Privacy policy

PRIVACY POLICY OF THE DRDATE.EU WEBSITE

  1. GENERAL PROVISIONS
  2. THE BASIS OF DATA PROCESSING
  3. PURPOSE, BASIS AND DURATION OF DATA PROCESSING ON THE WEBSITE
  4. DATA RECIPIENTS OF THE WEBSITE
  5. PROFILING ON THE WEBSITE
  6. RIGHTS OF THE DATA SUBJECT
  7. COOKIES ON THE WEBSITE AND ANALYTICS
  8. FINAL PROVISIONS

1. GENERAL PROVISIONS

  1. This Website privacy policy is for information purposes only, which means that it does not form any obligations for Website Users. The Privacy Policy primarily contains rules regarding the Controller's processing of personal data on the Website, including its Mobile Application, including the grounds, purposes and duration of personal data processing and the rights of data subjects, as well as information regarding the use of cookies and analytical tools on the Website.
  2. The controller of the personal data collected via the Website is DRDATE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ based in Wrocław (registered office and correspondence address: ul. Himalajska 7/6, 50-572 Wrocław), entered in the Register of Entrepreneurs of the National Court Register under KRS number: 0001147654; Register Court where the company's documentation is kept: District Court for Wrocław – Fabryczna in Wrocław, VI Economic Division of the National Court Register; share capital of: PLN 40,000.00; NIP: 8993013235, REGON: 540604040, e-mail address: [email protected] and contact telephone number: _____________ – hereinafter referred to as the "Controller" and being at the same time the Service Provider of the Website.
  3. Personal data in the Website is processed by the Controller in accordance with applicable law, in particular in accordance with the Regulation of the European Parliament and Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data as well as repealing of Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to in „GDPR” or „GDPR Regulation”. The official text of GDPR Regulations: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.
  4. The use of the Website, including making purchases, is voluntary. Similarly, the related provision of personal data by the User of the Website is voluntary, subject to two exceptions: (1) conclusion of contracts for the provision of Drdate.eu Services – failure to provide the personal data necessary for the use of a specific Drdate.eu Service, in the cases and to the extent indicated on the Website, in the Terms and Conditions and in this privacy policy, results in the impossibility to use this service. The provision of personal data in this case is a contractual requirement and if the data subject wishes to enter into a contract with the Controller and use the Drdate.eu Service provided by the Controller, they are obliged to provide the required data. Each time the scope of data required to use the Drdate.eu Service is indicated beforehand on the Website and in the Terms and Conditions of the Website; (2) the Controller's statutory obligations – providing personal data is a statutory requirement resulting from generally applicable laws imposing an obligation on the Controller to process personal data (e.g. processing of data provided during the purchase of paid services for accounting purposes) and failure to provide such data will prevent the Controller from fulfilling these obligations.
  5. The Controller takes special care to protect the interests of persons to whom the personal data processed relates, and in particular is responsible and ensures that the collected data is: (1) processed in accordance with the law; (2) collected for specified, legitimate purposes and not subjected to further processing incompatible with those purposes; (3) factually correct and adequate in relation to the purposes for which it is processed; (4) stored in a form that allows identification of the persons it concerns, for a time no longer than necessary to achieve the purpose of processing, and (5) processed in a way that ensures adequate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organisational measures.
  6. Having regard to the nature, scope, context, and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and seriousness, the Controller shall implement appropriate technical and organisational measures to ensure that the processing is carried out in accordance with the GDPR and to be able to demonstrate this. Those measures shall be reviewed and updated when necessary. The Data Controller shall use technical measures that prevent unauthorised persons from acquiring and modifying data transferred by electronic means.
  7. Any words, expressions, and acronyms used in this privacy policy and starting with a capital letter (e.g. Service Provider, User, Website, Drdate.eu Service) shall be understood in accordance with their definition contained in the Terms and Conditions of the Website available on the Website.

2. THE BASIS OF DATA PROCESSING

  1. The Controller is entitled to process personal data in cases where – and to the extent to which – at least one of the following conditions is met: (1) the data subject has consented to the processing of their personal data for one or more specific purposes ; (2) processing is necessary to perform an agreement in which the data subject is a contracting party or to take action at the request of the data subject before the agreement conclusion; (3) processing is necessary to fulfill the legal obligation which is incumbent on the Controller; or (4) processing is necessary for purposes arising from legitimate interests pursued by the Controller or by a third party, except for situations where these interests are overridden by interests or fundamental rights and freedoms of the data subject, requiring personal data protection, in particular if the data subject is a child.
  2. Processing of personal data by the Controller always requires the existence of at least one of the bases specified in point 2.1 of the privacy policy. The specific grounds for the Controller's processing of the personal data of Website Users are indicated in the next section of the Privacy Policy – with reference to the specific purpose of the Controller's processing of personal data.

3. PURPOSE, BASIS AND DURATION OF DATA PROCESSING ON THE WEBSITE

  1. In each case, the purpose, basis and period and recipients of the personal data processed by the Controller result from the activities undertaken by the User concerned on the Website.
  2. The Controller may process personal data on the Website for the following purposes, on the following grounds and for the following duration:

Purpose of data processing Legal basis of data processing Data storage period
Use of the Drdate.eu Services available on the Website by the User or verification of the User carried out at the User's request prior to using these services Article 6 sec. 1(b) of the GDPR (agreement) – the processing is necessary for the conclusion and performance of the contract for the use of Drdate.eu Services to which the data subject is a party, or to take steps at the request of the data subject prior to conclusion of the agreement (e.g. with regard to the verification of the User before allowing them to use Drdate.eu Services) The data shall be stored for the period necessary for the performance, termination or expiration of the contract concluded with the Controller (e.g. deletion of the Account).
Any documents obtained by the Controller for the purpose of verifying the User shall be kept for no longer than the period necessary to complete this verification. Upon completion of the verification, the Controller shall immediately delete copies of the documents received.
Direct Marketing Article 6 sec. 1(f) of the GDPR (legitimate interest of the Controller) – processing is necessary for the purposes of the Controller's legitimate interests – consisting in protection of interests and good image of the Controller and its Website and striving to provide the Drdate.eu Services. The data is stored for the duration of the legitimate interest pursued by the Data Controller but no longer than for the period of limitation of claims against the data subject, in virtue of the Data Controller's business activity. The limitation period is determined by provisions of the law, in particular of the Civil Code (the basic limitation period is three years for claims connected with the conduct of business activities).
The Controller may not process data for direct marketing purposes in case when the data subject has effectively objected to such processing.
Newsletter management Article 6 sec. 1) (a) of the GDPR (consent) – the data subject has consented to the processing of their personal data for marketing purposes by the Controller Data is stored until the data subject withdraws their consent to further processing for this purpose.
Keeping the accounts Article 6 sec. 1(c) of the GDPR (legal obligation) in conjunction with Art. 74 sec. of the Accounting Act of 30 January 2018 (Journal of Laws of 2018, item 395 as amended) – processing is necessary for a compliance with a legal obligation to which the Controller is subject. The data is stored for the period required by provisions of the law requiring the Controller to store account books (5 years from the start of the year following the turnover year to which the data relates).
Establishment, exercise or defence of legal claims which may be raised by or against the Data Controller Article 6(1). 1(f) of the GDPR (legitimate interest of the Controller) – the processing is necessary for purposes deriving from the Controller legitimate interests – consisting of establishing, asserting or defending claims, which the Controller may raise or which may be raised against the Controller The data shall be stored for the period of existence of the legally justified interest pursued by the Controller, however no longer than for the period of limitation of claims that may be raised against the Controller (the basic limitation period for claims against the Controller is six years).
Use of the Website and ensuring its proper operation Article 6 sec. 1(f) of the GDPR (legitimate interest of the Controller) – the processing is necessary for the purposes of the Controller's legitimate interests – consisting of the operation and maintenance of the website of the Website The data is stored for the duration of the legitimate interest pursued by the Data Controller but no longer than for the period of limitation of claims against the data subject, in virtue of the Data Controller's business activity. The limitation period is determined by provisions of the law, in particular of the Civil Code (the basic limitation period is three years for claims related to the conduct of business activities).
Keeping statistics and analysing traffic on the Website Article 6 sec. 1(f) of the GDPR (legitimate interest of the Controller) – processing is necessary for the purposes deriving from the Controller's legitimate interests, consisting in conducting statistics and analysis of traffic on the Website in order to improve the functioning of the Website and increase the range of Drdate.eu Services provided. The data is stored for the duration of the legitimate interest pursued by the Data Controller but no longer than for the period of limitation of claims against the data subject, in virtue of the Data Controller's business activity. The limitation period is determined by provisions of the law, in particular of the Civil Code (the basic limitation period is three years for claims related to the conduct of business activities).

4. DATA RECIPIENTS OF THE WEBSITE

  1. For the proper functioning of the Website, including the proper provision of Drdate.eu Services by the Controller, it is necessary for the Controller to use the services of external entities (such as e.g. payment service provider, software or server). The Controller only engages processing service providers who ensure adequate technical and organizational measures to process personal data in compliance with the GDPR and to protect the rights of the data subjects.
  2. Personal data may be transferred by the Controller to a third country, in which case the Controller shall ensure that this is done in relation to a country ensuring an adequate level of protection – in accordance with the GDPR Regulation, and in the case of other countries, that the transfer is done on the basis of standard data protection clauses. The Controller shall ensure that the data subject is able to obtain a copy of their data. The Data Controller shall provide the collected personal data only if and to the extent necessary to fulfill the respective purpose of the processing in accordance with this privacy policy.
  3. Data is not transferred by the Controller in every case to all recipients or categories of recipients indicated in this privacy policy. The Controller transfers data only when it is necessary to achieve the intended purpose of personal data processing and only to the extent necessary to achieve this goal.
  4. Personal data of Website Users may be communicated to the following recipients or categories of recipients:

a. entities handling electronic or card payments – in the case of the User who purchases paid services of Drdate.eu (e.g. Subscription) on the Website and uses electronic or credit card payments, the Controller shall make the collected personal data of the User available to the selected entity handling such payments made on the Website on behalf of the Controller to the extent necessary to handle the payment made by the User.

b. service providers supplying the Controller with technical, IT and organisational solutions enabling the Controller to carry out its business activity, including the Website and the Drdate.eu Services provided through it (in particular, providers of computer software necessary to run the Website, e-mail and web hosting providers and providers of business management and technical support software to the Controller) – the Controller shall make the collected personal data of the User available to the selected provider acting on its behalf only in the case and to the extent necessary to carry out the given purpose of data processing in accordance with this Privacy Policy, including:

i. OpenAI Ireland Limited – The Controller uses artificial intelligence software (model GPT-4o) on the Website for the purpose of verifying a User's Account in the manner and under the terms and conditions set out in accordance with the provisions of the Website Terms and Conditions, and therefore shares the collected personal data of the verified User with the provider of this software, which is OpenAI Ireland Limited (1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland) to the extent and in accordance with the privacy policy available here: https://openai.com/pl-PL/policies/privacy-policy/. Personal data shall only be shared in teh case and to the extent necessary for carrying out the verification of the document submitted by the User and shall not be processed by the Controller or OpenAI for longer than necessary to carry out and return the result of the verification by the software it provides.


c. providers of accounting, legal or advisory services providing accounting, legal or advisory support to the Controller (in particular, an accountancy office, law firm or debt collection company) – the Controller shall make the collected personal data of the User available to the selected provider acting on their behalf only in the case and to the extent necessary to carry out the given purpose of the data processing in accordance with this Privacy Policy.

d. providers of social plug-ins, scripts and other similar tools placed on the Website that enable the visitor's browser to retrieve content from the providers of said plug-ins (e.g. logging in with social network login details) and to transmit the visitor's personal data to these providers for this purpose, including:

i. Meta Platforms Ireland Ltd. – The Controller uses Facebook social plug-ins on the Website (e.g. logging using Facebook login details) and therefore collects and shares the personal data of the User using the Website with Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) to the extent and in accordance with the privacy policy available here: https://www.facebook.com/about/privacy/ (this data includes information about the activities on the Website, including information about User's device, sites visited, purchases made, ads displayed and usage of the Services – whether or not User has a Facebook account and is logged into Facebook).

5. PROFILING ON THE WEBSITE

  1. The GDPR requires the Controller to inform about automated decision-making, including profiling, referred to in article 22 sec. 1 and 4 of the GDPR, and – at least in these cases – relevant information about the modalities of their undertaking, as well as about the significance and the envisaged consequences of such processing for the data subject. With this in mind, the Controller provides information on possible profiling in this section of the privacy policy.
  2. The Controller may use profiling on the Website in the following cases:

a. Profiling for the purpose of verifying the User's Account – consists of the automatic analysis of the document attached by the User when registering an Account with Drdate.eu using the Artificial Intelligence software (model GPT-4o) provided by the third party company OpenAI Ireland Limited (1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland). This profiling is intended to help the Controller in detecting possible inadequacies in the document sent by the User, however, the decisions taken regarding the refusal to activate the User's Account are never based exclusively on automated analysis of the User's data. Profiling is exclusively a part of the Account verification process, whereby, in the event that the result of profiling indicates possible irregularities, the final decision to activate or not activate the User Account is always taken with key human involvement, that is, after manual verification of the User document by the Controller or persons acting on their behalf.

b. Profiling for direct marketing purposes – decisions made on its basis by the Controller do not concern the conclusion or refusal of conclusion of an agreement with the Controller or the possibility of using Drdate.eu Services on the Website. The effect of using profiling on the Website may be, for example, a reminder of unfinished activities on the Website, granting a discount, sending a User Profile proposal that may match User's interests or preferences, or and offer of better terms and conditions compared to the Website's standard offer. Despite the profiling, it is the individual who freely decides whether they would like to make use of, e.g. a discount or an offer received in this way from the Controller. Profiling in this case involves the automatic analysis or prediction of a person's behaviour on the Website, e.g. by analysing previous purchase history or other activities on the Website. The condition for such profiling is that the Controller has the personal data of the person in question in order to be able to subsequently send them, e.g. a discount or an offer.
  1. The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and which produces legal effects on the data subject or in a similar manner significantly affects the data subject.

6. RIGHTS OF THE DATA SUBJECT

  1. Right of access, rectification, restriction, erasure or portability – The data subject has the right to request from the Controller access to their personal data, rectification, erasure ("right to be forgotten") or restriction of processing, object to the processing and the right to data portability. Detailed conditions for the exercise of the aforesaid rights are set forth in Articles 15–21 of the GDPR.
  2. Right to withdraw consent at any time – the person whose data is processed by the Controller on the basis of consent (pursuant to Art. 6 sec. 1(a) or Art. 9 sec. 2(a) of the GDPR), has the right to withdraw their consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.
  3. 3. Right to lodge a complaint with a supervisory authority – the person whose data is processed by the Controller has the right to lodge a complaint with a supervisory authority in the manner and mode specified in the provisions of the GDPR Regulation and Polish law, in particular the Personal Data Protection Act. The President of the Personal Data Protection Office is the supervisory authority in Poland.
  4. Right to object – The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning them based on Art. 6 sec. 1(e) (public tasks or interest) or Article 6 sec. 1(f) (legitimate interests of the Controller), including profiling based on these provisions. The Data Controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
  5. Right to object to direct marketing – where personal data is processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning them for the purpose of such marketing, including profiling, to the extent that the processing is related to such direct marketing.
  6. In order to exercise the rights referred to in this point of the privacy policy, you can contact the Controller by sending an appropriate message in writing or by e-mail to the Controller's address indicated at the beginning of the privacy policy.

7. COOKIES ON THE WEBSITE AND ANALYTICS

  1. Cookies are small text files sent by a server and stored on the computer of the website visitor's (e.g. on the hard drive of a computer, laptop or smartphone memory card – depending on the device used by the website visitor). Detailed information on cookies and the history of their creation can be found e.g. here: https://pl.wikipedia.org/wiki/HTTP_cookie.
  2. The Controller may make available on the Website a tool for easy and active management of Cookies – available when you first access the Website and then, after closing it, accessible at the bottom of the page. Active management allows, among other things, checking what Cookies are or can be saved when using the website, as well as selecting and subsequently changing the scope and purposes of the Cookies in relation to the device and the website visitor. When starting to use the website, the visitor will be asked to select their cookie settings. It is possible to change them later by changing the settings within the tool available on the website.
  3. The Controller provides a series of information concerning the use of Cookies on the Website, their types and purposes of use and their management, utilizing e.g., the settings of the Internet browser and/or the Cookies management tool available on the Website. The Controller encourages the use of the cookie management tool available on the website, which allows easy and proactive management of cookies while using the website, or, if it is not available, Controller recommends reading the following information on e.g., cookies management from the browser level.
  4. The cookies that may be sent by the Website can be divided into different types, according to the following criteria:

Due to their supplier: Due to their storage period on the device of the visitor to the Website: Due to the purpose of their use:
1) own (created by the Controller's website) and

2) belonging to persons / third parties (other than the Controller) 		1) session (stored until the user logs out of the Website or closes their web browser) and

2) permanent (stored for a specified period of time, defined by the parameters of each file or until they are manually deleted) 		1) necessary (to enable the Website to function properly),

2) functional/preferential (enabling the Website page to be tailored to the visitor's preferences),

3) analytics and performance (gathering information about the use of the Website),

4) marketing, advertising and social media (collecting information about a visitor to a Website in order to display advertisements to that visitor, personalise them, measure their effectiveness and carry out other marketing activities, including on websites separate from the Website, such as social networking sites or other sites belonging to the same advertising network as the Website)
  1. The Controller may process the data contained in Cookies when visitors use the Website for the following specific purposes:

using cookies on the Controller's website identification of Users as logged in to the Website and show that they are logged in (essential cookies)

storing data from completed forms, surveys or login data for the Website (essential and/or functional/preference cookies)

adapting the content of the Website to the individual preferences of the User (e.g. as regards colours, font size, page layout) and optimising the use of the Website's pages (functional/preference cookies)

keeping anonymous statistics on how the Website is used (analytical and performance cookies)

displaying and rendering advertisements, to limit the number of times advertisements are displayed and ignoring advertisements which the User does not wish to see, measuring the effectiveness of advertisements, personalising advertisements, i.e. studying the behavioural characteristics of visitors to the Website by analysing their actions in an anonymous form (e.g. repeated visits to specific pages, keywords, etc.) in order to create their profile and to provide them with advertisements tailored to their anticipated interests, also when they visit other websites within the advertising network of Google Ireland Ltd. and Facebook, i.e. Meta Platforms Ireland Ltd. (marketing, advertising and social media cookies)
  1. It is possible to check which Cookies are being sent at any given time by a page of the Website, irrespective of the Internet browser used, using the tools available, e.g., on the website at: https://www.cookiemetrix.com/ or https://www.cookie-checker.com/.
  2. As a standard, most web browsers available accept cookies by default. Everyone can define the terms of using Cookies via their web browser settings. This means that Users can, for example, partially restrict (e.g. temporarily) or completely deactivate the storage of cookies – in the latter case, however, this may affect certain functionalities of the Website.
  3. Browser settings regarding cookies are important regarding the consent to the use of cookies by our Website – in accordance with the regulations, such consent can also be given through appropriate browser settings. Detailed information on changes of settings concerning Cookies and clearing them in the most popular web browsers is available in the help section of each web browser and on the following websites (you only need to click on the selected link):
in Chrome
in Firefox
in Internet Explorer
in Opera
in Safari
in Microsoft Edge
  1. The Controller may use the services Google Analytics, Universal Analytics provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on the Website. These services help the Controller keep statistics and analyse traffic on the Website. The data collected is processed as part of the above services to generate statistics to help administer the Website and analyse traffic on the Website. The data collected is aggregated. When using the above services on the Website, the Controller collects data such as the sources and medium of acquisition of visitors to the Website and their behaviour on the Website, information on the devices and browsers from which they visit the Website, IP and domain, geographical data and demographic data (age, gender) and interests.
  2. It is possible for a person to easily block the release of information to Google Analytics about their activity on the Website – for this purpose, the user can, for example, install a browser add-on provided by Google Ireland Ltd. and available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
  3. In connection with the possibility of the Controller using advertising and analytical services provided by Google Ireland Ltd. on the Website, the Controller indicates that complete information on the principles of processing of data of the visitors to the Website (including information stored in cookies) by Google Ireland Ltd. can be found in the privacy policy of Google services at the following website address: https://policies.google.com/technologies/partner-sites.
  4. The Controller may use on the Website the Facebook Pixel service provided by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service helps the Controller measure the effectiveness of advertisements and find out what actions are taken by the Website visitors, and display tailored advertisements to those visitors. Detailed information on how the Facebook Pixel works can be found at the following web address: https://www.facebook.com/business/help/742478679120153?helpref=page_content.
  5. The operation of the Facebook Pixel can be managed via the ad settings of the Facebook.com account: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

8. FINAL PROVISIONS

The Website may contain links to other websites. After going to other websites, the Controller encourages you to familiarize yourself with their privacy policy. This privacy policy applies only to the Controller's Website.