MakoLab Privacy Statement 2019-01-01
This Privacy Statement is provided by MakoLab S.A, also referred to in this document as ‘MakoLab’, ‘we’, ‘us’ and ‘our’. It sets out the rules for downloading, processing and protecting the personal data collected from you while you are using the content and functions of any MakoLab website.

Data processing in relation to products or services purchased from MakoLab S.A. is regulated by separate procedures and agreements.

We declare that we make every effort to ensure the proper security for the data we collect and we undertake measures to prevent third parties from interfering with personal data and the privacy of the people the data pertains to. The personal data you transmit to us will be used for the purposes set out in this document.

We ask you to read this Privacy Statement carefully before using our websites and before providing any data. Any visitor who does not consent to the collection, use and disclosure of their data as set out in this statement and in any and every relevant privacy-related document binding either nationally or on a specific website will be requested to stop using MakoLab S.A.’s websites.

You can contact us directly by phone or via our websites in order to obtain information about our company and services and to listen to or view specific information without needing to provide any personal data. Irrespective of this, circumstances may arise where your personal data will be essential to the provision of the service or process required. In such cases, you will be notified of the need to provide the relevant data and of the way they will be used and, at the same time, you will be able to decide whether to provide them or refuse to do so.

You may be required to provide your personal information:

  • if you are interested in requesting, a particular service from MakoLab S.A. or our units, such as drafting an offer or sending information about a product;
  • if you are interested in taking part in a process or event such as recruitment, receiving our newsletter or participating in a conference.

You may then be asked to complete and send a form or questionnaire where the kind of personal data being collected will be clearly indicated.

In a situation where the data you provide on a form or questionnaire is disclosed to a third party collaborating with us, MakoLab S.A. considers you to have granted the relevant permission to that party.

The data you provide in this way are used by us solely for the purpose of performing a service, carrying out a process or arranging your participation in an event, as requested.

1. Definitions

For the purposes of this statement:

  1. ‘MakoLab’s’ or ‘our’ website(s): a website or websites run by MakoLab S.A. or on behalf of MakoLab and our units around the world;
  2. Data Controller, also referred to in this statement as ‘the controller’: as defined by the European Commission, the person who determines the purposes for which, and the means by which, personal data is processed;
  3. Cookies: small text files which are placed on your computer hard drive or your mobile device when you visit a MakoLab website;
  4. Google Analytics: software making it possible to track traffic on a website and monitor marketing activities;
  5. GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Official Journal of the European Union, L119, volume 59, 4 May 2016.
  6. Data subject: a person whose personal data is collected, processed and stored.
2. Our Personal Data Controller
The controller of the personal data we collect is MakoLab S.A. The company’s registered office address is ulica Ogrodowa 8, 91-062 Łódź and it is entered into the National Court Register administered by the 20th Department of the National Court Register, the District Court for Łódź-Śródmieście, under the number KRS 0000289179.

For matters concerning the protection of your personal data and in order to exercise of your rights, you can contact us by e-mail at gdpr@makolab.com or by writing to us at our registered office.
3. Why we process your personal data and the legal basis for doing so

In order to provide services in line with our business profile, we process your personal data for various purposes, but always lawfully. Below are the details of why we process your data, which data we process and the legal basis in each case:

3.1.    In order to send you our newsletters, we process the following personal data:

  • your given name and surname;
  • your e-mail address.

The legal basis for this processing is Article 6, item 1(a) of the GDPR, which permits the processing of personal data if the data subject has given their consent.

3.2      In order to post a comment you have written below an article published on one of our websites, we process the following personal data:

  • your given name or nick;
  • your IP number.

The legal basis for this processing is Article 6, item 1(a) of the GDPR, which permits the processing of personal data if the data subject has given their consent. In this case, when you post a comment, we simultaneously accept this as your consent to the processing of your personal data.

3.3      In order to establish the price of a service or services and in order to carry the service/services out, we process the following data:

  • your given name;
  • your e-mail address;
  • your order/client number;
  • the date.

The legal basis for this processing is Article 6, item 1(b) of the GDPR, which permits the processing of personal data if it “is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”. If you also decide to provide your surname, then we consider you have given your consent to the processing of that, as well. The basis for that processing is Article 6, item 1(a) of the GDPR, which permits the processing of personal data if the data subject has given their consent.

3.4      For analytical purposes, in other words, studying and analysing activity on a website belonging to MakoLab, we process the following data:

  • the date and time you visit the page;
  • your operating system type;
  • your approximate location;
  • the browser you are using to visit the website;
  • the time you spend on the website;
  • the subpages you visit;
  • if you fill out a contact form, the subpage where you did so.

The legal basis for this processing is Article 6, item 1(f) of the GDPR, which permits the processing of personal data if it “is necessary for the purposes of legitimate interests pursued by the controller”. Here, it is in MakoLab’s interests to study client and other visitor activity on our websites.

3.5      In order to use cookies on our websites, we use textual information. The legal basis for this processing is Article 6, item 1(a) of the GDPR, which permits the processing of personal data if the data subject has given their consent. On your first visit to any of our websites, a cookie consent message appears. For more information on cookies, please see item 4 of this statement.

3.6      In order to administer our websites, we process the following personal data:

  • your IP address;
  • the server date and time;
  • information about the browser;
  • information about the operating system.

These data are automatically registered in the server logs every time one of our websites is used. It would be impossible to administer the websites without using a server and without this automatic registration. The legal basis for this processing is Article 6, item 1(f) of the GDPR, which permits the processing of personal data if it “is necessary for the purposes of legitimate interests pursued by the controller”. Here, it is in MakoLab’s interests to administer our websites.

3.7      In order to issue invoices and fulfil other obligations arising from the tax laws, such as storing accounting documentation for five years, we process the following data:

  • your given name and surname;
  • your company
  • your address or the company’s registered address;
  • your/the company’s tax ID number;
  • your order number.

The legal basis for this processing is Article 6, item 1(c) of the GDPR, which permits the processing of personal data if it “is necessary for compliance to a legal obligation to which the data administrator is subject”.

3.8      In order to create registers and records relating to the GDPR, including registers of clients who have lodged objections, as provided for by that regulation, we process the following data:

  • your given name;
  • your e-mail address.

We do this for two reasons. First, the provisions of the GDPR impose specific documentary obligations in order for us to be able to demonstrate our conformity and accountability. Second, if you, for instance, refuse to accept the processing of your data for marketing purposes, we need to know that we should not use direct marketing in your case because you do not wish us to. The legal basis for this processing is twofold. First, there is Article 6, item 1(c) of the GDPR, which permits the processing of personal data if it “is necessary for compliance [with] a legal obligation to which the data administrator is subject”. Second, there is Article 6, item 1(f) of the GDPR, which permits the processing of personal data if it “is necessary for the purposes of legitimate interests pursued by the controller”. In this case, it is in MakoLab’s interests to know about people who are exercising their rights as provided for in the GDPR.

4. Cookies

MakoLab’s websites use cookies, in other words, information placed on your device by servers, which can then read them every time they connect with your device. In general, cookies contain the domain name of the website they come from, the length of time they will be stored on the device and a unique number. Cookies can be placed on your device and then used by one of our units using external tools to monitor traffic and activity on our websites.

We use the following types of cookie on our websites:

  • ‘necessary’ cookies, which are essential to your secure use and navigation of the site. They enable its core functions and store single-session data;
  • ‘functional’ cookies, which make it possible to ‘remember’ the settings you select and your personalised user interface. For instance, they will remember whether you have chosen the mobile or classic version, the phrases you have recently entered and the appearance of the website, and they will maintain your session;
  • ‘analytical’ cookies, which enable us to monitor user activity on our websites.

Cookies are not used to process or store personal data. They cannot help anyone to identify you directly and they make no changes to the configurations of browsers, computers and mobile devices.

You can opt out of cookies by installing this plug-in: https://tools.google.com/dlpage/gaoptout.

Cookies do not modify the other data on your computer hard drive or mobile device in any way whatsoever and they have no effect on the proper functioning of your operating system.

5. The right to withdraw your consent

5.1      Just as the processing of your personal data occurs on the basis of your consent, so you can withdraw that consent at any time

5.2      If you wish to withdraw your consent to the processing of your data, then all you need do is:

  • send an e-mail to us directly at gdpr@makolab.com, or
  • click on the link provided at the bottom of a newsletter.

5.3      If your personal data has been processed on the basis of your consent, then the withdrawal of that consent does not mean that the processing of your personal data prior to that has been illegal. In other words, we have the right to process your data until you withdraw your consent and its revocation has no effect on the lawfulness of the processing before that time.

6. Essential provision of personal data

6.1      The provision of any personal data whatsoever is voluntary and depends on your decision to do so. However, in some cases, it is essential that you provide specific personal data in order for us to meet your expectations when you use our services.

6.2      In order to receive an invoice, you need to provide all the data required by the tax laws, which is to say, your given name and surname or the company name, your address or the company's registered address and the relevant tax ID number. Without this information, we will not be able to issue a proper invoice.

6.3      In order for us to be able to contact you by phone about matters connected with carrying out a service, it is essential that you provide us with a phone number.

7. Automated decision-making and profiling
We are pleased to inform you that we do not use automated decision-making or profiling.
8. Personal data recipients

8.1      Like most businesses, we avail ourselves of assistance from other companies. On many occasions, this involves the necessity of transmitting personal data to them. In this respect, as and when required, we transmit your personal data to companies providing accountancy, marketing, web hosting, IT support and website analysis services.

8.2      In addition, it may happen that, on the basis of the applicable laws or a decision made by the competent authorities, it will be necessary for us to transmit your personal data to other organisations, public or private, as well. It is therefore extremely difficult for us to foresee who might require personal data to be made available to them. Nonetheless, we give you our assurance that, on our part, we analyse every single request of that kind very carefully and very thoroughly in order to avoid unintentionally transmitting any information to an unauthorised person.

9. Transmitting personal data to third countries

9.1     We are one of the many businesses who use a range of the popular services and technologies offered by companies like Facebook, Microsoft and Google, which have their registered offices outside the European Union. As such, they are considered to be third countries under the provisions of the GDPR.

9.2      The GDPR introduces certain limitations to the onward transmission of personal data to third countries because, given that the principles of the European regulations are not applicable there, the protection of European citizens’ personal data may, unfortunately, be insufficient. The controller is therefore obliged to establish the legal basis for any such transmission.

9.3      On our part, we give you our assurance that, when we use services and technologies of this kind, we only transmit personal data to organisations in the European Economic Community.

9.4      Should you be concerned about the onward transmission of your personal data, we will provide you with additional explanations and details at any time.

9.5         You have the right to receive a copy of your personal data which has been transmitted to a third country.

10. Personal data processing period

10.1   In accordance with the law, we do not process your data for ‘all eternity’, but only for the period when they are necessary to achieve a defined purpose. After that, they are irreversibly deleted or destroyed.

10.2   The specific periods for processing your personal data are as follows:

  • the duration of a contract: for personal data processed and stored in order to enter into a contract and execute it;
  • thee years or ten years plus one year: for personal data processed in order to establish, Investigate or defend claims. The length of time depends on whether or not both parties are businesses;
  • six months: for personal data collected during a pricing process for our services, but where a contract is not entered into immediately;
  • five years: for personal data connected with fulfilling obligations in connection with the tax laws;
  • until your consent is withdrawn or the purpose of processing your personal data on the basis of your consent has been achieved;
  • until a successful objection to the processing has been made or the purpose of the processing has been achieved, but for no longer than two years for your personal data processed on the basis of legitimate interests pursued by the controller or for marketing purposes;
  • until your data becomes outdated or ceases to be useful, but for no longer than three years for data processed primarily for the purposes of analysis, using cookies and administering the website;

10.3   In order to streamline the process of deleting or destroying personal data, we calculate the yearly periods from the end of the year in which we began processing the data. Calculating the time periods on the basis of each separate contract we enter into would involve not only significant organisational and technical difficulties, but also considerable financial outlay. Establishing one date for deleting or destroying personal data enables us to manage the process effectively. However, should you wish to exercise your right to be forgotten, then we will, of course, consider the situation on an individual basis.

10.4   The ‘plus one year’ for the processing of personal data collected for the purpose of executing a contract is dictated by the fact that you might, hypothetically, lodge a claim directly before the expiry date and it might be delivered after a considerable delay or you could make a mistake about its expiry date.

11. The rights of data subjects

11.1   You have the following rights:

  • to access your personal data;
  • to rectify your personal data;
  • to erase your personal data;
  • to restrict the processing of your personal data;
  • to object to the processing of your personal data;
  • to transmit your personal data.

11.2   We respect your rights, as enshrined in the regulations on personal data protection and we make every effort to implement them to the greatest possible extent.

11.3   We would like to point out that the rights in question are not absolute and we may thus legally refuse to fulfil them in certain situations. However, if we do deny your request, it will only be after thorough analysis and in circumstances where our refusal is necessary.

11.4   We would like to make it clear that you have the right to object, at any time and in respect of your personal situation, to the processing of your personal data on the basis of legitimate interests pursued by the controller. However, please remember that, in accordance with the regulations, we can reject your objection if we can demonstrate that:

  • there are legally justified grounds for processing your personal data and that those grounds take precedence over your interests, rights and freedoms or
  • there are grounds for the establishment, investigation or defence of claims.

11.5   In addition, you can object to the processing of your personal data for marketing purposes at any time. If you do, then once we receive your objection, we will stop the processing for that purpose.

11.6   You can exercise your rights by:

  • sending an e-mail to us directly at gdpr@makolab.com or
  • clicking on the link provided at the bottom of a newsletter.
12. The right to lodge a complaint

If you believe that your personal data are nor being processed lawfully, you can lodge a complaint with the President of the Personal Data Protection Office (PDPO). To find out more about the PDPO, please see https://uodo.gov.pl/en.

13. Links to the websites of other companies and organisations.

Our websites may contain links to the websites of other businesses or organisations. MakoLab S.A. shall not be liable for the procedures and mechanisms used in those businesses and/or organisations for the protection of personal data and the content of their websites.

14. Final provisions

As the owner of this privacy statement, MakoLab S.A. reserves the right to change it entirely or partially. New provisions come into force as soon as the statement is published on MakoLab S.A.’s websites. The consent given by you, the user, in accordance with the content of this document, constitutes consent given to MakoLab S.A.