By using this page you acknowledge and approve using of cookie files based on your current browser settings.Learn more about cookie files
In this document you will learn how Localize.pl meets the requirements of the GDPR, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC , and how we protect and process your personal data. We have done everything in our power to comply fully with all the requirements of the Regulation, however if you believe that any information is missing or that anything concerning our compliance with the requirements of the GDPR raises your concerns, please write to us and we will promptly correct it. We have divided the document into clear thematic sections, so that you can quickly familiarize yourself with a specific issue. We have described everything as clearly and unambiguously as possible.
We process personal data fairly and lawfully. We also make sure that it is clear to individuals that their personal data is collected, used, viewed or otherwise processed, and to what extent such personal data are or will be processed. All communications and information relating to the processing of data shall be in plain language and without the use of legal jargon. Already at the time of data collection, we also expressly inform you of the identity of the controller (aka data administrator) and the explicit, legitimate and specified purposes of the processing. We only process data that is adequate, relevant and limited to the extent necessary for clearly defined purposes.
We also make sure that the persons whose data we process always have the right to obtain confirmation and information about the processed personal data concerning them and other rights related to the processing of personal data - we also inform about the ways to exercise these rights. We constantly provide you with transparency in accessing and full control over your data, including the possibility of correcting and deleting personal data (including data that is incorrect).
We also describe the principles and risks associated with the processing of personal data of individuals. We process your data in such a way that it is secure and confidential, following the internal security policy and taking care to protect your access to and use of your data (or the equipment on which it is stored).
We also collect personal data only to the extent necessary to ensure the performance and security of our services or to personalize the performance of our products. Data shall at all times be duly protected and kept only for as long as it is necessary for the performance of the service. We do not process personal data as soon as we are able to provide the service in a way that does not require their use. All data collected shall have a clearly defined deadline for their deletion.
All the assumptions of our compliance with the requirements of the GDPR described here are described in detail below.
Every company that processes personal data is obliged to meet a number of requirements in terms of protection, scope and security of personal data processed. At Localize.pl we have been paying a lot of attention to these issues for many years, thanks to which we obtained compliance with the Regulation (GDPR) many months before the statutory deadline. We have nothing to hide, so in this article we want to explain in a simple and transparent way when, for what purpose and to what extent we use personal data. Our goal is to identify all information necessary to ensure fair and transparent processing and to take into account the specific circumstances and specific context of the processing. More on the context of the processing in Chapter 2.
Purposes of personal data processing at Localize.pl:
In order to achieve the above objectives, we make sure that at the moment of registration in the service, the user provides his personal data voluntarily, on his own responsibility, giving consent to their processing, in accordance with the applicable requirements of the GDPR. Only those data that are necessary for the proper operation of the service are processed.
It is important for us to minimize the processing of your personal data at all times. In most cases, we also simply don't need anything for them because of the specific nature of our business. Below we summarize which personal data we process and in which situations:
We do not process sensitive data whose context may pose a serious risk to fundamental rights and freedoms. Such personal data include personal data revealing racial or ethnic origin. We do not process photographs that meet the definition of biometric data, i.e. which, when processed using special technical methods, allow a natural person to be unambiguously identified or confirmed.
It is our policy that we do not store personal information that we do not need to process your order or provide services.
Cookies make it easier for you to customise your website to meet your needs, evaluate the effectiveness of your advertising activities and ensure continuity when you use social media content, which can thus record your visit to our website. You can change the settings of your browser at any time and decide whether or not to save cookies. However, changing the settings may limit the operation of the service.
When using the website, individuals may be assigned Internet identifiers - such as IP addresses, cookies - generated by their devices, applications, tools and protocols, or other identifiers, such as RFID tags. Due to the Internet technology used, this results in leaving a trace, which, especially combined with unique identifiers and other information obtained by the servers, can be used to create profiles and to identify these people.
Cookies that appear on our pages together or separately, grouped by the service responsible for generating the file:
We process data in accordance with the law (4.5.2016 L 119/40 Official Journal of the European Union PL) in order to provide services, including matching preferences, analyzing and improving them and ensuring data security, and also because it is necessary to provide services for their provision (identified here with the Terms and Conditions of the Localize.pl and XL8 TMS websites), statistical measurements and own marketing of the Controller (Administrator). Any processing of personal data for marketing purposes in case of third parties takes place only on the basis of voluntary consent (which can be withdrawn at any time).
We always make sure that the data subject has consented to the processing of his or her personal data for one or more specified purposes. Our process involves processing only where this is necessary for the performance of a contract to which the data subject is party or to take action at the request of the data subject prior to the conclusion of a contract. The legal basis for data processing is also a legal obligation resulting from the regulations of conducting business or other legal conditions that oblige us to process personal data.
Another legal basis for the processing is the legitimate interest of the controller, including the controller to whom personal data may be disclosed, since the data subject is a customer of the controller or acts on his behalf. The processing of personal data is also a legitimate interest of the controller and absolutely necessary to prevent fraud (which could be the case in the absence of verification of personal data when processing orders). The processing of personal data for the purposes of direct marketing is also, in our case, a legitimate interest of the controller, provided of course that the person whose data are processed has given his consent to the nature of the processing of his data.
Data Controller (also known as Data Administrator) with regard to your personal data is the Operator, Localize.pl Agenor Hofmann-Delbor Jacek Mikrut Spółka jawna, with its registered office in Szczecin, under the address: ul. Smolańska 3, 70-026 Szczecin), employees of the company and companies that are trusted partners of Localize.pl, with whom we maintain constant cooperation necessary for the implementation of our services. This cooperation is usually aimed at providing software licenses or a specific service, and in other cases at better adapting the advertisements to the needs and interests of the visitor to the site.
Access to personal data has only the Administrator of Personal Data and employees of Localize.pl, who have been authorized by the Administrator in this respect and have signed the appropriate statement in the scope of working with personal data.
Localize.pl, acting as a personal data controller, taking into account the nature, scope, context and purposes of the processing and the risk of infringement of rights or freedoms of natural persons with different probability and significance of risk, implements appropriate technical and organizational measures to ensure that the processing takes place in accordance with the GDPR. These measures shall be reviewed periodically by us and, if necessary, updated. We also apply an appropriate security and data protection policy.
It is our policy that all personal data provided to us will be stored solely by us. In some cases, we may need to transfer your data to a third party that generates licenses for the software we sell to fulfill your order. For example, SDL (manufacturer of SDL Trados Studio) and ABBYY (manufacturer of FineReader) are such companies. These are only data necessary for the delivery of the licence. We never share any other information with third parties or sell data.
Our assumption is that we store data only for as long as it is necessary and we do not make it available to anyone - only Localize.pl employees have access to it. However, there are situations where the transfer of data to a third party is necessary:
The entities to which we transfer data are market leaders in their fields, which guarantees an adequate level of knowledge, reliability and technical resources to meet the requirements of the GDPR, in particular the security of processing. They have their own clearly defined privacy policies, which at the same time constitute a code of conduct ensuring due care for the processing of data. This processing is carried out on the basis of entrustment agreements or other agreements enabling us to indicate the assumptions of the processing of personal data by the third party to whom we transfer the data in the process of processing the order. The information contained therein shall specify the subject matter and duration of the processing, the nature and purposes of the processing, the type of personal data and the categories of data subjects, the specific tasks and obligations of the processor in the context of the intended processing and the risks of infringement of the rights or freedoms of the data subject.
Processing by a third party takes place on the basis of a contract of entrustment or another legal instrument. It determines the subject matter and duration of the processing, the nature and purpose of the processing, the type of personal data and the categories of data subjects, the obligations and rights of the controller. In particular, this contract or another legal instrument provides that the processor shall provide adequate technical and organisational means to comply with the obligation to respond to the data subject's requests for the exercise of his rights (for more information, see a separate chapter). We use this agreement, for example, for a service that enables us to send out our newsletters and maintain a list of respondents.
In cases which concern Localize.pl, the transfer of data may be considered as unique and concern only a limited number of data subjects (due to the performed order or the provided service). Such processing shall also constitute important legitimate interests of the controller and all the circumstances surrounding the transfer shall be known, precise and safeguarded.
In the case of products which are offered in combination with additional services, e.g. technical assistance, access to specific materials, training, etc., this period is calculated from the moment when the last of the services is completed.
In some cases, laws and fiscal regulations require us to retain data for a strict period of time. In such cases, we strictly comply with these requirements, and the data are deleted only after the expiration of the period required by law, even if the user has submitted an instruction to delete the data earlier, because the provisions of the GDPR are no higher than the tax and tax regulations.
To ensure that data is reviewed and deleted regularly and no later than the data retention period, we use automatic reminders at the level of the Exchange server and secured automatic calendars. Wherever possible, data shall be stored in such a way that they can be automatically terminated.
Personal data provided to us and used in the process of providing technical assistance or training shall be stored only during the period of service provision. Upon termination of the service, the data shall be deleted immediately and a copy of the data shall not be stored by us.
Our recruitment processes are most often connected with receiving CVs of candidates. These documents contain personal data and are processed by us only during the recruitment process. In accordance with our assumptions, after the recruitment process we remove all documents of the candidates and do not keep copies for future recruitment purposes.
In accordance with the principles of the GDPR, we have developed and implemented an internal security policy which defines the application of appropriate technical and organisational measures to protect the rights and freedoms of data subjects. The policy is to limit the storage of data and to process it in a way that ensures an appropriate and adequate level of security, including the protection against unauthorised access, unlawful processing, ensuring data integrity and confidentiality, and in particular the accidental loss, destruction or corruption of data, by appropriate technical or organisational means.
To ensure that our security policy is appropriate, we conduct periodic security audits at the Company.
We design all our systems with data protection and connection security in mind to ensure that we have the right means of protection. When processing data, our services use only encrypted connections (secured with SSL protocol), which ensure security of transmission. This approach reduces the risk of information being intercepted and used for improper purposes by third parties.
The data security procedures we apply minimize the scope of processed data that is stored in separate databases and CRM systems.
The accounting documents shall be kept outside the office or on a secure data medium accessible only to authorised persons or entities with whom a contract of entrustment has been concluded where this is necessary for the performance of the service.
In order to protect your personal data effectively, we use pseudonymization and data minimization where technically possible in order to reduce the risks. For example, if a list applies to orders and invoice numbers, we do not include additional names or other half-names on the list, which may include personal information. The very content of invoices and orders is contained in separate security systems covered by the Security Policy.
We minimize the risk of accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise processed - and which may in particular lead to physical damage, property damage or property damage. In this respect, our security policy is to prohibit the processing of personal data on unencrypted media and to restrict access to backup media, as well as the use of encrypted connections to all systems of invoicing, customer database management or newsletters.
We protect the confidentiality of data in technical (equipment, security) and human (procedures, training, audits) terms.
All our systems are equipped with mechanisms that ensure data availability with guaranteed response time and the possibility of restoring the backup in case of a physical or technical incident.
In order to make sure that the security of processing is ensured, we use regular audits consisting in testing, measuring and evaluating the effectiveness of the technical and organizational measures aimed at ensuring security in this respect.
As part of our security policy, we also have regular audits of the use of personal information and a notification system that allows us to meet our stated use or retention times.
The internal security policy, which we apply and which we have included in the non-public internal document confirming compliance in this respect with the requirements of the GDPR, is also directly related to the risk analysis carried out, which was also formalised in a separate document. The review of risk factors is one of the standard cyclical elements of the internal audit at Localize.pl.
Our technical security measures shall be appropriate to our business activities in relation to the processing risks we have considered, and in particular to the risks arising from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.
The internal security policy shall be our approved code of conduct as referred to in Articles 40 and 42 of the Regulation, as defined in the GDPR.
One of the elements of the security policy applied by us is the obligation to verify the identity of a person in a situation where the personal data processed by the controller do not allow him to identify a given natural person, and obtaining the data will facilitate the exercise of his rights. Verification is usually performed by means of an authentication mechanism and logging in to the services offered by us. Identification data is linked to a unique e-mail address of a natural person.
IT systems visible to natural persons on the Internet are based mainly on typical websites linked with shop modules. These websites use several mechanisms which require the user's active consent. This is always the case when personal data are collected.
Consents on Localize.pl are in the form of check boxes, they are formulated in an unambiguous and specific way. If you do not check the check box, you will not be able to give consent. Consents are given each time separate activities are performed within the service, which require a permit for the processing of personal data. In all areas of the website where you agree to something, we make sure that it is a one-off, informed and specific consent. For this reason, in all forms, including the order form, the check boxes must always be ticked and the selection accepted manually.
Consents which may be given in the context of our processing of personal data can be divided into several areas:
The service user has the right to withdraw the opinions expressed by him directly from the service user's account, by telephone (91) 884 65 04 or by e-mail (email@example.com). The channels for expressing consent function in parallel, so if it is not currently technically possible to use the chosen channel to revoke or give consent, an alternative channel can be used. Using them is just as easy.
Right of access to personal data
In accordance with Article 15 of the GDPR, the data subject is entitled to obtain confirmation from the controller of the fact of processing his data and to obtain access to them. In addition to access, this right obliges the controller to provide additional information about the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular the recipients in third countries or international organisations; and the intended period of storage of the personal data, information about the right to request the controller to rectify, erase or restrict the processing of personal data concerning the data subject, and to object to such processing; information on the right to lodge a complaint with the supervisory authority; where personal data have not been collected from the data subject, any available information on their source; information on automated decision-making, including profiling, and on the relevance and foreseeable consequences of such processing for the data subject.
The controller shall provide the data subject with a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee for administrative costs. Unless the data subject requests a copy by electronic means, and unless otherwise indicated, the information shall be provided by electronic means common to all.
Our IT systems offer access to the entered data directly from the user panel of the service in which they were entered. If, for technical reasons, editing or displaying is not possible, the system is updated, modernized or temporarily unavailable during service work, it is possible to gain access to data by sending a request by e-mail or phone to Localize.pl. If your application has been received electronically, it will be made available electronically and within the time limit required by the GDPR. You can also select the form of data sharing according to your preferences at the time of sending your request to us.
Right of rectification
If you believe that the data we process is incorrect, you have the right at any time to correct, amend (based on an additional statement) or rectify or delete it.
To rectify or erase your personal data or to limit the processing we carry out as a controller pursuant to Article 16, Article 17 (paragraph 1), and Article 18. We inform each recipient to whom personal data have been disclosed, unless it proves impossible or will require a disproportionate effort. We also inform the data subject of these recipients upon request.
Right to erasure or restriction of processing
You have the right to restrict processing in the following cases:
Where processing is restricted, we shall further process personal data only with the data subject's consent or for the purpose of establishing, pursuing or defending a claim, or to protect the rights of another natural or legal person, or on important grounds of public interest of the Union or of a Member State.
Whenever processing restrictions are lifted, we will inform the data subject.
Right to transfer data
If we process your data (which we have previously received from you), you have the right to receive it from us in a structured, commonly used, machine-readable format. You also have the right to send this personal data to another controller (administrator) without any obstacles on our part, if it is done in accordance with the requirements of the GDPR, and in particular Article 6 (paragraph 1 a) or Article 9 (paragraph 2) or on the basis of an agreement as referred to in Article 6 (paragraph 1).
The right to data transfer also applies in all situations where processing on our part is carried out by automated means.
You also have the right to request us to send your data directly to another controller (administrator), as far as this is technically possible.
Right to withdraw consent to the processing of personal data
Each person whose data we process has the possibility to view, edit and delete their personal data by making changes after logging into their account or contacting the administrator of personal data. For technical reasons, some changes may be made only directly by the Controller (Administrator) of personal data.
You have the right to withdraw your consent to the processing of personal data at any time, regardless of whether our processing meets the requirements of the GDPR and whether the consent was given earlier.
Right to lodge a complaint with a supervisory authority
If you believe that your rights with regard to personal data are not respected or in any other way do not meet the requirements of the GDPR, you have the right to lodge a complaint directly with the supervisory authority, which is the President of the Office for Personal Data Protection (POPDP). At the same time, we encourage you to try to resolve any doubts directly with our office beforehand.
Right to a source of personal data
We will provide you with the source of your personal data on request. The further processing of your data is entirely up to you - you have the right to request the deletion of your data from our resources at any time. Part of the data may come from publicly available sources and we will inform you about this in response to your request to indicate the source of the data.
Right of information and objection on automated decision-making
The information provided by us on profiling at Localize.pl confirms that we do not use profiling as understood by GDPR, but if any of the services and services we refer to indirectly on our websites (e.g. YouTube, Facebook, Google) use profiling to which you do not give your consent, you have the right at any time to object to the profiling of your data. Please note that this type of profiling is only possible when the cookie mechanism is enabled, which can be disabled at any time in your browser's settings.
You also have the right to object to the processing of your personal data for marketing purposes, including profiling, to the extent that the processing is related to such direct marketing. Once an objection has been lodged, the data will no longer be processed. We inform about this right each time during the first communication. This information shall be separate from any other information.
Right to send or receive your data
If we process your personal data (which we have previously received from you), you have the right to receive your personal data, in a structured, commonly used, machine-readable and interoperable format, and to send it to another administrator. This applies if we have received your data on the basis of your consent or if the processing is necessary for the performance of a contract.
The right to be forgotten
You have the right to be forgotten if the retention of your data violates the rules of the GDPR, EU law or the law of a Member State to which the controller is subject. This right means in particular that, upon request, your data will be deleted and cease to be processed if they are no longer necessary for the purposes for which they were collected or otherwise processed. The right to be forgotten also applies if you withdraw your consent or if you object to the processing of your personal data, or if the processing of personal data is not otherwise in accordance with the GDPR, or if the data were processed illegally.
Data will also be deleted if this is to comply with a legal obligation under Union law or in Poland.
Right to object at any time to the processing of data for the purposes of direct marketing
You have the option of revoking your prior consent to the processing of personal data for the purposes of direct marketing at any time. There is no charge for this. You also have the right to object at any time, free of charge, to this processing, whether primary or further, including profiling, as long as it is related to direct marketing. This right should be clearly communicated to the data subject and should be presented clearly and separately from any other information.
In all situations requiring the use of a specific right or after receiving an instruction from the data subject to the notification, we declare a maximum of 30 days to fulfill the request related to personal data resulting from the above mentioned rights.
In order to implement an effective security policy, we have conducted a thorough risk analysis of the processing to ensure legal compliance and due diligence in our internal procedures.
We have estimated the risks involved on the basis of an objective and factual analysis of whether there is a risk or an increased risk with the data processing operations. Having identified all the processes taking place in the organisation, internal and external conditions concerning the environment, we have established a risk management process.
All people in the company are involved in the risk management process. Reports and irregularities are immediately reported to the management and the data controller.
Risk analysis is subject to cyclical audits and reviews to ensure that information and risk factors taken into account as well as risk prevention mechanisms are kept up to date.
In order to avoid any assessment of personal factors of natural persons and their impact on the provision of services, delivery of products, etc., we do not use any automatic profiling mechanisms in our ordering process, taking into account the assumptions of GDPR. Data that would allow to assess such factors, and in particular to analyse or forecast aspects related to work effects, economic situation, health, personal preferences or interests, reliability or behaviour, location or movement of the data subject, are not collected at any stage of the processing of personal data at Localize.pl.
It may occasionally be the case that personal data have been collected other than directly from the data subject. This may be the case, for example, when we provide technical assistance through another person or entity, when we receive a list of people to register for training, a list of invoices, orders for verification, etc., and when we receive a list of people to register for training.
We have done everything in our power to comply fully with all the requirements of the GDPR, however if you believe that any information is missing or that anything concerning our compliance with the requirements of the GDPR raises your concerns, please write to us and we will promptly correct it.
The superior body to which we are answerable in the context of compliance with the GDPR is the President of the Office for the Protection of Personal Data, to whom we may also address any complaints in this respect.