case to which the contact relates. In this case, the legal basis is our legitimate interest in the need to resolve the reported matter related to the website.

Your e-mail address may be added to our newsletter and receive commercial information regarding the products or services we offer.

d) data of users of social media profiles and people commenting on content on websites

Our profiles on Twitter, LinkedIN, YouTube, Google are public. When visiting our profile, you provide us with your personal data (e.g. account name, comments, likes, Internet identifiers and the IP address of the device used).

If you comment on content on our websites, you provide us with your username and e-mail address. These data are processed in order to: (i) enable us to effectively run our profile or blog in connection with the promotion of various types of events, services and products by us, and (ii) communicate with users. The legal basis for the processing of personal data is our legitimate interest in promoting our business, improving the quality of our services as well as ongoing communication with users of profiles, fanpage or blog.

NOTE: the above information does not apply to the processing of your personal data by the administrators of individual websites.

4. How long do we process personal data?

The period of data processing depends on the character of service provided and the purpose of processing. As a rule, the data are processed:

1. for the duration of performance of the service;
2. until the consent is withdrawn;
3. until submission of effective objection
4. until an effective data erasure is requested. The data processing period may be extended if the processing is necessary to establish, investigate or defend against possible claims, and after this period, only if and to the extent that it will be required by law.

5. What rights do you have in relation to the processing of your personal data?

We guarantee the implementation of all rights of persons whose data we process, including the right to:

• access to personal data, including obtaining a copy;
• data rectification;
• data erasure;
• restriction of processing;
• data portability;
• withdraw consent at any time (which does not affect the lawfulness of the processing based on consent before its withdrawal);
• raise an objection;
• lodge a complaint to the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).

IF YOU WANT TO EXERCISE YOUR RIGHTS, PLEASE CONTACT US FIRST.

6. To whom we make your personal data available?

Personal data on the basis of appropriate agreements are made available to entities processing data on behalf of the Controller. Such entities process data only in accordance with our instructions, maintaining their confidentiality and security. We have the right to control the processing of the data made available by us.

List of authorized processors:

• UPSEC Damian Rusinek
• Paweł Kuryłowicz IT Security Boost

In other cases, personal data may be disclosed to authorized entities only on the basis of provisions of law.

7. Social media

The websites use plugins and other social tools provided by social networks, such as Twitter, LinkedIN, GitHub, YouTube, Google.

In connection with use of websites that contain such a plug, your browser establishes a direct connection with the servers of social network administrators (service providers). The content of the plugin is transferred by given service provider directly to your browser and integrated with the website. Thanks to this integration, service providers receive information that your browser has displayed a given website, even if you do not have a profile at given service provider or are not logged in at the moment. Such information (along with the IP address) is sent by your browser directly to the server of a given service provider (some servers are located in the USA) and stored there.

If you have logged in to one of the social networking sites, the service provider will be able to directly assign the visit to the site to your profile on the given social networking site. If you use a given plug-in, such as the “Like” button, the relevant information will also be sent directly to the server of the given service provider and stored there. In addition, this information will be published on a given social network and will appear to people added as your contacts.

The purpose and scope of data collection and their further processing and use by service providers, as well as the possibility of contact and your rights in this regard and the possibility of making settings to protect your privacy are described in the privacy policy of individual service providers.

• Twitter – https://help.twitter.com/pl/rules-and-policies/twitter-rules
• YouTube, Google – https://policies.google.com/privacy?hl=pl
• LinkedIN – https://pl.linkedin.com/legal/privacy-policy
• GitHub – https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement

If you do not want social networking sites to assign the data collected during your visit to our website directly to your profile on a given social networking site, you must log out before visiting Controller’s website. It is also possible to completely prevent the loading of plugins on the website by using appropriate extensions for your browser, e.g. blocking scripts.

8. Amendments to the privacy policy

The privacy policy is verified on an ongoing basis and updated if necessary. The current version of the policy was adopted and has been in force since 06.02.2024.