Privacy policy

Controller

Authologic sp. z o.o. (02-482), ul. Sklepowa 24, entered into the register of businesses of the National Court Register kept by District Court for the capital city of Warsaw in Warsaw, 12th Commercial Division of the National Court Register, under KRS (National Court Register) number: 0000851095, NIP (Tax Identification Number) 5223186837, REGON (National Business Register Number) 38657853, share capital: PLN 22 000.00 ("We", "Us", "Our"), operator of the website at: www.authologic.com.

Controller’s contact details

You can contact us by email at: kontakt@authologic.com, or by writing to: Authologic Sp. z o.o., ul. Złota 59, 00-120 Warszawa.

In all matters concerning the processing of your processing data, you may contact our Data Protection Officer, Ms Karolina Legierska, who can be reached by email at: iod@authologic.com.

Information on processed personal data

Provision of identity verification services

• Processed data

  • Depending on the Tool, we process identification data (including name and IP address) and contact data (including phone number and email address), and in some cases biometric data.
  • The specific scope of data depends on the Tool used to verify your data, and we indicate this scope before you use our service.

• Purpose of processing

  • To enter into a contract for the provision of data verification services and to fulfil our obligations under this contract.
  • To share your personal data with Partners and Tool providers.
  • To establish, pursue, or defend against legal claims.
  • For other purposes to which you have consented, provided that we request your consent to the processing of your personal data and you provide such consent.

• Legal basis

  • Processing is required to take the necessary steps prior to entering into a contract and for the performance of the contract (Article 6 (1) (b) of GDPR).
  • Consent to share data (Article 6 (1) (a) of GDPR).
  • Pursuit of our legitimate interests (Article 6 (1) (f) of GDPR), where the exercise of our rights is our legitimate interest.
  • Data is processed based on provided consent (Article 6 (1) (a) of GDPR).

• Retention period

  • Depending on the purpose of processing, your data will be retained:
    • For the duration of the contract – where we process data to conclude a contract for the provision of identity verification services, no longer than 6 months.
    • Until you withdraw your consent or until the purpose of data processing is completed (if possible) – where we process your data based on your consent to process it.
    • Until you successfully object to the processing or until the purpose of processing is completed – where we process your data for the marketing of our own products and services.
    • 6 months – where we process your data to establish, pursue, or defend against legal claims.

• Reason for provision of data

  • Providing personal data is voluntary, but refusing to provide data that we have identified as required may prevent us from providing the service or taking the requested action (e.g., handling a complaint).
  • Where we process data based on your consent, providing data and granting consent is voluntary, although it may be necessary to achieve the purpose of data processing, and refusing to grant consent will prevent achieving these purposes.

• Sources of personal data

  • We receive your data directly from you or through Tool providers.
  • Depending on the Tools you use, we may have access to other data.

Enabling you to use the website

• Processed data

  • Information about the device you are using (e.g. IP address, cookies).

• Purpose of processing

  • To allow you to use the website and maintain your connection.
  • For statistical purposes, including conducting market analyses and opinion surveys, to improve the quality of our services.
  • To engage in marketing activities, including customizing the content of advertisements.

• Legal basis

  • Pursuit of our legitimate interests (Article 6 (1) (f) of GDPR), where our legitimate interest is maintaining our website and providing you with access to requested content, and promoting our business.
  • Pursuit of our legitimate interests (Article 6 (1) (f) of GDPR), where our legitimate interest is adapting our offer to market expectations.
  • Consent (Article 6 (1) (a) of GDPR).

• Retention period

  • Data is processed until an objection is effectively lodged or the purpose of processing is achieved.
  • Cookies are stored for 3 months to 2 years - details are set in cookie preferences.
  • Where consent is granted, data is processed until it is withdrawn.

• Reason for provision of data

  • Providing the above-mentioned personal data is voluntary, but necessary for us to obtain information about your activity on the website (failure to provide this data will prevent us from obtaining the above-mentioned information) and to ensure proper operation of the website (failure to provide this data will result prevent the website from functioning properly).
  • Disabling or restricting cookies may result in difficulties in using the website, for example, requiring you to log in on each subpage, longer page loading times, or limitations in the use of certain functionalities.

• Sources of personal data

  • We receive your data directly from you.

Social media

• Processed data

  • Profile name, your data posted to your profile as "public", your image (if visible in photos posted on your profile as "public"), personal data you posted in comments under content posted on Our profile or sent in a private message to Our profile, statistical and advertising data collected by the social networking site.

• Purpose of processing

  • Managing our profiles on Facebook, Instagram, X, LinkedIn.

• Legal basis

  • Article 6 (1) (f) of GDPR – processing is required to pursue our legitimate interest, namely managing our profiles on social media.

• Retention period

  • Until you “unlike” or “unfollow” or perform similar actions.
  • Until you delete your comment posted under one of Our posts.
  • Until you delete the message sent to Us.
  • If none of the above actions are performed, data will remain visible for the duration of its availability on Facebook.
  • Until you object.
  • Statistical data about fan page visitors, available via the "Facebook Insights" function, will be processed for the duration of its availability on Facebook and Instagram, which is 2 years, or 12 months on X.
  • Data retention periods on Linkedin are set out in Linkedin's terms and conditions and privacy policy, and We have no influence on the retention period of this data.
  • Data is processed:
    • Until you delete your comment posted to our profile.
    • Until you delete the message sent to Us.
    • If none of the above actions are performed, data will remain visible for the duration of its availability on LinkedIn.
  • Statistical data about Profile visitors available through LinkedIn Page Insight will be processed for as long as the data is available on LinkedIn.

• Reason for provision of data

  • Providing the aforementioned personal data is voluntary, but necessary to enable the User to use our profiles on a given Website (failure to provide such data will prevent the use of our social media profiles).

We advise that with respect to statistical and advertising data, the joint controller of your personal data is the entity responsible for operating the given website, namely:

• Meta Platforms Ireland Limited – with respect to Facebook and Instagram.
• LinkedIn Ireland Unlimited Company – with respect to LinkedIn.
• X Internet Unlimited Company – with respect to X.

Detailed information regarding mutual arrangements between us and the aforementioned entities and the processing of personal data by the aforementioned entities can be found in the privacy policies and other documents published on the respective websites. Any questions or claims arising from your use of the respective websites should be aimed directly at the aforementioned entities.

• Sources of personal data
  • We receive your data directly from you.

“Contact us” link, “Book a demo”, Omnipanel

• Processed data

  • Given name and surname, business name, email address, username and other information you provide.

• Purpose of processing

  • To perform activities prior to entering into a contract and to conclude a service contract and to fulfil our obligations arising from that contract.
  • To engage in direct marketing of our own products and services.
  • To provide you with an Omnipanel customer account.
  • For other purposes to which you have consented, provided that we ask for your consent to the processing of your personal data and you provide such consent.

• Legal basis

  • Processing is required to take the necessary steps prior to entering into a contract and for the performance of the contract (Article 6 (1) (b) of GDPR).
  • Pursuit of our legitimate interest (Article 6 (1) (f) of GDPR), where our legitimate interest is engaging in direct marketing, provided that we may send you commercial and marketing information via telecommunications terminal equipment, automated calling systems, or electronic means of communication (SMS, email, telephone) only with your consent (granting this consent is voluntary, although necessary for sending commercial and marketing information).
  • Processing is required to take the necessary steps prior to entering into a contract and for the performance of the contract - provision of services related to the Omnipanel customer account; (Article 6 (1) (b) of GDPR).
  • The legal basis for processing is consent (Article 6 (1) (a) of GDPR).

• Retention period

  • Depending on the purpose of processing, your data will be retained:
    • For the duration of the contract – where we process your data to conclude a contract for the provision of data verification services.
    • Until an objection is effectively raised or the purpose of processing is achieved – where we process your data for the purpose of marketing our own products and services.
    • For the duration of the contract and for the limitation period for any claims arising from the contract, but in any case for no longer than three years, effective with the end of the calendar year.
    • Until consent is withdrawn.

• Reason for provision of data

  • Providing personal data is voluntary, but refusing to provide data that we have marked as required may prevent us from providing the service (Omnipanel account) or prevent us from contacting you.
  • Where data is processed based on consent, providing data and granting consent is voluntary, although it may be necessary to achieve the purpose of processing data, and refusing to provide data will prevent us from achieving those purposes.

• Sources of personal data

  • We receive your data directly from you.

Data recipients

Our service involves verifying your data on behalf of a Partner - if you use the service, we will share your data with the Partner.

Your data may also be shared with Tool providers with whom we cooperate in providing the identity verification service, based on your consent.

Regardless of the above, we may share your personal data with entities processing personal data on our behalf under a personal data processing agreement, such as IT and email service providers, technology providers, accountants, and entities providing data carrier destruction services. Where you consented to do so, we may also share your data with other entities (to the extent covered by your consent), including Tool providers.

Your personal data may also be shared with entities authorized to request this data under applicable law.

Data recipients outside EEA

Your personal data may be shared with recipients outside the European Economic Area (EEA). To ensure appropriate safeguards and protect your rights, we assure you that personal data will be shared with recipients outside the EEA based on:

• A European Commission decision stating that the recipient country ensures an adequate level of personal data protection.
• Standard data protection clauses (so-called standard contractual clauses) adopted by the European Commission.
• Binding corporate rules – in the event that data is shared with recipients who are members of international capital groups.

The European Commission's decisions are available at eur-lex.europa.eu. To receive a template of standard contractual clauses, please contact us. To receive a copy of binding corporate rules, please contact the entities that are party to such rules.

Rights of data subjects

You have the right to seek from us:

• Access to your personal data.
• Rectification of your data.
• Erasure of your data.
• Restriction of processing of your data.
• The right to object to processing of your data.
• The right to data portability.

If we process your personal data based on consent, you have the right to withdraw your consent at any time. You can withdraw your consent by sending an email to us at kontakt@authologic.com. Withdrawal of consent does not affect the lawfulness of processing of your data prior to withdrawal, nor does it affect the extent to which we process your personal data based on another basis (e.g., to fulfil our legal obligations).

Additionally, you have the right to object at any time – for reasons related to your particular situation – to the processing of your personal data, if the basis for processing is the so-called legitimate interest clause (Article 6 (1) (f) of GDPR) or public interest (Article 6 (1) (e) of GDPR), including to profiling, in accordance with these provisions. If you do so, we will not process your data as covered by your objection. Applicable regulations entitle us to refuse this request if we have compelling legitimate grounds for further processing that override your interests, rights, and freedoms, or grounds for establishing, pursuing, or defending legal claims.

If personal data are processed for direct marketing purposes, you may object at any time to the processing of your data for such purposes. Once we accept such a request, we will no longer process your data for direct marketing purposes.

Right to complain to a supervisory authority

You also have the right to lodge a complaint with the supervisory authority responsible for personal data protection in the Member State of your habitual residence, place of work, or place of alleged infringement.

In Poland, this authority is: the President of the Personal Data Protection Office (PUODO). Address: ul. Stanisława Moniuszki 1A, 00-014 Warsaw, Telephone: 22 531 03 00.

Cookies

Our cookies policy is available at: https://authologic.com/cookies-policy.

Definitions

• You: A natural person whose personal data is processed in connection with the use of Our website or Our social media profile, or in connection with the identity verification service provided by Us.
• GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
• Us: Authologic sp. z o.o. (02-482), ul. Sklepowa 24, entered into the register of businesses of the National Court Register kept by District Court for the capital city of Warsaw in Warsaw, 12th Commercial Division of the National Court Register, under KRS (National Court Register) number: 0000851095, NIP (Tax Identification Number) 5223186837, REGON (National Business Registry Number) 38657853, share capital: PLN 22 000.00, operator of the website at: www.authologic.com
• Partner: An entity cooperating with us, which is a party to a cooperation agreement concluded with us, on whose behalf we verify your identity
• Tool: A service that allows Authologic to verify a specific set of your data