Privacy Policy – How We Protect and Process Personal Data

This Privacy Policy describes the principles governing the processing of personal data by Codenica in connection with the use of our products, services, websites, and any form of communication with us. The purpose of this document is to provide you with clear information about what data we collect, how it is used, and what rights you have in relation to the processing of your personal data.

We reserve the right to update this Privacy Policy in the event of changes in applicable laws, the scope of services provided, or the data processing practices applied by Codenica. The updated version of the Privacy Policy becomes effective upon its publication on our website. Continued use of our Products and Services after the changes take effect constitutes acknowledgment of the updated content and acceptance of the applicable rules.

If you do not agree with the provisions of this Privacy Policy or find any part of it unacceptable, you should refrain from using our Products and Services.

Terms not defined in this document have the meaning assigned to them in the Terms of Use. This Privacy Policy constitutes an integral part of the documentation governing the use of Codenica services.

1. Global Privacy Rights

Regardless of your place of residence, citizenship, or the location where data is processed, Codenica applies uniform personal data protection standards in accordance with applicable laws, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation - GDPR).

Use of Codenica Products and Services means that you have read this Privacy Policy and understand the data processing principles described herein. Where required by applicable law, personal data is processed on the basis of explicit consent or another appropriate legal basis.

2. Information We Manage

2.1. The scope of personal data processed depends on the nature of the relationship and interactions with Codenica, in particular on the use of our Products and Services, visits to our websites, communication with us, entering into agreements, or participation in marketing activities.

2.2. The data we process may include, in particular: identification and contact details, billing and transaction data, data relating to activity within IT systems, information about devices and browsers, content transmitted through the Services, as well as statistical and analytical data generated based on the use of our Products and Services.

2.3. Depending on the nature of the cooperation, Codenica may act as a data controller or as a data processor acting on behalf of the Customer. The legal bases for data processing include, in particular: performance of a contract or taking steps prior to entering into a contract, compliance with legal obligations, the legitimate interests of Codenica or the Customer, and - where required by law - consent.

2.4. We ask that you do not provide special categories of personal data (sensitive data), such as information relating to health, political opinions, religious beliefs, or biometric data, unless such data is explicitly required by the functionality of the Services and permitted by applicable law. Codenica shall not be responsible for sensitive data provided voluntarily without a valid legal basis.

2.5. In order to ensure proper operation, security, and development of our Products and Services, we may use analytical technologies, cookies, and tools provided by third parties. This Privacy Policy does not govern data processing practices of independent third-party providers. We encourage you to review their privacy policies before using the solutions they offer.

3. Information Sharing Practices

Codenica places particular importance on the protection of privacy and the security of personal data. We share data only to the extent necessary for the proper provision of the Services, fulfillment of legal obligations, or in other cases expressly described in this Privacy Policy.

3.1. Service Providers. Your data may be disclosed to trusted partners cooperating with Codenica who provide technical, operational, or support services on our behalf (such as hosting, infrastructure maintenance, security, customer support, analytics, or communication services). These entities process personal data solely on our instructions and pursuant to data processing agreements ensuring an appropriate level of personal data protection.

3.2. Affiliated Entities. In justified cases, data may be shared with entities affiliated with Codenica by capital or organizational structure, solely for internal, operational, or administrative purposes, while maintaining consistent data protection standards. In the event of material organizational changes that may affect data processing practices, we will provide appropriate advance notice.

3.3. Legal Obligations. We may disclose personal data where required by applicable law, final court judgments, or binding requests of authorized public authorities. In such cases, disclosure is limited to the extent necessary and carried out in accordance with the principles of legality and proportionality.

3.4. External Websites. Our websites or Services may contain links to external websites or resources that are not operated by Codenica. We are not responsible for the data processing practices of such entities. We recommend reviewing their privacy policies before using their services.

3.5. Third-Party Service Integrations. If you choose to use integrations with third-party providers within the Services, any transfer of data to such providers occurs at your responsibility and in accordance with the terms and privacy policies applicable to those providers. Codenica is not responsible for the data processing practices of independent third parties.

4. Protection and Storage of Your Information

4.1. Security Measures. Codenica applies appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, loss, alteration, or destruction. These measures are adapted to the nature of the data, the scope of processing, and identified risks, and include, among others, infrastructure safeguards, access controls, encryption, operational procedures, and regular security reviews.

Despite applying high security standards, it should be noted that no information system can guarantee absolute security. In the event of a personal data breach, we will promptly take appropriate actions in accordance with applicable law, including - where required - notifying the competent supervisory authority and the affected data subjects.

4.2. Data Retention. Personal data is retained only for the period necessary to fulfill the purposes for which it was collected or for the duration required by applicable law. Retention periods may vary depending on the type of data, the nature of the relationship with Codenica, and legal obligations.

Upon expiration of the applicable retention period, personal data is permanently deleted or anonymized in a manner that prevents identification of the data subject, unless further retention is required by law.

5. Data Management and Use

5.1. Personal data and other information processed by Codenica are used solely for clearly defined and legitimate purposes related to performance of the Agreement, provision of the Services, ensuring their security, development of functionality, handling support requests, and compliance with legal obligations. The scope of data processing is limited in each case to the minimum necessary to achieve the relevant purpose.

5.2. Account registration and use of certain Services may require the provision of identification, contact, or billing data. Such data is processed in a transparent manner, in compliance with applicable law, and proportionate to the nature of the Services provided. Payment data is processed solely to the extent necessary to complete transactions and through specialized payment service providers.

5.3. Information you provide when using the Services, including data entered into the system, communications with the support team, or interactions carried out via integrated third-party platforms, is processed in accordance with this Privacy Policy and - in the case of third-party services - in accordance with the policies applicable to those providers.

5.4. Codenica may process data for statistical analysis, improvement of the Services, and optimization of their operation. Such analyses are conducted in a manner that does not infringe the rights and freedoms of data subjects and, where possible, in aggregated or anonymized form. Codenica does not make decisions producing legal effects concerning users based solely on automated data processing.

5.5. You are entitled to rights related to the processing of personal data, including the right of access, rectification, erasure, restriction of processing, objection, and - where provided by law - data portability. Requests are handled within the timeframes specified by applicable law.

5.6. In the course of using the Services, approximate location data or technical device data may be processed solely to the extent necessary to ensure security, proper operation of the Services, or adaptation to technical conditions. The scope of such data depends on device configuration and user settings.

5.7. Codenica uses cookies and similar technologies in accordance with applicable law and a separate Cookies Policy. These technologies are used, among other things, to ensure Service functionality, improve usability, and for analytical purposes. This Privacy Policy does not apply to services or applications of third parties that you use independently.

To the extent required by applicable law, the use of cookies and similar technologies is based on the user’s prior consent or another lawful legal basis.

6. Compliance With Data Protection Regulations

6.1. GDPR Compliance. Codenica processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and other applicable data protection laws. Personal data processing is carried out in compliance with the principles of lawfulness, fairness, transparency, data minimization, purpose limitation, and integrity and confidentiality.

6.2. Data Processing Roles. Depending on the nature of the interaction and the type of Services provided, Codenica may act either as a data controller or as a data processor on behalf of the Customer. Detailed rules governing personal data processing, including the roles of the parties, are specified in the Agreement, the Data Processing Addendum, or other agreed documents.

6.3. Compliance With Local Laws. In addition to GDPR, Codenica complies with other applicable personal data protection regulations relevant to its operations. Our procedures are regularly reviewed and updated to ensure compliance with current legal requirements and recognized industry best practices.

6.4. Data Subject Rights. Data subjects are entitled to the rights provided under GDPR, including the right of access, rectification, erasure, restriction of processing, objection, and the right to data portability - to the extent provided by applicable law. Codenica does not sell personal data to third parties.

6.5. To exercise your rights or if you have any questions or concerns regarding the processing of personal data, you may contact us via the dedicated contact channel specified in this Privacy Policy.

7. Global Data Processing and Transfers Outside the EU

7.1. In the course of its business operations, Codenica uses cloud infrastructure and IT tools provided by reputable service providers, including the Microsoft Azure platform. Personal data may be processed in data centers located within the European Union or - in justified cases - outside the European Economic Area (EEA), solely to the extent necessary for the proper provision of the Services.

7.2. Any transfer of personal data outside the EEA is carried out in accordance with applicable data protection laws, in particular GDPR. We apply appropriate safeguards such as Standard Contractual Clauses (SCCs), adequacy decisions, or other legally permitted mechanisms to ensure a level of data protection equivalent to that applicable within the European Union.

7.3. We cooperate exclusively with providers and partners who commit to maintaining high standards of personal data protection and implementing appropriate technical and organizational measures. We regularly verify the applied safeguards to ensure data security regardless of the location of processing.

8. Complaints, Contact, and Exercise of Rights

8.1. If you have any questions, concerns, or objections regarding the processing of your personal data, we encourage you to contact us in the first instance via the designated contact channel. We make every effort to handle all inquiries diligently, promptly, and with respect for your rights.

8.2. Codenica acts as the data controller with respect to personal data processed in connection with the operation of its websites, marketing communications, and contract performance. In the context of providing Services to Customers, Codenica may also act as a data processor, in accordance with applicable agreements.

8.3. Registration of an account and use of the Services constitute acceptance of this Privacy Policy, which - together with the Terms of Use and other related documents - forms an integral part of the Agreement between you and Codenica.

8.4. If you believe that the processing of your personal data violates applicable data protection laws, you have the right to lodge a complaint with the competent supervisory authority. Exercising this right does not limit your ability to contact us beforehand in order to clarify the matter.

8.5. In the event of reorganization, restructuring, merger, or sale of Codenica’s business, personal data may be transferred to a legal successor solely to the extent permitted by law and in accordance with the data protection principles set out in this Privacy Policy.

9. Data Controller

The controller of personal data is Codenica.

In matters related to the protection of personal data, the exercise of data subject rights, or this Privacy Policy, you may contact us through the official communication channels made available on the Codenica website.

Codenica is not required to appoint a Data Protection Officer (DPO). All matters related to personal data protection are handled directly by a designated team responsible for regulatory compliance.

10. Right to Lodge a Complaint

If you believe that the processing of your personal data violates applicable data protection laws, you have the right to lodge a complaint with the competent supervisory authority.

For individuals located within the territory of the Republic of Poland, the competent supervisory authority is the President of the Personal Data Protection Office (PUODO).

11. Changes to the Privacy Policy

This Privacy Policy may be updated periodically to reflect changes in applicable laws, the scope of Services provided, or the data processing practices applied.

The current version of the Privacy Policy is always available on the Codenica website. In the event of material changes that may affect users’ rights or obligations, we will take reasonable informational measures.