mail-icon
mail-icon
Privacy Policy

PRIVACY POLICY AND PERSONAL DATA PROTECTION

Our Users, Clients, and Contractors are of particular importance to us. For this reason, John Leggy guarantees high standards of privacy and personal data protection, both within the website www.johnleggy.com and in the scope of services provided and business relationships established. We ensure that personal data is secure and that data subjects can exercise the rights to which they are entitled.

Taking into account the above and the requirements of legal regulations, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Dz.U.UE.L.2016.119.1 of 2016.05.04) (hereinafter referred to as GDPR), this Privacy Policy is adopted by John Leggy sp. z o.o. to ensure the security of personal data.

This Privacy Policy defines:
✓ the principles for processing and protecting personal data provided by Users, i.e. all individuals using the website and other related sites, communications, and services,
✓ the principles for processing personal data provided by Clients and Contractors, i.e. all individuals who use services provided by the Data Administrator or cooperate with the Data Administrator in the provision of such services.

The data administrator of the personal data contained within the website is John Leggy sp. z o.o., with its registered office in Warsaw, ul. Bednarska 7, 00-310 Warsaw, entered into the register of entrepreneurs of the National Court Register maintained by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register under KRS number: 0000698959, NIP: 5252725923, REGON: 36850751500000 (hereinafter referred to as the Administrator or Data Administrator).
To the extent necessary for the User to use the website and other related sites, communications, and services, as well as to the extent necessary for the Data Administrator to take action at the User’s request, the processing of personal data is based on the legal ground specified in Article 6(1)(b) of the GDPR, for the purpose of servicing the offered websites, platforms, communications, and services.
In all other cases, the provision of personal data by the User is voluntary and based on the legal ground specified in Article 6(1)(a) of the GDPR, carried out for the purposes indicated in the selection options presented upon the User’s first visit to the website www.johnleggy.com.
However, the scope of consent expressed by the User for the processing of their personal data will affect the extent of access to the content and services we offer. Therefore, the User must be aware that by selecting the minimal option, they may not be able to fully benefit from certain products or services offered by the Data Administrator.

I. USER CONSENT

By using the service, the User accepts that the Data Administrator collects, uses, and shares both non-personal and personal data in accordance with this Privacy Policy.
However, the User retains control over how their data is used and shared, as detailed in Chapter V of this Privacy Policy titled „User Rights.”
In cases where personal data is processed based on the User’s consent, the User has the right to withdraw previously given consent at any time. Such withdrawal does not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.
If this Privacy Policy is amended and the User continues to use the service, such continued use shall be deemed acceptance of the new terms.

II. PERSONAL DATA PROCESSED BY THE DATA ADMINISTRATOR

1. Method of Obtaining Personal Data

a. Personal data obtained directly from the User

The Data Administrator obtains personal data in two ways. The first method involves obtaining personal data directly from the User, through:

  1. the User sending a message via the contact form provided on the website,
  2. the User creating their own account on the website,
  3. the User using services and products offered by the Data Administrator,
  4. the User contacting the Data Administrator to obtain technical support.

b. Personal data obtained from other sources

The Data Administrator also obtains personal data from sources other than directly from the User, namely:

  1. by recording how the User uses the Data Administrator’s products and services via cookies and other technologies, and by receiving error reports or usage data from software operating on the User’s device,
  2. from data brokers, from whom the Data Administrator purchases demographic data to supplement data collected independently,
  3. from service providers who supply the Data Administrator with information about User location based on User IP addresses,
  4. from partners with whom the Data Administrator offers products and services or conducts joint marketing activities,
  5. from publicly available sources, such as public registers or public domains where User data is made available.

2. Personal Data Processed by the Data Administrator

The scope of personal data collected by the Data Administrator concerning Users, Clients, and Contractors may vary depending on the purpose of data processing. The Data Administrator collects, among others, the following personal and non-personal data:

  1. Login name,
  2. First and last name / company name / first and last name of the entrepreneur or names of entrepreneurs operating as a civil partnership,
  3. Correspondence address,
  4. Website address,
  5. Telephone number,
  6. Email address,
  7. Tax Identification Number (NIP),
  8. National Business Registry Number (REGON),
  9. Computer IP address,
  10. Payment data, if the User makes a purchase on the website.

Additionally, the Data Administrator collects data related to the content of files and messages from Users, Clients, and Contractors when required to establish and carry out cooperation, and to provide services and products. This includes the subject and content of email messages, text or other content of instant messages, audio and video recordings of video messages, audio recordings and transcriptions of voice messages or dictated text messages.

The Data Administrator also collects information provided by Users, Clients, and Contractors, including reviews and ratings of products and services, as well as information submitted for the purpose of obtaining technical support.

III. METHOD OF DATA PROCESSING – PURPOSES OF PERSONAL DATA PROCESSING BY THE DATA ADMINISTRATOR

The method by which the Data Administrator processes the collected personal data depends on how Users, Clients, and Contractors use the Data Administrator’s products and services, as well as on the nature of the established cooperation. Therefore, the specific purposes of personal data processing may vary depending on the subject of cooperation, the product or service selected, and how it is used.

1. Provision of services, execution of cooperation, other activities based on requests and agreements made in writing or concluded verbally

The Data Administrator processes the personal data of Users, Clients, and Contractors for the purpose of carrying out activities undertaken on behalf of or jointly with Users, Clients, and Contractors. This includes authentication and authorization of their access to services or other accesses and actions necessary for the execution of the agreement and communication with persons responsible for its implementation, as well as the provision of services offered to the Data Administrator. This processing is based on the legal ground specified in Article 6(1)(b) of the GDPR, for a period of 5 years from the end of the calendar year in which the agreement was completed.

If the execution of the agreement involves financial settlement or another obligation of the Data Administrator arising from separate legal provisions, the personal data of Users, Clients, and Contractors will be processed in such cases based on the legal ground specified in Article 6(1)(c) of the GDPR, for a period of 5 years from the end of the calendar year in which the settlement of the agreement occurred.

In the event of claims being made by either party and for the purpose of defending against such claims, personal data will be processed based on Article 6(1)(f) of the GDPR, for a period not exceeding 6 years from the end of the calendar year in which the claim became enforceable (in accordance with applicable legal regulations).

2. Direct Marketing (promotion of own services, products and activities, loyalty programs and initiatives, opinion research on conducted activities, statistics)

The Data Administrator processes the personal data of Users, Clients, and Contractors for the purpose of personalized communication. This communication includes sending email messages, posting notifications on websites, and using other means within the scope of offered services, including text messages and push notifications. The communicated content concerns the Data Administrator’s own services, i.e. the services themselves and how they are used, personal data security, network updates, reminders, as well as suggested offers from the Data Administrator.

Such communication also covers the support of Users, Clients, and Contractors, in order to provide technical assistance, resolve ongoing issues, and respond to submitted complaints.

The Data Administrator also processes the personal data of Users, Clients, and Contractors to enable them to comment on the Data Administrator’s activities, services, and products, thereby allowing the monitoring of service quality and the satisfaction level of Users, Clients, and Contractors.

The processing described above is based on the legal ground specified in Article 6(1)(f) of the GDPR, for a period of 5 years from the end of the calendar year in which the data was collected.

3. Advertising

The Data Administrator processes personal data for the purpose of offering the User advertisements tailored to them within the service, websites, communications, and services, provided that the User has given consent for such activities or in the case of a business relationship being established between the Data Administrator and the User. These advertisements concern both the Data Administrator’s own offers and those of cooperating entities.

Advertisements presented to the User are individually tailored using:

  1. data provided directly by the User,
  2. data collected through the User’s use of the Data Administrator’s services,
  3. information provided by third parties,
  4. data originating from advertising technologies such as cookies,
  5. web beacons, pixels, ad tags, and mobile identifiers.

The Data Administrator does not share the User’s personal data with third-party advertisers or advertising networks without the User’s consent. However, if the User clicks on a displayed advertisement, the advertiser will be informed of this action.

Such activities are based on the legal ground specified in Article 6(1)(a) of the GDPR, and will continue until the User withdraws their consent, but no longer than 5 years from the end of the calendar year in which the consent was given.

4. Service Improvement

The Data Administrator processes the User’s personal data for the purpose of conducting analytical and statistical activities aimed at continuously improving the products and services offered, providing better solutions, adding new features and capabilities, expanding the audience base, and supporting the establishment of contacts and discovery of business opportunities.

Personal data concerning Users is also processed by the Data Administrator in the scope of market research, public opinion surveys, and economic analysis, all intended to continuously enhance the service.

The processing described above is based on the legal ground specified in Article 6(1)(f) of the GDPR, for a period of 5 years from the end of the calendar year in which the data was collected.

IV. SHARING OF PERSONAL DATA BY THE DATA ADMINISTRATOR

Personal data of Users, Clients, and Contractors is or may be transferred to the following categories of recipients:

  1. entities to whom the Data Administrator has entrusted the processing of personal data under separate agreements, including providers of legal and advisory services supporting the Data Administrator in pursuing due claims (in particular law firms, debt collection agencies), subcontractors of the Data Administrator’s services, server service providers, etc.
  2. entities authorized under separate legal provisions, including those responsible for auditing the activities of the Data Administrator,
  3. entities authorized to handle deliveries (couriers, postal operators).

V. RIGHTS OF DATA SUBJECTS (USERS, CLIENTS, CONTRACTORS)

If a User, Client, or Contractor wishes to exercise their rights as a personal data subject, they may contact the Data Administrator or the appointed Data Protection Officer (DPO) using the form provided on the website or through the communication channels indicated in this document.

Depending on the legal basis for processing, the data subject is entitled to the following rights.

1. Right of Access to Data

The User is entitled to obtain confirmation from the Data Administrator as to whether their personal data is being processed, and if so, is entitled to access information regarding the details of such processing, including, in particular, information about the purpose of processing and the categories of data being processed.

The User also has the right to request a copy of the personal data undergoing processing.

2. Right to Data Correction

The User has the right to rectify personal data that is inaccurate. They have the right to request the replacement, supplementation, or removal of errors, defects, and incorrect information in the entire dataset concerning them.

Data that is incorrect cannot be the subject of supplementation—i.e., the User may not request the replacement or supplementation of existing data with incorrect data.

If the processed personal data is incomplete, the User may submit an additional statement to complete it. Such a statement may be submitted in any form, including electronically.

3. Right to Erasure of Data (Right to Be Forgotten)

The User has the right to request the erasure of their personal data if one of the following circumstances applies:

  1. the User’s personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  2. the User has withdrawn the consent on which the processing is based, and there is no other legal ground for the processing;
  3. the User objects to the processing of their personal data;
  4. the personal data was processed unlawfully;
  5. the personal data must be erased in order to comply with a legal obligation under Union law or the law of a Member State to which the Data Administrator is subject;
  6. the personal data was collected in connection with the offering of information society services.

The right to be forgotten applies to the User only when exercising the right to erasure of personal data and only in situations where the personal data concerning them has been made public by the Data Administrator.

4. Right to Restriction of Processing

The User has the right to restrict the processing of their personal data in the following cases:

  1. the User contests the accuracy of the personal data – for a period enabling the Data Administrator to verify the accuracy of the data;
  2. the processing is unlawful, and the User opposes the erasure of the personal data, requesting instead the restriction of its use;
  3. the Data Administrator no longer needs the User’s personal data for processing purposes, but the data is required by the User for the establishment, exercise, or defense of legal claims;
  4. the User has objected to the processing – pending verification of whether the legitimate grounds of the Data Administrator override the grounds of the User’s objection.

In the case of restriction of processing, the Data Administrator may process personal data, with the exception of storage, only:

  1. with the User’s consent, or
  2. for the establishment, exercise, or defense of legal claims, or
  3. for the protection of the rights of another natural or legal person, or
  4. for reasons of important public interest of the Union or of a Member State.

5. Right to Data Transfer

The User has the right to receive the personal data concerning them, which they have provided to the Data Administrator, in a structured, commonly used format, and has the right to transmit that data to another administrator.

The User also has the right to request that their personal data be transmitted directly by the Data Administrator to another administrator, where technically feasible.

6. Right to Object

The User has the right to object, at any time and for reasons related to their particular situation, to the processing of their personal data:

  1. in the public interest, in the exercise of official authority vested in the Data Administrator,
  2. for direct marketing purposes, including profiling to the extent that it is related to such direct marketing,
  3. for the legitimate interest of the Data Administrator.

The procedure for handling objections and all related communication is free of charge, and it is also possible to submit an objection electronically.

7. Right to Lodge a Complaint

The User has the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement.

8. Right Not to Be Subject to a Decision Based Solely on Automated Processing (Including Profiling)

The right not to be subject to a decision based solely on automated processing (including profiling) is granted to the User due to the development of technologies and marketing techniques based on data collected during the use of online services.

Profiling is any form of automated processing of personal data that involves the use of personal data to evaluate certain personal aspects of the User—particularly to analyze or predict aspects related to their work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

The User may exercise this right if two conditions are met:

  1. first, the User is subject to a decision based solely on automated processing of personal data, including profiling,
  2. second, that decision produces legal effects concerning the User or similarly significantly affects them.

Automated decision-making in individual cases, including profiling, cannot be prohibited if the decision:

  1. is necessary for entering into or performing a contract between the User and the Data Administrator,
  2. is permitted by Union law or the law of a Member State to which the Data Administrator is subject, and which provides appropriate safeguards for the rights, freedoms, and legitimate interests of the User,
  3. is based on the explicit consent of the User.

VI. COOKIES AND OTHER TECHNOLOGIES USED BY THE DATA ADMINISTRATOR

The Data Administrator uses cookies and other similar technologies to improve efficiency and offer Users increasingly advanced website functionalities and more tailored advertisements. Cookies are fragments of code in the form of text files corresponding to HTTP requests sent to the Data Administrator’s server. They serve to ensure optimal handling of the User’s visit to the website and enable faster and easier access to information. The storage of information or access to it does not cause configuration changes to the User’s device or the software installed on it.

Information contained in cookies and similar technologies is considered personal data only when linked with other personal data available about the given User. If the User does not agree to the storage and retrieval of information via cookies, they may change the cookie settings using their web browser or apply the so-called opt-out option on the website of the provider of the given technological solution.

Detailed information regarding the technologies used by the Data Administrator is available in the Cookie Policy located at the address: Cookie preferences.

VII. OTHER IMPORTANT INFORMATION

1. Protection of Personal Data Security

The Data Administrator implements various measures to ensure the security of the User’s personal data. The secure use of the services offered is supported by systems and procedures designed to prevent unauthorized access and disclosure of data to unwanted parties. Additionally, the systems and procedures used by the Data Administrator are regularly monitored to detect potential threats. Personal data collected by the Data Administrator is stored in computer systems with strictly limited access.

2. Changes to the Privacy Policy

The Data Administrator reserves the right to make changes to this Privacy Policy if the information contained herein becomes outdated due to modifications to the services provided, the launch of a new service, the introduction of a new processing activity, changes in legal regulations, or other significant circumstances justifying such changes.

The User will be notified of such changes promptly via a notice posted on the website.

VIII. INFORMATION CLAUSE

INFORMATION ON THE PROCESSING OF PERSONAL DATA ON THE LINKEDIN PLATFORM