Onely is responsible for the administration of your personal data and has full processing and regulatory control (spółka z ograniczoną odpowiedzialnością (Ltd) (“Onely”). Full details of our Privacy Policy (“PP”) is available at https://www.onely.com/privacy-policy/. The purpose of this PP is to clarify how we process your personal data in accordance with the current Data Protection Legislation. As Onely may change or amend this PP, regular review is recommended.

We are committed to safeguarding your privacy. Our aim is to ensure you are kept up-to-date with any new regulations on personal data protection, including the General Data Protection Regulation 2016/679, dated 27.04.2016 (“GDPR). With this in mind, we want to make you aware of the legal basis for data processing, its collection, and use, as well as the rights of those who have their personal data processed.

Should you have any concerns or questions regarding the use of your personal data, please contact us at [email protected], or Onely, Ojca Beyzyma, 553-204, Wrocław, Poland.

What is personal data and what does data processing mean? 

Personal data is information about an identifiable or identified natural person. Processing personal data is, in essence, when any action is taken on personal data, regardless of whether this is an automatic or manual process, i.e., for the purposes of: collection, storage, organizing, modification, reviewing, use, sharing access. Limited data may be deleted or shared. Onely processes personal data for various reasons; depending on the reason, the application of the data will vary regarding how it is collected, what the legal basis is for its processing and use, as well as the terms for its storage. 

When is the Privacy Policy applicable? 

This PP is applicable to all cases where Onely administrates and/or processes personal data. It applies also to cases where Onely processes personal data acquired directly from the person owning the data, as well as when personal data is acquired from other sources. Onely fulfills its informative duties stated in the GDPR. Articles 13 and 14. Please find below full information about Onely as the personal data Administrator: 

Onely’s registered office is Wrocław, Ojca Beyzyma, 553-204, Wrocław, NIP: 8971863274, KRS: 0000846525’ the person responsible for Onely’s data protection is Katarzyna Berbas, [email protected]

How, on what legal basis, and what type of personal data is processed by Onely? It is important to us that Onely is transparent as to why we collect personal data and the legal basis for our data processing. We take great care to provide all necessary information regarding personal data to anyone whose data we process as the Administrator. Towards our aim to provide clear information, this document provides a full explanation of how Onely processes your personal data.

Additionally, we want to point out that when processing personal data on the basis of the Administrator’s legally justifiable interest, any process analyses are aimed at balancing our interests and possible influence on the person who provided the data (both positive and negative influences), with the rights of this person in accordance with all personal data protection laws. We do not process personal data solely on the basis of our justified interest in case we conclude that the impact on the person who provided the data would prevail over our interests. (However, we can process personal data in cases where we have  consent, legal requirement, or a legal basis.) 

Processing personal data of people visiting Onely’s websites or using Onely’s “Services”. 

General Information

Natural people visiting Onely’s website or using Onely’s services,  jointly referred to as “Services”, have full control over personal data provided to us. The Services limit data collection and use to a minimum. 

Cookies

To a limited extent, we may also collect personal data automatically by using the cookies’ files found on our website. Cookies are small text files saved on the user’s computer or mobile device whilst using the Internet. These files are used to explore some of the functionality provided on the website or act as confirmation that a certain user has seen specific website content. We only use cookie files that are absolutely required for Onely’s Services to operate and are used to ensure: 

  •  the user’s session is maintained
  • utilization of data used to log into: www.onely.com 

Another type of cookie category is for files that, whilst they are not necessary to use the Services, they facilitate enabling: 

  • saving the user’s choice to cancel visibility of their chosen notification, or screening the notification for a specified number of times
  •  automatic login to the service (the “remember me” option)

Onely also uses third-party services (a list of which is constantly updated) that use cookie files to: 

  • monitor website traffic
  • create anonymity for collected statistics which help Onely understand how users visit the website and to constantly improve our products 
  • report on the number of anonymous users of our website to assist with website-visit analysis 
  • check the frequency that specified content is shown to the user 
  • check the frequency on user choice of a specified service
  • measure marketing effectiveness 

At the date of creation of this document, the following third parties provide services on the aforementioned basis: 

Please remember, you can remove all cookies from your browser at any time or use the private browsing mode. To find out how to do this, please visit your browser’s ‘Help’ section. 

Onely states that after cookie files are discarded, some functionalities provided by our Services may not act properly; in some cases, this can result in an inability to use certain products. 

Entry logs

We collect user information on our Services from their IP addresses by analyzing entry logs. We use this information to diagnose problems related to server activity, possible security breaches, and website management. IP addresses are also used for statistical reasons, namely, to collect and analyze the demographic data of people visiting the website (i.e., regional information to show where the connection was made). On this basis, in some cases, general statistical tables are created and are shared with cooperating third parties. These tables usually contain information about website visibility but do not, however, contain any data enabling identification of a single user (and their identity); we feel it important to highlight this fact. 

We also want to let you know that we may be obliged to reveal information regarding the IP address of a specified user, if demanded (and authorized by f the provisions of law) by state authorities who perform their own investigations and/or cases. 

Newsletter

We may also process your personal data if we send you the Newsletter – provided that you have previously given your consent. 

Comment 

When posting a comment, the information you provide in the “Name” or “Comment” sections will be public and visible to anyone who accesses the site. We use DISQUS for commenting on our site – more information can be found on: disqus.com/en/articles/1717103-disqus-privacy-policy. Additionally, Onely has active Instagram, Facebook and Twitter accounts for readers to share their comments. 

Remaining data

Generally, we only collect more detailed user data, such as e-mail addresses or other personal data if it is absolutely necessary to provide a specific service or to answer questions raised in the ‘Contact’ form. In this instance, we will process the personal data of:

  • Onely’s clients; 
  • anyone contacting Onely to get information about a specific offer of company services, or to share information about Onely’s services or products
  • anyone contacting Onely to enter into a contract with Onely.

Automated personal data procession 

Information that we collect regarding our Services’ activities may be automatically processed (including using profiling); however, this will not result in any legal consequences for any natural persons or affect their situation in any way. We state that with regards to profiling: 

  • we do not process any sensitive data
  • we only use the data we have collected 
  • data obtained through profiling does not always have to be pseudonymized (Pseudonymisation is defined within the GDPR as “the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, as long as such additional information is kept separately and subject to technical and organizational measures to ensure non-attribution to an identified or identifiable individual”)
  • if we cannot reach our target by profiling collected personal data, we use normal data such as e-mail, IP details, and cookies 
  • we do this for analysis or a prognosis of personal preferences and/or interests of anyone using our Services in order to match our content to their preferences 
  • we also do this for marketing reasons, i.e,. to match the marketing offer with the said user’s preferences

Legal basis for processing

When processing personal data in relation to using Onely’s Services, we may have different legal foundations and reasons for processing categories of personal data.  These are as follows: 

– The personal data of people visiting our website is processed on the basis of legally justifiable administrator’s interest, i.e., to match informative and marketing content, or on a consensual basis where we asked the user to provide such consent. 

– The personal data of people subscribing to the Newsletter and who contact Onely via the ‘Contact’ form, is processed on the basis of consent 

– Sometimes the law requires us to process some personal data for tax and financial reasons. 

Processing personal data of people contacting Onely to get information on a specific offer of company services, or to share information on Onely’s services or products, as well as of people making contact to enter into a contract with Onely.

The below personal data is collected from people contacting Onely to get information on an offer or to share information on Onely ’s services or products, as well as those making contact to enter into a contract with Onely:

  • name and surname
  • company
  • e-mail address
  • phone number n

This is especially the case for those people who may contact us via e-mail on the website or via chat message. Such messages will include username, e-mail, and other information that the user may want to include in their message. 

If you have agreed to receive the Newsletter we process, among other things, your name and e-mail address. 

We respectfully ask our visitors not to provide any sensitive personal information via the website, such as race and ethnicity, political views, religious or philosophical views, trade union membership, physical and mental health details, genetic data, biometric data, sexuality, and criminal record. If such data is provided for whatever reason, it would be seen as direct consent to collect and use such personal data.

Legal basis for processing data

We collect the aforementioned data on the basis that the user has consented and has requested Onely to process their data.  Or, so that Onely can fulfill their contractual obligations (acting after the request) towards such a person. We may also process the provided data on the basis of the justified legal interest of the administrator. 

Processing the data of Onely’s clients 

Onely processes the personal data of their clients and prospective clients (“Clients”). Included in this data may also be some personal data of anyone connected to Onely’s clients (i.e., contact people). Such personal data is processed in Onely’s computer systems. This personal data includes name and surname, company’s name, position at the company, phone number, e-mail, and other service contact data. Moreover, in the case where clients have entered into paid contracts with Onely, some financial information is processed including credit card and bank account details. Business contacts’ personal data may also be processed to share with  Onely’s representatives in order to expand Onely’s commercial activity. 

We would also like to highlight that the above information about cookies and entry logs, also applies when processing data of natural people using our online Services. 

Processing the personal data of natural people who are our clients is based on: 

  • a justified interest in Onely as the data Administrator (i.e., regarding database creation, analytical actions, profiling, product-use analysis, direct marketing, and securing documentation for possible legal actions)
  • consent (especially for marketing and telemarketing purposes)
  • execution of a contract
  • legally binding obligations (i.e., tax and financial laws)

Processing the personal data of natural people who are prospective customers is based on: 

  • a justified interest in Onely as the data Administrator (i.e., regarding database creation, analytical actions, profiling, product-use analysis, and direct marketing) 
  • consent (especially for marketing and telemarketing purposes)

Automated processing of personal data

Information that we collect from the use of our products online may be automatically processed (including by profiling, but also by monitoring the user experience of a product or service); this would neither cause any legal consequences to the natural person or anyhow impact their situation. When using profiling, please find below specific details to explain how we use this::

  • we do not process any sensitive data
  • we only use the data we have collected
  • data obtained through profiling does not always have to be pseudonymized (Pseudonymisation is defined within the GDPR as “the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, as long as such additional information is kept separately and subject to technical and organizational measures to ensure non-attribution to an identified or identifiable individual”)
  • if we cannot reach our target by profiling personal data, we use normal data such as e-mail, IP details, and cookies;
  • we profile in order to make an analysis or a prognosis of personal preferences and/or interests of people using our Services and to match our content to such preferences 
  • we profile for marketing reasons, i.e., to match the marketing offer with the said preferences of users

Legal basis for processing

If the end-users of our Services are also Onely’s c, the legal basis for processing their data is the same as in the section above. If such end users are not clients, the legal basis of the processing is, depending on the situation and category of data, either consent (especially for e-mail marketing or telemarketing purposes), or Onely ’s justified interest as the Administrator (i.e., for service delivery, analyses, profiling, direct marketing, documentation security, possible claim filing, and defense). 

How long do we process personal data?

The term in which we can process personal data is dependent on the legal basis for data collection. Onely’s policies strongly state that we do not process data for a period longer than the said legal basis allows. In effect, we state that: 

1) If Onely processes personal data on the basis of consent, the processing period lasts until the consent is withdrawn.

2) If Onely processes personal data on the basis of a justified interest by the data Administrator, the processing period lasts only until such interests exist (i.e., the statute of limitation for civil claims), or until a person, whose data is processed, opposes such processing – in cases where it is applicable by law. 

3) If Onely processes personal data because it is required by law; the terms for data processing are usually legally defined (i.e., the reason for the claim, or the reasons for defending the claim). Onely will retain the data until the end of the applicable term or until the end of proceedings. 

4) If there is a lack of any specific legal or contractual requirements, the basic term of data retention regarding saved documentary evidence shall be no longer than ten years. 

How and when do we share personal data with third parties? Do we transfer data to third-party states? 

We transfer personal data to third parties only when the law enables us to do so. In such cases where a contract is entered with a third party, we include terms and safety mechanisms to uphold our standards in data protection, confidentiality, and security. Such contracts are referred to as data processing agreements; Onely retains control over the method and scope of processing by the party vested in the data processing. As a result, the recipients of personal data processed by Onely may include: 

  • The aforementioned bodies who process the data on the basis of the data processing agreement (the ‘processors’). 
  • Anyone providing hosting services for Onely.
  • Marketing or sales representatives acting on behalf of Onely. 
  • Other Onely’s subcontractors who provide software, maintenance or hardware services for Onely, as well as our suppliers. 
  • Anyone providing survey reporting services (i.e.,customer satisfaction). 
  • Debt collection companies (this data is transferred only within the scope required to achieve specific aims).
  • Accountants, auditors, legal consultants, and tax advisors. 
  • Public bodies controlling legal compliance, regulatory and other public authorities. 

With regards to the last two examples, the data is transferred only after and when it is actually necessary; the legal requirements are based on the binding provisions of law and within its limitations.

Our Partners are based mainly in Poland and in the other countries of the European Economic Area (EEA). Some of our Partners are based outside of the EEA. Referring to the eventual transfer of your data outside the EEA, we have made sure that our Partners guarantee a high level of personal data protection. Onely minimizes the range of personal data transferred outside the EEA. We guarantee a high level of personal data protection as a result of the obligation to use standard contractual clauses (SCC) adopted by the EU Commission. When SCC is used, Onely verifies the risk of any personal data protection breach, for example, we will check what personal data protection measures are used and whether any disclosed data may be the subject of third-country interest. 

How is personal data protected? 

The Data Controller makes all possible efforts to ensure all physical, technical, and organizational measures for personal data protection are in place to safeguard against accidental or deliberate destruction, accidental loss, alteration, and unauthorized disclosure; also to ensure that use or access is in accordance with all applicable regulations. 

What rights does a person have who is concerned by data and how do they know how to execute them? 

Natural people have specific rights regarding their personal data.  Onely, as the data Administrator, is responsible for the execution of these said rights within the provisions of the law. In the case of any questions and requests regarding the scope and execution of these said rights,  as well as if anyone wants to contact us in order to proceed with a specific personal data protection right , we respectfully ask you to e-mail: [email protected]. We reserve the right to act on the said rights’ execution after positive verification of the identity of the person making the request. 

Natural people retain the right to access their personal data that is collected by the Administrator and can be requested by e-mailing [email protected].

Modification of personal data

To request sight of, or modification of one’s personal data that is processed by Onely, please e-mail [email protected].

Withdrawing consent

When data processing is performed on the basis of consent, natural persons have the right to withdraw their consent at any moment. We provide information about this right at the point of collecting consent and enable withdrawal of consent as easily as it is to express consent. In any instance where a lack of contact detail such as address or telephone number prevents you from withdrawing your consent, please email [email protected].

The right to limit, or to file objections against, the processing of personal data 

Natural people have the right to limit, or to file objections against, data processing at any time due to personal preferences unless the processing is required by law. 

A natural person may file an objection against the processing of their data when: 

  • processing was performed on the basis of a legally justified interest or for statistical reasons and their objection is justified by the individual’s personal preference, and if their personal data was processed to support direct marketing and was profiled for that reason. 
  • A claim to limit the scope of processed data is applicable if a person notices that their data is incorrect. Then, a person can request limiting their data processing for the duration of time that their details are corrected.. 

Remaining rights. The right to be forgotten and the right to transfer personal data 

The right to be forgotten may be exercised when personal data is no longer required because either it had been previously collected by Onely, or because the person withdraws their consent for Onely to process their data. This right also applies if a person files an objection against their data processing, or if their data is processed without any legal basis. Data will also be deleted as a result of fulfilling the legal obligation.

The right to transfer data is applicable when the processing is performed on the basis of consent or a contract and in cases when the processing is automated. 

Any other questions, requests, and complaints 

If Clients have any questions, objections, or requests regarding this PP or about the way we process personal data, as well as to raise any complaints (although we hope there will be no necessity for this!), we kindly ask you to e-mail us. Any, and all, received questions, requests, and complaints will be respected and answered. 

Anyone whose personal data is processed by Onely, has the right to file a complaint to the controlling authority: Generalny Inspektor Ochrony Danych Osobowych (General Inspector of Personal Data Protection). (The address: Generalny Inspektor Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa.)

When and how could we amend this PP? 

We guarantee that we will regularly review this PP and will amend it when necessary or when required due to new legal provisions, new guidelines from those bodies responsible for the personal data processing control e process, and best market practices we will update our information if Onely becomes bound by such codes of good practice). We reserve the right to amend this PP if there is a change in the technology we use to process data (providing any such change impacts this document) and if there are changes in the methods, reasons, and legality concerning the personal data collected by us.