This policy uses the following terms definitions:
| Term | Definition |
| User | you, as an individual who uses the Services on behalf of the Client. |
| Application Interface | a graphical interface that allows you to access, display, and analyze the data. |
| Service | the service that we provide electronically to our Client. |
| Client | we mean the entity that has access to the data / uses our services. |
| Account | the resources in our IT system that you accesses after logging in. An account allows you to use the uses the Services. |
This Policy is addressed to Users of Application Interfaces who use our Services on behalf of and for the benefit of our Clients.
If you additionally represent our Client legally or coordinate the implementation of the contract with us, additional information for you is available in informations for contractors.
The data controller of your personal data is Gemius SA, with its registered office in Warsaw, at 48 Domaniewska Street, Poland (hereinafter: "We").Information about our Capital Group (i.e., the Gemius Group) you can find on the www.gemius.com website.
As part of the registration procedure, you provide data (you or our Client) such as, for example,email address,password, and username. The username may also contain information about the Client. The set of identification data may vary depending on the Service.
Providing this data is necessary for the cooperation between our Client and us and to ensure the security of data disclosed by the Interface.
When you use the Application Interface, some data is transmitted to us automatically. This includes data such as your IP address, operating system data, browser details, information from cookies and other technologies, the time of your visit, and information about the pages you viewed before entering our website. You can read more about the use of cookie technology in our Cookie Policy.
Sending some of this data is necessary for the provision of the Service (such as sending your IP address and server logs), and the data associated with cookies is sent voluntarily (based on your consent expressed in accordance with the Telecommunications Law).
| Type of data | Purposes of data processing | Legal basis | Retention period |
| Personally identifiable data and Data about the use of our services | Ensuring accountability of the Services provided (the Clients Information Security and protection of intellectual property) | The legitimate interest of the controller (Article 6(1)(f) of the GDPR) | For the duration of the contract with the Client, and then until the limitation of possible claims for breach of confidentiality, no longer than 6 years from the end of the calendar year from the next year in which the event giving rise to the claims occurred |
| Personally identifiable data and Data about the use of our services | The execution of the contract concluded between us and the Client, including the provision of technical support, conducting communications related to the performance of the Services and projects specified in the Services | The legitimate interest of the controller (Article 6(1)(f) of the GDPR) | For the duration of the contract with the Client, and then until the limitation of possible claims, no longer than 6 years from the end of the calendar year from the next year in which the event giving rise to the claims occurred. |
| Personally identifiable data and Data about the use of our services | Enforcement of claims | The legitimate interest of the controller (Article 6(1)(f) of the GDPR) | Until the limitation of possible claims, no longer than 6 years from the end of the calendar year from the next year in which the event giving rise to the claims occurred. |
| Personally identifiable data | For marketing or promotional purposes | Your consent, which you can revoke at any time (Article 6(1)(a) of the GDPR) | For the duration of the contract with the Client, and then until you revoke your consent. |
| Data about the use of our services | Improving the quality of our Services (e.g. identifying the most frequently used functionalities) | The legitimate interest of the data controller (Article 6 (1) (f) of the GDPR) in connection with the consent given pursuant to Article 173 of the Telecommunications Law | We use cookies or similar technologies(local storage files).To learn more about the retention period, go to our Cookie Policy |
| Data about the use of our services | Saving your preferences and adjusting of Application Interface accordingly. | The legitimate interest of the data controller (Article 6 (1) (f) of the GDPR) in connection with the consent given pursuant to Article 173 of the Telecommunications Law | We use cookies or similar technologies(local storage files).To learn more about the retention period, go to our Cookie Policy |
Some data, such as your email address, Username (if provided) may be available to other users of the Service connected as part of the project (if such an option is availabletothe serviceyouare using) as well as to our technical support staff.
Your personal data will not be transferred to third countries unless the Client'sregistered officeis located in a third country. The recipient of personal data may be:
You have the right to:
You should protect your passwordbecauseour Client (being your client, employer, or business partner) isliable to us for theactivities taken with the use of your Account (i.e., related to the use of your login details).If you didnot create an account, and someone else did it for you - change your password the first time you use your account in the Services.If you suspect your Account has been hacked, please let us know immediately.
Any questions and doubts regarding data processing can be directed to our e-mail address: privacy[at]gemius.com.We have appointed a Data Protection Officer– Jacek Grabowski,whom you can contact at this address.If you believe that we are not acting in accordance with these rules or if you have any questions about them, don’t hesitate to get in touch with us at the above email address or by mail at our postaladdress.You can also lodge a formal complaint with the competent data protection authority.