Privacy policy

Privacy policy for the use of Gemius products

UpdatedDecember 31, 2022.

This policy uses terms defined in the Gemius Services Terms and Conditions. It is addressed to Users of Application Interfaces who use our Services on behalf of and for the benefit of our Clients.

Dear User, if you additionally represent our Client legally or coordinate the implementation of the contract with us, additional information for you is available in informations for contractors.

Who is the controller of your data?

The data controller of your personal data is Gemius SA, with its registered office in Warsaw, at 48 Domaniewska Street, Poland (hereinafter: "We").Information about our Capital Group (i.e., the Gemius Group) you can find on the www.gemius.com website.

What data do we process? Is it necessary to provide the data?

Personally identifiable data

As part of the registration procedure, you provide data (you or our Client) such as, for example,email address,password, and username. The username may also contain information about the Client. The set of identification data may vary depending on the Service.

Providing this data is necessary for the cooperation between our Client and us and to ensure the security of data disclosed by the Interface.

Data about the use of our Services

When you use the Application Interface, some data is transmitted to us automatically. This includes data such as your IP address, operating system data, browser details, information from cookies and other technologies, the time of your visit, and information about the pages you viewed before entering our website. You can read more about the use of cookie technology in our Cookie Policy.

Sending some of this data is necessary for the provision of the Service (such as sending your IP address and server logs), and the data associated with cookies is sent voluntarily (based on your consent expressed in accordance with the Telecommunications Law).

For what purpose and for how long is the data processed?

Type of data Purposes of data processing Legal basis Retention period
Personally identifiable data and Data about the use of our services Ensuring accountability of the Services provided (the Clients Information Security and protection of intellectual property) The legitimate interest of the controller (Article 6(1)(f) of the GDPR) For the duration of the contract with the Client, and then until the limitation of possible claims for breach of confidentiality, no longer than 6 years from the end of the calendar year from the next year in which the event giving rise to the claims occurred
Personally identifiable data and Data about the use of our services The execution of the contract concluded between us and the Client, including the provision of technical support, conducting communications related to the performance of the Services and projects specified in the Services The legitimate interest of the controller (Article 6(1)(f) of the GDPR) For the duration of the contract with the Client, and then until the limitation of possible claims, no longer than 6 years from the end of the calendar year from the next year in which the event giving rise to the claims occurred.
Personally identifiable data and Data about the use of our services Enforcement of claims The legitimate interest of the controller (Article 6(1)(f) of the GDPR) Until the limitation of possible claims, no longer than 6 years from the end of the calendar year from the next year in which the event giving rise to the claims occurred.
Personally identifiable data For marketing or promotional purposes Your consent, which you can revoke at any time (Article 6(1)(a) of the GDPR) For the duration of the contract with the Client, and then until you revoke your consent.
Data about the use of our services Improving the quality of our Services (e.g. identifying the most frequently used functionalities) The legitimate interest of the data controller (Article 6 (1) (f) of the GDPR) in connection with the consent given pursuant to Article 173 of the Telecommunications Law We use cookies or similar technologies(local storage files).To learn more about the retention period, go to our Cookie Policy
Data about the use of our services Saving your preferences and adjusting of Application Interface accordingly. The legitimate interest of the data controller (Article 6 (1) (f) of the GDPR) in connection with the consent given pursuant to Article 173 of the Telecommunications Law We use cookies or similar technologies(local storage files).To learn more about the retention period, go to our Cookie Policy

To whom is the data transferred, and with whom is it shared?

Some data, such as your email address, Username (if provided) may be available to other users of the Service connected as part of the project (if such an option is availabletothe serviceyouare using) as well as to our technical support staff.

Your personal data will not be transferred to third countries unless the Client'sregistered officeis located in a third country. The recipient of personal data may be:

  • Client,
  • other people who work with you on specific projects within the Services;
  • other entities from the Gemius Group, providing e.g. technical, legal or accounting services,
  • entities providing legal services and audit entities,
  • entities cooperating with us to the extent indicated in the agreement with the Client,
  • entities delivering correspondence,
  • public authorities entitled to obtain data on the basis of the binding law,
  • suppliers acting on our behalf, including CRM system providers outside the European Economic Area (data is transferred subject to security measures provided for by law).

What are your rights?

You have the right to:

  • withdraw your consent to the processing of your data,
  • request access to your personal data and request a copy of it and request its portability,
  • request rectification of your personal data,
  • request restriction of processing of your personal data,
  • request deletion of your personal data,
  • object to the processing of your personal data.

What are the risks associated with the processing of your data?

You should protect your passwordbecauseour Client (being your client, employer, or business partner) isliable to us for theactivities taken with the use of your Account (i.e., related to the use of your login details).If you didnot create an account, and someone else did it for you - change your password the first time you use your account in the Services.If you suspect your Account has been hacked, please let us know immediately.

How can you contact us regarding the processing of your personal data?

Any questions and doubts regarding data processing can be directed to our e-mail address: privacy[at]gemius.com.We have appointed a Data Protection Officer– Jacek Grabowski,whom you can contact at this address.If you believe that we are not acting in accordance with these rules or if you have any questions about them, don’t hesitate to get in touch with us at the above email address or by mail at our postaladdress.You can also lodge a formal complaint with the competent data protection authority.