In the event that a particular software, other infrastructure or product, Service or functionality is not available for a particular market (country), the provisions of this document related thereto do not apply to the User.
The Controller of Picodi is Picodi.com S.A., with its registered office in Kraków (31-701), 12 Przemysłowa Street, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for Krakow-Śródmieście in Krakow, 11th Commercial Division of the National Court Register under KRS: 0000551741, amount of the share capital: PLN 157,089.00 (paid in full), NIP: 6762464586, REGON: 122849330 (hereinafter referred to as: "Controller"/"Personal Data Controller").
The terms beginning with a capital letter bear the meanings given to them in the Picodi Terms of Service.
Personal data collected by the Controller is processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119, p. 1), hereinafter: GDPR.
The Controller makes a special effort to protect the privacy and information provided to it regarding the Picodi Users. The Controller exercises due diligence while selecting and using appropriate technical measures, including software and organisational measures, to ensure the protection of the processed data, in particular to protect such data against unauthorised access, disclosure, loss and destruction, unauthorised modification, as well as against its processing in violation of applicable laws. The Services available in Picodi are not intended for children under the age of 16. The personal data controller does not provide for the deliberate collection of data related to children under the age of 16.
Picodi may use addons referred to as plugins and other social networking tools, particularly the ones allowing the User to register and log in to the Account in Picodi using accounts in social networking and similar services, such as: Facebook.com or Google.com, as well as allowing the User to share or recommend content with other users of these sites within the framework of their account with the provider of the respective site. These service providers may also process your personal data as independent controllers. In this case, the Controller and plugin provider are joint controllers of personal data.
Personal data controller
The Controller of your personal data is:
Picodi.com S.A., with its registered office in Kraków (31-701), 12 Przemysłowa Street, NIP: 6762464586, REGON: 122849330, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for Kraków-Śródmieście in Kraków, 11th Commercial Division of the National Court Register under KRS: 0000551741.
You can contact the Data Controller as regards your personal data via:
- e-mail: firstname.lastname@example.org,
- snail mail: 12 Przemysłowa Street, 31-701 Kraków.
Purposes and legal basis of personal data processing
The Controller processes your personal data for the following purposes and scope:
- to take action at your request, particularly when you register with Picodi (setting up an Account with Picodi), i.e. the data you provide in the registration form with Picodi, i.e. your e-mail address and password, gender, date of birth, full name; if you register your Account via an external authentication service (e.g. Google, Facebook), we collect your full name;
- to provide the Services related to the participation in campaigns or programs made available by the Controller, particularly including the Cashback Program, to enable you to use this Program, as well as accounting for the participation in the Program, we process in particular the data related to your activity in it, as well as your data provided in the Account;
- to provide the other Services, i.e. browsing the website pages, content available on Picodi, searching for such content or Services, generating a discount code, we process personal data related to your activity on Picodi, i.e. data related to the content or Services you have viewed, data relating to your device session, operating system, browser, location and unique ID, IP address;
- to develop statistics on the use of various functionalities available in Picodi, to facilitate the use of Picodi and to ensure the IT security of Picodi, we process personal data related to your activity in Picodi and time spent on each webpage, your search history, location, IP address, device ID, browser data and operating system;
- to establish, investigate and enforce claims and defend against claims in court proceedings and other enforcement bodies, we may process the personal data you provided when registering for an Account with Picodi and other data necessary to prove the existence of a claim or which arises from a legal requirement, court order or other legal procedure;
- to process your complaints, claims and requests and to answer your questions, we process the personal data you provide in the contact form, complaints and requests, or to answer your questions in another form, as well as certain personal data provided by you in your Account (if you have registered and have such an Account), as well as data related to the Services provided by us which are the cause of the complaint, claim or request, and data contained in the documents accompanying the complaint, claim or request;
- to organise various types of competitions and loyalty programs, to notify you if you win and to advertise our range of services, we use the personal data you provide in your Account (if you have registered an Account) and when you register for a competition or loyalty program. Detailed information in this respect is provided in each individual competition or loyalty program's terms and conditions of participation;
- to research the market and opinions by us or our partners, i.e. information about the Services, your data provided in your Account (if you have registered the Account) or when using the Services, your e-mail address. We do not use the data collected through market research and opinion surveys for advertising purposes. Exact instructions are given in the information on a specific survey or where you enter your data.
Personalised ads and social plugins
Please note that the Controller may use your personal data to prepare and present you with personalised advertising, including through the use of tools and cookies of third parties, as further indicated in this document related to cookies.
Due to the fact that Picodi may use addons referred to as social plugins, particularly the ones allowing the User to register and log in to the Account in Picodi using accounts in social networking and similar services, such as: Facebook.com or Google.com, as well as to share or recommend content with other users of these sites within their account with the provider of the respective site; the service providers of such sites may also process your personal data as independent controllers. When you visit Picodi, the browser you are using may make a direct connection to the servers of the providers of these plugins/tools, whereby these providers receive information about your use of our website and, among other things, your IP address. Such information may be transferred whether or not you have an account with such an entity and whether or not you are currently logged therein. If you have an account with such an entity and are logged in to it, additionally this information may be linked and associated with your social media account. If you use a plugin, including but not limited to using your third-party service account to register or log in to your Account, your information may also be sent directly to that third party. Certain content may also be published as part of your profile on social networking sites and visible to other users of such sites, particularly including those with whom you have relationships.
If you do not want plugin / tool / social network providers to associate your data collected during your visit to Picodi with your profile with that provider, please ensure that you log out of that social network before visiting Picodi. Remember that you can also prevent plugins from loading on your website by using the appropriate mechanisms within the browser you are using, according to its settings. The Controller endeavours to exercise due diligence in order to select only software, including the aforementioned plugins, from reputable entities that broadly define their principles of personal data protection. You will find the purposes, scope and principles of collection and further processing of personal data by these entities in their privacy policies. We would like to encourage you to take a look at them, as you can find them at the following addresses, for instance:
Categories of personal data concerned
The Controller processes the following categories of relevant personal data:
- contact information;
- Picodi activity data;
- data related to the Services performed;
- data related to participation in the Cashback Program;
- data related to complaints and requests;
- data related to marketing services.
Voluntary provision of personal data
Your provision of the requested personal information is voluntary and is a condition of the provision of the Services and functionalities by the Data Controller through Picodi.
Data processing time
Personal data will be processed for the period necessary to perform the Services, including the User's participation in the Cashback Program, marketing activities and other Services performed for the User. Personal data will be deleted in the following cases:
- when the data subject requests its erasure or withdraws the consent given;
- when the data subject does not take action for more than 10 years (inactive contact);
- upon becoming aware that the stored data is out of date or inaccurate.
Some data within the scope: e-mail address, full name, address may be stored for a period until barred by the statute of limitations for claims – for evidence purposes, processing of complaints and claims related to the Services provided by Picodi. The data will not be used for marketing purposes.
Data concerning settlements, contests and loyalty programs, including the Cashback Program, to the extent covering data necessary for bookkeeping and settlements, will be stored for the period required by generally applicable accounting and tax regulations.
Data related to non-logged in Users is stored for the period corresponding to the life cycle of cookies stored on devices or until deleted from the User's device by the User.
Your personal data about your preferences, behaviours and choice of marketing content may be used as the basis for automated decisions to determine Picodi's sales opportunities.
Recipients of personal data
We may transfer your personal data to the following categories of recipients:
- state authorities, e.g. the prosecutor's office, Police, Office for Personal Data Protection, President of the Office for Competition and Consumer Protection, if they request us to do so;
- service providers that we use to operate Picodi, e.g., to provide the Services, particularly including providers of IT and technical services or infrastructure to support the Services and functionalities, providers of online advertising in the broadest sense, entities which support or perform billing or accounting. Depending on contractual arrangements and circumstances, these entities either act on our behalf or independently determine the purposes and means of processing. The detailed list of such suppliers can be obtained from the Controller.
As our suppliers are based mainly in Poland and in other countries of the European Economic Area (EEA), as well as outside the EEA, your personal data transferred outside of the EEA will be protected by appropriate legal safeguards so that our suppliers can guarantee a high level of protection for your personal data. These guarantees arise in particular from the obligation to use standard contractual clauses;
- personal data may also be transferred to other entities – providers of tools whose cookies we use. The data may be used in particular to prepare and present you with personalised ads. Information about these entities and purposes of using cookies can be found in the section on cookies, further in this document;
- in addition, we may share anonymised data (that cannot be used to identify you), with third parties.
Rights of the data subject
Under the GDPR, you have the right to:
- access your personal data (Art. 15 GDPR) – you can obtain information from the Controller as to whether your data is processed and if so, you have the right to:
- access your data;
- obtain information about the purposes of processing, categories of personal data processed, recipients or categories of recipients of such data, intended period of storage of your data or criteria for determining this period, your rights under the GDPR and your right to lodge a complaint with the supervisory authority, source of such data, automated decision-making, including profiling, and safeguards applied in relation to the transfer of such data outside of the European Union;
- obtain the copy of your personal data.
- rectify your personal data (Art. 16 GDPR) – if your personal data is incorrect, you can request that the Controller rectify it immediately. You can also request that the Controller complete this data. If you have an account with Picodi, you can also correct and complete your personal data yourself by logging into your account.
- erase your personal data, which is referred to as "the right to be forgotten" (Art. 17 GDPR) – you can request it when:
- your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
- you have withdrawn a specific consent, to the extent that your personal data was processed based on your consent;
- your personal data was processed unlawfully;
- you have objected to the processing of your personal data for direct marketing purposes, including profiling, to the extent that the processing of your personal data is related to such direct marketing;
- you have objected to the processing of your personal data in relation to processing as may be necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of the legitimate interests pursued by the Controller or third party.
Despite your request to delete your personal data, the Controller may still process your data in order to establish, assert or defend claims, of which you will be informed.
- to request the restriction of the processing of your personal data (Art. 18 GDPR) – you can request it when:
- you question the correctness of your personal data – the personal data controller will limit the processing of your personal data for a period allowing the verification of its correctness;
- processing of your personal data is unlawful and you request that it be restricted data instead of your data being erased;
- your personal data is no longer requisite for the purposes of processing, but needed to establish, assert or defend your claims;
- you have objected to the processing of your personal data – until such time as it is ascertained whether the legitimate interests on the part of the Controller override the grounds set out in your objection.
- you object to the processing of your personal data (Art. 21 GDPR) – you may object at any time to the processing of your personal data, including profiling, in relation to:
- processing as may be necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of the legitimate interests pursued by the Controller or third party.
- processing for direct marketing purposes.
- request for personal data portability (Art. 20 GDPR) – you have the right to receive your personal data from the Controller in a structured, commonly used and machine-readable format and send it to another controller or request that the Controller sends your personal data directly to another controller (if technically feasible).
- withdrawal of the consent to the processing of your personal data – you can do this at any time. This does not affect the lawfulness of processing carried out on the basis of your consent beforehand.
- complaint to a supervisory authority – if you believe that the processing of your personal data breaches the GDPR, you have the right to lodge a complaint with the supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place where the alleged breach occurred.
You can exercise all your rights by contacting the Controller at the contact addresses indicated herein.The Controller will inform you without undue delay, and in any case within one month of receiving your request, of the action taken in respect of your request. Where necessary, the one-month time limit may be extended by further two months because of the complexity of the request or number thereof. In any case, the Controller will inform you of such extension within one month of receipt of the request stating the reasons for the delay.
While browsing Picodi, we use "cookies," hereinafter referred to as Cookies, which are small text files stored on your terminal device as regards your use of Picodi. Their use is intended for the correct operation of Picodi. These cookies enable us to identify the software you are using and to tailor Picodi to your individual needs. Cookies usually contain the name of the domain from which they originate, time they are stored on your device and value assigned to them.
The cookies we use are safe for your devices. In particular, it is not possible for viruses or other unwanted software or malware to enter your devices via them.
Types of cookies
We use two types of cookies:
- Session cookies: these are stored on your device and remain there until the session of the browser ends. The stored information is then permanently deleted from the memory of your device. The session cookie mechanism does not allow any personal data or any confidential information to be collected from your device.
- Persistent cookies: these are stored on your device and remain there until you delete them. Ending a browser session or turning your device off will not remove them from your device. The permanent cookie mechanism does not allow any personal data or any confidential information to be collected from your device.
- to configure and optimise Picodi (technical purposes – essential cookies);
Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to your preferences, including the presentation of personalised ads. With this end in mind, information may be stored, particularly including how you navigate the web, what search terms you use and when you use the website or other software or infrastructure.
Personalised advertising (sometimes referred to as interest-based advertising) is a tool to increase the relevance of advertising to your preferences and interests.
Edit, enable, lock
To view and edit information about your preferences collected by Google's advertising network, you can use the tool found at https://www.google.com/ads/preferences/ and https://policies.google.com/technologies/partner-sites.
By setting up your web browser or service, you can independently and at any time change the configuration of Cookies, specifying the terms and conditions for their storage and access by Cookies to your device. You can change these settings so as to block the automatic handling of cookies in your web browser settings or to state their placement on your device each time. Detailed information about the options and methods of using Cookies is available in the settings of your software (web browser).
General information about the Local Storage / Session Storage
During the User's access to certain Services or functionalities in the software made available by the Controller or in other infrastructure, particularly including mobile applications, the Service Provider may use the Local Storage and Session Storage technologies, which enable the storage on the device of files created by the User, facilitating and accelerating the correct operation of this software. The User files stored in the Local Storage mainly enable: identification of the software used on the User's device, customisation of the system to the User's needs related to the Services/functionalities offered in the software or other infrastructure, maintenance of the login session, use of the Services and functionalities, as well as maintenance of statistics on the use of the software or other infrastructure for its further development.
Security and Local Storage and Session Storage technology
The Local Storage and/or Session Storage technologies used in Picodi are safe for your devices. In particular, it is not possible for viruses or other unwanted software or malware to enter your devices via them.
Local and Session Storage is a technology similar to cookies. However, files under these technologies are stored inside the internal and/or cache memory of the software and/or Internet browser (if used to display particular elements of the software) and not elsewhere on the device.
Purposes of using Local Storage and Session Storage
We use Local Storage and/or Session Storage in particular to tailor our software or other infrastructure, including the content displayed therein (including advertising), to your device, preferences and needs. For this purpose, information may be stored about how you navigate the network, software or other infrastructure or when you use it.
Edit saved files in Local/Session Storage
Through the settings of your device, software or other infrastructure or through the configuration of the Service, you may independently and at any time change the settings for Local Storage and/or Session Storage, specifying the conditions for their storage and access to your device/software. You can change these settings to disable automatic Local Storage and/or Session Storage in your software settings or other infrastructure, but doing so may render using or enjoying some of the Services and functionalities we offer impossible. Detailed information on the capabilities and handling of Local Storage and/or Session Storage may be available in your software settings or other infrastructure.