Data Processing Policy - Facebook
Information clause regarding the processing of personal data in connection with the running of the fanpage by Leon Software sp. z o.o. sp. j. with its registered office in Warsaw at Al. Jerozolimskie 151/5U, 02-326 Warsaw, on Facebook on the basis of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the so-called GDPR.
1) Controller
The Controller of your personal data is Leon Software sp. z o.o. sp. j. with its registered office in Warsaw at Al. Jerozolimskie 151/5U, 02-326 Warsaw (hereinafter as „Controller”).
You can contact the Controller via e-mail: gdpr@leonsoftware.com or by correspondence under the abovementioned address of the Controller’s registered office.
2) Categories of people whose data are processed and the scope of the processing
a) The Controller processes the data of people who:
i) subscribed to the fanpage by clicking on the "Like" or "Follow" icon;
ii) published their comment, shared it or clicked on the "Like" icon below any of the posts posted on the fanpage.
b) The Controller processes the types of personal data:
i) Facebook ID (usually containing name or nickname);
ii) a profile photo;
iii) information that you provide to the Controller (e.g. reaction to posts, content of comments added or photos published on our fanpage).
3) Purposes and grounds of processing
a) The Controller processes your personal data:
i) on the basis of a legitimate interest (article 6 (1) (f) of the GDPR) consisting of:
(1) running the fanpage under the name Leon Software on Facebook, on the terms and conditions set out by Facebook and informing about the Controller’s activity, promoting events and brands, products and services, building and maintaining a community with the Controller and for communication via available Facebook functionalities (comments, messages);
(2) for the establishment, exercise or defence of legal claims.
ii) on the basis of separately granted consent to the extent and purpose specified in the content of the consent and for the time until the withdrawal of the consent (article 6 (1) (a) or article 9 (2) (a) of the GDPR);
iii) on the basis of statutory requirements in order for the Controller to fulfill legal obligations arising from legal provisions (article 6 (1) (c) of the GDPR).
4) Data recipients
Access to your data will be granted to:
a) authorized employees of the Controller, subcontractors and entities providing services to the Controller (including IT services and technical support) who must have access to data in order to perform their duties;
b) other Facebook users (due to the fact that information about people watching the fanpage, likes, as well as content of comments, posts and other information provided by Users - are public);
c) public authorities and entities performing public tasks or acting on behalf of public authorities, to the extent and for purposes that result from the provisions of generally applicable law;
d) the owner of the Facebook social portal on the terms available at: https://www.facebook.com/about/privacy.
5) Transfer of data to third countries or international organizations
The controller does not intend to transfer data to a third country or international organization.
6) Data storage period
The data processing period is related to the purposes and grounds for their processing, therefore:
a) data processed on the basis of consent will be processed until the consent is withdrawn;;
b) data processed on the basis of statutory requirements will be processed for the time during which the law requires the storage of data;
c) data processed on the basis of the Controller’s legitimate interest will be processed until the appropriate objection is effectively lodged or the interest ceases, e.g. data processed for the purpose of pursuing or defending against legal claims will be processed for a period equal to the period of limitation of these claims.
7) Rights
You have the right to:
a) request access to and rectification or erasure of your personal data or restriction of processingand also the right to data portability,
b) withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal,
c) object to the processing of your data for the purpose of direct marketing at any time;
d) object to the processing of your data on the grounds relating to your particular situation;
e) lodge a complaint with Prezes Urzędu Ochrony Danych Osobowych at ul. Stawki; 00-193 Warsaw.
8) Information on the data source
The Controller receives your personal data directly from you through your posts on Facebook, from Facebook itself and from your public profile.
9) Other information
a) Personal data will not be subject to automated decision making, including profiling.
b) Providing your data is voluntary.
In addition, the Controller indicates that together with Facebook Ireland Limited (hereinafter as "Facebook Ireland") they perform the role of joint controllers in the field of data processing for the purposes of statistics. More about data processing for the purposes of website statistics can be found at: https://www.facebook.com/legal/terms/information_about_page_insights_data