Privacy Policy
These Regulations are valid from 23 June 2023
§ 1. General Provisions
- This Privacy and Cookie Policy (hereinafter referred to as: Policy) is a document related to the Terms of Service and prescribes the terms of processing personal data and using cookies on the website www.callpage.io ( Website) and as part of the services provided by CallPage on the terms stated in the Terms of Service (Services).
- The Website is operated by CallPage sp. z o.o. with its registered office in Warsaw (00-511), ul. Nowogrodzka 31, entered in the register of entrepreneurs of the National Court Register (KRS) under number KRS: 0000572159, Tax Identification Number NIP: 7010503522, National Business Registry Number REGON: 362313916, share capital of PLN 25,000 (hereinafter referred to as: Company or CallPage). CallPage provides also the Services within the meaning of the Terms of Service.
- Personal data are information about an identified or identifiable natural person (“data subject”). An identifiable natural person is a person who may be directly or indirectly identified, in particular by means of an identifier such as first and last name, identification number, location data, Internet identifier, or one or more specific factors describing the physical, physiological, genetical, psychological, economic, cultural, or social identity of such natural person
- CallPage processes personal data in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR).
- CallPage takes every effort to protect the privacy and information provided there. CallPage selects and applies appropriate technical measures, including programming and organisational measures, to ensure the security and integrity of personal data processing, in particular securing data against being shared with unauthorised persons, disclosed, lost or destroyed, as well as modified in an unauthorised manner.
- Using the Website and the Services requires connection with the Internet, which may involve a risk connected with third-party interference with the transmission of data sent via the Internet between the Website and the user.
§ 2. Personal Data Processing
- The Controller of personal data of persons using the Website and the Services is CallPage.
- CallPage has appointed the Data Protection Officer. In cases connected with the processing of personal data, the user may contact the Data Protection Officer – Kinga Tesko e-mail address gdpr@callpage.io. In order to exercise his/her rights, the data subject should contact the abovementioned Data Protection Officer directly at the provided contact details.
- The Controller processes personal data for the following purposes, to the following extent, and on the following legal basis:
- in the case of concluding an agreement for the provision of the Services (including the demo version) – for the purpose of concluding the agreement for the provision of those Services (including the demo version) and then for the purpose of providing these Services – the data provided within the functionalities of the Website, i.e. first and last name, e-mail address, website address – on the basis of Article 6(1)(b) of the GDPR, i.e. processing is necessary for the performance of the agreement to which the data subject is a party, or undertaking actions upon request of the data subject prior to concluding the agreement;
- in the case of concluding an agreement for the provision of the Services (including the demo version) – for the purpose of providing the services of maintaining the Client’s Account in line with the Terms of Service – the data provided within the functionalities of the Website, i.e. first and last name, e-mail address, website address – on the basis of Article 6(1)(b) of the GDPR, i.e. processing is necessary for the performance of the agreement to which the data subject is a party, or undertaking actions upon request of the data subject prior to concluding the agreement;
- in the case of concluding a partnership agreement – for the purpose of performing the agreement concluded pursuant to the CallPage Partnership Program Terms and Conditions, i.e. first and last name, e-mail address, bank account number – on the basis of Article 6(1)(b) of the GDPR, i.e. processing is necessary for the performance of the agreement to which the data subject is a party, or undertaking actions upon request of the data subject prior to concluding the agreement;
- with respect to the data provided by the Client upon placing an order for paid Services – the data provided within the functionalities of the Website indicated in point (2) above, and additionally the business name, Tax Identification Number NIP, country, city/town, address, postal code – for the purpose of satisfying the legal obligations of CallPage under the tax law, i.e. on the basis of Article 6(1)(c) of the GDPR;
- with respect to the data provided by the Client during the enrolment for a webinar-type training – the data provided within the functionalities of the Website – first and last name, e-mail address, phone number, website address – for the purpose of concluding and performing the training agreement, i.e. under Article 6(1)(b) of the GDPR, i.e. processing is necessary for the performance of the agreement to which the data subject is a party, or undertaking actions upon request of the data subject prior to concluding the agreement;
- in the case of using the Website – for the purpose of providing access to the Website – the personal data connected with the activity on the Website, namely information about the browsed content, device sessions, operating system, browser, location, unique ID, IP address – on the basis of Article 6(1)(f) GDPR i.e. for the purposes resulting from the legitimate interests pursued by CallPage consisting in providing access to the Website;
- in the case of using the Website – for the purpose of conducting statistics on the use of individual functionalities of the Website, facilitating the use of the Website, and ensuring the IT security of the Website – the personal data concerning activity on the Website and the amount of time spent on each subpage of the Website, search history, location, IP address, device identifier, data concerning the Internet browser and operating system – on the basis of Article 6(1)(f) of the GDPR i.e. for the purposes resulting from the legitimate interests pursued by CallPage consisting in conducting statistics for the Website and verifying traffic within the Website;
- for marketing of own product – e-mail address – on the basis of Article 6(1)(f) of the GDPR, i.e. for the purposes resulting from the legitimate interests pursued by CallPage consisting in informing about its activity, provided Services, promotional actions, and news.
- in the case of using the call or leaving a message functionality – for the purpose of contacting the user at his/her request – the personal data provided by the user within the Website, i.e. phone number or e-mail address – on the basis of Article 6(1)(f) of the GDPR, i.e. for the purposes resulting from the legitimate interests pursued by CallPage consisting in contacting the user at his/her request;
- for the purposes of operating the CallPage partnership program – first and last name, identifier of the agreement concluded with CallPage – on the basis of Article 6(1)(f) of the GDPR, i.e. for the purposes resulting from the legitimate interests pursued by CallPage consisting in operating the partnership program to the extent that the conclusion of the agreement with the user was the result of the actions of another person participating in the partnership program.
- for the purpose of considering complaints, claims, and motions and responding to requests from data subjects – the personal data provided in complaints, claims, requests or other, non-statutory complaints, as well as data concerning purchases or services to which the complaint, claim, request, or such other complaint relates – on the basis of Article 6(1)(c) and (f) of the GDPR, i.e. for the purposes resulting from the legitimate interests pursued by the Controller consisting in handling enquiries, requests, and complaints and for the purpose of implementing CallPage's obligations under the law;
- for the purpose of establishing and seeking claims and defending against claims in court proceedings and before other enforcement authorities – the personal data provided at the conclusion of the agreement, the submission of complaints – on the basis of Article 6(1)(f) of the GDPR, i.e. for the purposes resulting from the legitimate interests pursued by the Controller consisting in seeking claims and defending against claims.
- The period of the processing of personal data depends on the purpose of processing (upon the lapse of the processing period, personal data are deleted from the Controller’s resources). This means that:
- where personal data are processed on the basis of Article 6(1)(b) of the GDPR – the period of the processing of such data corresponds to the term of the agreement with the data subject and the period of limitation of claims arising from such agreement (usually a period of 3 years from the end of the year in which the agreement was terminated or expired);
- where personal data are processed on the basis of Article 6(1)(c) of the GDPR – the period of the processing of such data corresponds to the period of keeping accounting records, which is currently 5 years from the end of the year in which a relevant accounting document was issued;
- where personal data are processed on the basis of Article 6(1)(f) of the GDPR – the period of the processing of such data corresponds to the period for which they are useful for a relevant purpose or until the data subject objects;
- where personal data are processed on the basis of Article 6(1)(a) of the GDPR – the period of the processing of such data corresponds to the period for which they are useful for a relevant purpose or until the data subject withdraws the consent to the processing of personal data for the relevant purpose.
- Recipients of personal data may include entities cooperating with the Controller within the scope of services provided to the Controller (e.g. subcontractors) or supporting the Controller's current business processes, such as entities providing marketing, operational, IT, or payment services or entities providing for order delivery. These entities act on behalf of the Controller.
- Furthermore, data recipients may include also entities with whose services the Services provided by CallPage may be integrated. In this case, personal data may be transferred to such entities where the CallPage Application is linked with the software of such entities. A list of entities with which it is possible to integrate the CallPage Application is available here.
- The entities referred to in paragraphs (4) and (5) above may operate either within or beyond the European Economic Area. In the case of transferring data to third countries, the transfer will only take place to countries for which the European Commission has issued a decision confirming that the third country ensures an adequate level of protection or if the data recipient provides for adequate safeguards, e.g. in the form of standard contractual clauses, ensuring the effective exercise of the rights of the data subject, and the existence of effective legal remedies.
- The personal data processed by CallPage may be disclosed only: i) if it is necessary to perform the integration referred to in paragraph (6) above (such integration takes place only at the initiative of the Client); ii) to state authorities, if the obligation to provide personal data by CallPage results from the provisions of law, a final or immediately enforceable administrative decision, or a court ruling. The data subject will be informed immediately of the fact that his/her data has been disclosed unless the provision of such information would be contrary to the law or an obligation imposed on CallPage by state authorities.
- Information other than personal data, relating to non-logged-in users of the Website will be stored for a period corresponding to the life cycle of the cookies on devices or until deleted by the user on the user's device.
- In accordance with the GDPR, the user of the Website and the CallPage Application, as a data subject, has the right to:
- request access to his/her personal data – the data subject has the right to obtain confirmation from the Controller as to whether his/her personal data are being processed and, if this is the case, has the right to access the personal data. Pursuant to Article 15 of the GDPR, CallPage provides the data subject with a copy of the personal data being processed;
- request the rectification of his/her personal data – the data subject has the right to request CallPage to rectify inaccurate personal data concerning him/her without undue delay;
- request erasure of his/her personal data – the data subject has the right to request CallPage to immediately erase personal data concerning him/her and CallPage is obliged to erase the personal data without undue delay if one of the following applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws the consent on which the processing is based;
- the data subject objects to the processing on the basis of Article 21(1) of the GDPR and there are no superior legitimate grounds for the processing;
- request restriction of processing – the data subject has the right to request CallPage to restrict the processing if one of the following applies:
- the data subject questions the accuracy of the personal data until they are rectified;
- the data subject has objected to the processing pursuant to Article 21(1) of the GDPR until it has been verified that the legitimate grounds of the Controller are superior to the legitimate grounds of the data subject.
- the processing is unlawful and the data subject opposes erasure of the personal data and requests restriction of their use instead;
- object to the processing of personal data – where personal data are processed for the purposes of direct marketing pursuant to Article 6(1)(f) of the GDPR, the data subject has the right to object at any time to the processing of personal data concerning him/her for such marketing, including profiling, to the extent that it is related to such direct marketing;
- request the portability of personal data.
- Data subjects may exercise their rights by sending a respective request to support@callpage.io or by contacting the Data Protection Officer (details are stated in paragraph (2) above). In order to enable correct identification, in the case of Clients, the request should be sent from the e-mail address stated upon the creation of the Account. The foregoing is the implementation of Article 12(6) of the GDPR. The request may also be made by mail – the data subject should send a registered letter with the request to CallPage's local address.
- The Controller will respond to the data subject's request without undue delay – and in any case no later than one month from receiving the request. The period of one month referred to in the preceding sentence may be extended if necessary due to the complexity or the number of requests – this will only take place in extraordinary situations.
- Where personal data are processed on the basis of consent, the data subject may withdraw the consent to the processing of personal data. The withdrawal of the consent to process personal data does not affect the legality of the data processing carried out on the basis of the consent before it is withdrawn. The withdrawal of the consent should be effected in the same manner as prescribed in paragraph (10) above.
- If the data subject finds that the processing of his/her personal data violates the GDPR, he/she has the right to lodge a complaint with a supervisory authority, in particular in the member state of his/her habitual residence, his/her place of work, or the place of the alleged infringement. In Poland, the supervisory authority under the GDPR is the President of the Polish Personal Data Protection Office (Urząd Ochrony Danych Osobowych, UODO).
- The provision of personal data within the Website, the Services, and the CallPage Application is always voluntary, however, the provision of certain data is a condition for the use of certain services or functionalities of the Website, the Services, or the CallPage Application. Furthermore, failure to provide personal data may prevent CallPage from taking action at the request of the data subject.
- Persons using the solutions provided by CallPage that are available on third-party websites should remember that in such case CallPage only provides technical solutions to enable the connection and other actions – in such case, CallPage acts as the so-called processor (i.e. an entity performing certain actions on the data on behalf of the controller), while the controller of such person's data is the entity to which the website belongs.
§ 3. Cookies
- Cookies are small packages of computer data, in particular small text fragments, that are stored on the Internet user's terminal equipment (e.g. Smartphone, computer) by the websites, including the Website, visited by that person. Cookies contain a range of information that is often necessary for the proper functioning of websites (Cookies).
- Cookies are used when the user is browsing the Website.
- The Cookies used by the Company are safe for the devices of the Website users.
- The range of the Cookies that may be installed on the device of a given user depends on his/her choices made within the Website. If the user does not consent to other Cookies, in line with the functionalities and information displayed within the Website, only the essential Cookies will be used, i.e. those necessary for the correct display of the Website and its use by the user.
- The Company uses the following types of Cookies:
- Session Cookies, which are stored on the device of the Website user and remain there until the session of the relevant browser ends. The stored information is then permanently deleted from the user's device;
- Permanent Cookies, which are stored on the device of the Website user and remain there until deleted. They are not deleted from the user's device once the session of the relevant browser has ended or the device has been switched off.
- The Company uses the following types of Cookies on the Website:
- essential (technical) Cookies, which are required for the proper operation of the Website. The Company uses them to:
- enable the user to use the services available on the Website;
- maintain the user's session on the Website;
- ensure the proper display of the Website;
- remember whether the user has consented to the display of selected content;
- marketing, which are used for marketing activities;
- analytical, which are used to measure user activity on the Website and the effectiveness of marketing activities carried out by the Controller. The Controller uses them to:
- analyse traffic on the Website;
- check the sources of traffic on the Website, i.e. the sources of redirections.
- essential (technical) Cookies, which are required for the proper operation of the Website. The Company uses them to:
- The Company uses Third-party Cookies for the following purposes:
- the preparation of statistics – to improve the Website, its structure and content, using the Google Analytics analytical tools – by Google Ireland Ltd. based in Ireland. Google's privacy policy is available here: https://policies.google.com/privacy, https://policies.google.com/technologies/partner-sites;
- the profiling of users – and subsequent display of tailored material on advertising networks, using the Google Adwords online advertising tool – by Google Ireland Ltd. based in Ireland. Google's privacy policy is available here: https://business.safety.google/privacy/, https://policies.google.com/technologies/partner-sites;
- the promotion (advertising) of the Website and the Services using the solutions provided by the YouTube platform. YouTube’s privacy policy is available here: https://www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/;
- the promotion (advertising) of the Website and the Services using the solutions delivered by Bing provided by Microsoft Corporation. The privacy policy for Bing is available here: https://privacy.microsoft.com/en-us/privacystatement;
- the promotion (advertising) of the Website and the Services using Facebook Ads – by Facebook Ireland Ltd. based in Ireland. Facebook's privacy policy is available here: https://www.facebook.com/privacy/explanation, https://www.facebook.com/help/cookies/;
- the analysis of user activity, creation of contact forms, and storage of data entered by users into the forms and live chat, conduct of interactive live chat, using the HubSpot platform – by HubSpot Inc. based in the USA. HubSpot’s privacy policy is available here: https://legal.hubspot.com/privacy-policy;
- the promotion of the Website the and Services using the LinkedIn social network – by LinkedIn Ireland Unlimited Company, based in Ireland. LinkedIn's privacy policy is available here: https://www.linkedin.com/legal/privacy-policy, https://www.linkedin.com/legal/cookie-policy.
- Any Internet browser allows the user to disable Cookies for a specific website or for all websites.
- The users of the Website may, at any time, in the settings of the used Internet browser, change the settings related to Cookies. The user may completely block the automatic Cookie support or introduce restrictions in this scope.
- Please be aware that restricting the use of Cookies may affect certain functions of the Website.