PRIVACY POLICY ON THE WEBSITE
1. Definitions
1.1. Administrator – BURY Sp. z o. o. based in Mielec, ul. Wojska Polskiego 4, 39-300 Mielec.
1.2. Personal Data – all information about an individual who is identified or identifiable through one or more specific factors, including device IP, location data, internet identifiers, and information collected via cookies and similar technologies.
1.3. Policy – this Privacy Policy.
1.4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
1.5. Website – the website operated by the Administrator at the web address www.bury.com.
1.6. User – any natural person visiting the Website or using one or more of the services or functionalities described in the Policy.
2. Data Processing Related to Website Use
In connection with the User’s use of the Website, the Administrator collects data necessary for providing individual services and information about the User’s activity on the Website. Below are the detailed principles and purposes of personal data processing collected during the User’s use of the Website.
2.1. Cookies
Our Website uses cookies. Cookies are small text files stored on the User’s computer and saved by the User’s browser. Cookies do not harm the User’s computer or contain viruses. Cookies make our Website more user-friendly, efficient, and secure.
Most of the cookies we use are so-called “session cookies.” These are automatically deleted after the User finishes visiting the Website. Other cookies remain on the User’s device until deleted. These cookies allow us to recognize the User’s browser when the User revisits our Website.
The use of cookies on the Website does not aim to identify Users. The Policy governs the processing of data related to the use of first-party cookies.
NECESSARY COOKIES
The Administrator uses necessary cookies mainly to provide Users with services and functionalities on the Website that the User wants to use. Necessary cookies may only be installed by the Administrator via the Website. The legal basis for processing data in connection with the use of necessary cookies is the performance of a contract (Article 6(1)(b) of GDPR).
FUNCTIONAL AND ANALYTICS COOKIES
Functional cookies are used to remember and tailor the Website to the User’s choices, including language preferences. Analytical cookies allow the collection of information such as the number of visits and traffic sources on the Website. These are used to determine which pages are more or less popular and understand how Users navigate the Website by conducting statistics on Website traffic. The data processed by these cookies is aggregated and is not intended to identify the User. The legal basis for processing personal data in connection with the use of necessary and analytical cookies by the Administrator is its legitimate interest (Article 6(1)(f) of GDPR), which involves ensuring the highest quality of services provided on the Website.
Processing of personal data related to the use of functional and analytical cookies depends on the User’s consent to the use of these cookies (separately) through cookie consent tools. This consent can be withdrawn at any time through these tools.
MARKETING COOKIES
Marketing cookies are used to track Users on websites. Such cookies may be used on the Website to provide Users with social functions related to the use of services from our social partners, who may use them for marketing purposes and to track User activity with built-in services. Partners may combine this information with other data received from the User or obtained while using their services for marketing purposes. The legal basis for processing personal data in connection with the use of marketing cookies by the Administrator is its legitimate interest (Article 6(1)(f) of GDPR), which involves ensuring the highest quality of services provided on the Website.
Processing of personal data related to the use of marketing cookies is possible after obtaining the User’s consent through cookie management tools. This consent can be withdrawn at any time through these tools.
2.2. Server Log Files
The Administrator automatically collects and stores information that the User’s browser automatically transmits to us in the form of “server log files.” These include:
– Browser type and version
– Operating system used
– Referrer URL
– Hostname of the accessing computer
– Exact date and time of the request to the server
– IP address
This data will not be combined with data from other sources. The legal basis for processing personal data is the Administrator’s legitimate interest (Article 6(1)(f) of GDPR) in ensuring the proper functioning of the Website and analyzing how Users utilize the Website.
3. Purposes and Legal Grounds for Data Processing on the Website
Personal data of all individuals using the Website (including IP addresses or other identifiers and information collected through cookies or other similar technologies) is processed by the Administrator:
3.1. To provide services electronically, such as making the content available to Users on the Website – the legal basis for processing is the necessity to perform the contract (Article 6(1)(b) of GDPR).
3.2. For analytical and statistical purposes – the legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) of GDPR), which involves analyzing User activity and preferences to improve the functionalities and services provided.
3.3. If the User submits a product vulnerability report or system issue report via a dedicated form to the Administrator or another entity in the BURY Capital Group, personal data included in the report is processed to facilitate the handling of the submission. The legal basis for processing is the legitimate interest of the Administrator and/or the BURY Capital Group entity (Article 6(1)(f) of GDPR), where the legitimate interest is to manage vulnerability reports and communicate with the submitter. Further details regarding the processing of the submitter’s data can be found here.
3.4. For marketing purposes – the legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) of GDPR), which involves ensuring the highest quality of services provided on the Website.
3.5. To determine, pursue, or defend claims – the legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) of GDPR), which involves protecting the Administrator’s rights.
3.6. User activity on the Website, including personal data, is logged in system logs (a special computer program used to store a chronological record of events and actions related to the IT system used to provide services by the Administrator). The information collected in the logs is processed mainly for service provision purposes. The Administrator also processes them for technical and administrative purposes to ensure the security of the IT system and manage the system, as well as for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of GDPR).
3.7. If the User submits a query to the Administrator or an entity from the BURY Capital Group via the contact form, the data entered into the form, including contact details, is processed to handle the response to the questions or requests. The legal basis for processing is the legitimate interest of the Administrator and/or the BURY Capital Group entity to which the question is addressed (Article 6(1)(f) of GDPR), where the legitimate interest is to handle inquiries and provide responses to questions about the Administrator’s or BURY Group’s services or products.
3.8. If the User submits a report of a law violation via a dedicated form, personal data will be processed to handle internal reports and take subsequent actions in connection with the Whistleblower Protection Act of June 14, 2024. The legal basis for processing is compliance with legal obligations imposed on the Administrator or the legitimate interest of the Administrator, which involves receiving, verifying, and investigating reports of law violations or a significant public interest (Article 6(1)(c) GDPR, Article 6(1)(f) GDPR, Article 9(2)(g) GDPR if personal data is included in the whistleblower’s report). Further details regarding the processing of the whistleblower’s data can be found here.
4. Data Retention Period
4.1. The retention period of personal data by the Administrator depends on the type of service provided and the purpose of processing. Generally, data is processed for the duration of the service or the contract until the consent is withdrawn or an objection to data processing is effectively raised when the legal basis for data processing is the Administrator’s legitimate interest.
4.2. The retention period may be extended if processing is necessary to establish, assert, or defend against possible claims, and after this time, only if required by law. After the retention period, personal data is irreversibly deleted or anonymized.
4.3. Personal data processed in connection with a report of a law violation or subsequent actions are stored for 3 years after the end of the calendar year in which the report was submitted or follow-up actions were completed, or after the completion of proceedings initiated by these actions. Personal data irrelevant to the consideration of the report will not be collected, and if accidentally collected, it will be immediately deleted. The deletion of such personal data will occur within 14 days of determining that it is irrelevant to the case.
5. User rights
5.1. The User has the right to: access the content of their data and request its rectification, deletion, restriction of processing, data portability, and the right to object to data processing, as well as the right to lodge a complaint with a supervisory authority responsible for personal data protection.
5.2. To the extent that the User’s data is processed based on consent, the consent can be withdrawn at any time by contacting the Administrator at the email address: rodo@bury.com or by postal address: ul. Wojska Polskiego 4, 39-300 Mielec.
5.3. The User has the right to object to data processing for marketing purposes if the processing is carried out based on the Administrator’s legitimate interest and, in other cases, for reasons related to the User’s particular situation, when the legal basis for data processing is the Administrator’s legitimate interest (e.g., for analytical or statistical purposes).
5.4. More information about rights arising from GDPR can be found in our Personal Data Processing Policy in the BURY Group, which can be accessed here.
6. Data Recipients
6.1. In connection with the provision of services, personal data may be disclosed to external entities, including, in particular, suppliers responsible for the maintenance of IT systems; entities affiliated with the Administrator, including companies in its capital group.
6.2. With the User’s consent, their data may also be disclosed to other entities for their own purposes, including marketing purposes.
6.3. The Administrator reserves the right to disclose selected information about the User to competent authorities or third parties who request such information based on an appropriate legal basis and in accordance with applicable law.
7. Transfers of data outside the EEA
7.1. The level of personal data protection outside the European Economic Area (EEA) differs from that provided by European law. Therefore, the Administrator transfers personal data outside the EEA only when necessary and with an appropriate level of protection, primarily through:
– cooperation with entities processing personal data in countries for which the European Commission has issued an adequacy decision;
– using standard contractual clauses issued by the European Commission;
– applying binding corporate rules approved by the competent supervisory authority.
7.2. The Administrator always informs about the intention to transfer personal data outside the EEA at the time of data collection.
8. Personal Data Security
8.1. The Administrator continuously conducts risk analysis to ensure that personal data is processed securely, ensuring, above all, that only authorized persons have access to the data and only to the extent necessary for their tasks. The Administrator ensures that all operations on personal data are recorded and carried out only by authorized employees and associates.
8.2. The Website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and confidential information, such as inquiries sent by Users. The User can recognize the encrypted connection by changing the website address in the browser from “http://” to “https://” and by the appearance of a lock icon next to the address. When SSL or TLS encryption is activated, the data transmitted cannot be read by third parties.
8.3. The Administrator takes all necessary actions to ensure that its subcontractors and other cooperating entities provide guarantees of applying appropriate security measures whenever they process personal data on behalf of the Administrator.
9. Contact information
Contact with the Administrator is possible via email: rodo@bury.com or postal address: ul. Wojska Polskiego 4, 39-300 Mielec, Poland.
10. Changes to the Policy
The Policy is regularly reviewed and updated as necessary. The current version of the Policy was adopted on 24.09.2024.