Contact Us

Privacy Policy

In case of discrepancies between the language versions of these Privacy Policy, the Polish version shall prevail.

§ 1. General Provisions

  1. The administrator of the personal data processed of the users of the Qlos.com website (hereinafter the “Website”) is Qlos sp. z o.o., headquartered in Lodz at ul. Wróblewskiego 18, 93-578 Łódź, registered in the Register of Entrepreneurs of the National Court Register kept by the District Court for Łódź Śródmieście in Łódź, XX Economic Department of the National Court Register under KRS No. 0000907132, with NIP No. 7292739269, share capital of 50 thousand PLN. PLN (hereinafter “Qlos” or “Administrator”). Data protection is carried out in accordance with the requirements of generally applicable laws and regulations, and data storage takes place on secured servers.
  2. The personal data of users of the Service (hereinafter: “Users”) are processed in accordance with applicable regulations, including in particular in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (“GDPR”).
  3. The administrator uses cookies and similar technologies. Details in the above regard are further specified in the provisions of this privacy policy.
  4. This privacy policy sets out the detailed rules for the Administrator’s processing of Users’ personal data. In any case, in the event of a possible conflict between this policy and the applicable regulations, the applicable regulations will take precedence.
  5. The controller has not appointed a data protection officer. For all matters relating to the Administrator’s processing of your personal data and the exercise of your rights related to data processing, you may contact at email address: [email protected], or in writing to: ul. Wróblewskiego 18, 93-578 Łódź.
  6. Services in the Service are directed exclusively to entrepreneurs in the scope of their core business.

§ 2. Principles of personal data processing

  1. The Administrator processes Users’ personal data based on the following legal grounds:
    1. consent given by the data subject – Art. 6 paragraph. 1(a) GDPR (this is the case, among others, of consents for data processing for marketing purposes that can be granted on the Service);
    2. The legitimate interest of the Administrator – art. 6 paragraph. 1(f) GDPR (this is the case in the cases described in detail in the terms and conditions of the services available on the Service; this basis applies in particular to the so-called marketing of the Administrator’s own services , including analytical activities carried out in the above scope, as well as in the case of the need to process data for the purposes of fulfilling obligations in tax proceedings, the assertion of claims and defense against claims, the necessary archiving, etc.). This legal basis for the use of data is also used to ensure the proper, safe and efficient operation of the Service and its development. The legitimate interest of the Administrator is also the legal basis for the processing of User data in order to operate the accounts held by the Administrator on social networks such as Facebook, Instagram, Mailerlite and LinkedIn and the interactions between these accounts and the Service, covering mutual redirection, analysis of where the User comes to the Service from, re-marketing of own services, etc.);
    3. Necessity of the processing for the performance of the contract concluded by the Administrator with the person using the services available on the Website – – Art. 6 paragraph. 1(b) GDPR (if a User enters into an agreement with the Administrator regarding the provision of services available on the Website, then in order to perform this agreement the Administrator must be able to process those personal data of that User that are necessary for this purpose).
  2. The scope of personal data processed is defined in detail in the regulations of the services available on the Website. As a standard, this data includes: name, surname, e-mail address, contact address, taxpayer identification number, telephone number, IP address and other identifiers of the telecommunications network termination or data communications system used by the user, information about the beginning, end and scope of each use by the user of the electronically provided service, information about the use of electronically provided services by the Service Recipient. The data may also be processed through cookies and similar technologies.
  3. The source of personal data processed by the Administrator is the User (data is provided directly by the User) and his/her activities performed on the Website.
  4. Period of storage of Users’ personal data:
    1. In the case of data processing based on consent, personal data will be processed until the consent is withdrawn.
    2. In the case of processing based on the legitimate interest of the Administrator, personal data will be processed for the specified purpose until effective objection to such processing is made.
    3. In the case of data processing based on the need to perform a contract, personal data will be stored until the statute of limitations for claims under the contract/provision of services (such period is usually 2 years) or until the expiration of the obligation to store data under the law, in particular the obligation to store accounting documents relating to the contract.
  5. The Administrator plans to share Users’ personal data with entities in the capital group to which the Administrator belongs (companies and persons related to the Administrator within the meaning of applicable regulations, i.e., as a rule, those holding at least 20% of shares in the Administrator’s company or companies in which the Administrator holds the aforementioned number of shares) or third parties for the purposes mentioned above. In addition, data may be transferred to entities that process personal data on behalf of the Administrator m. in. IT service providers, entities processing data for the purpose of debt collection, marketing agencies (including in particular to Google LLC for analytical services) – whereby such entities process data on the basis of a contract of entrustment of personal data processing concluded with the Administrator and only in accordance with his instructions.
  6. Collected personal data will not be transferred to recipients located in countries outside the European Economic Area (countries of the European Union and Iceland, Liechtenstein and Norway), unless such third country has been recognized by the European Commission in accordance with the provisions of Art. 45 par. 3 of the GDPR as providing an adequate level of protection, or where the transfer is made on the basis of conditions ensuring an adequate level of data protection, including those indicated in the framework of standard contractual clauses (SCC) recommended by the European Commission.
  7. Each data subject has the right to access, request rectification or erasure of data, the right to request restriction of processing, the right to object to processing, the right to data portability. These rights may not be taken into account in justified cases, nevertheless, the User will always have the right to lodge a complaint to the supervisory authority (President of the Office for Personal Data Protection) in any aspect of the processing of the User’s personal data carried out by the Administrator.
  8. To the extent that personal data processing is based on consent, the data subject has the right to withdraw consent. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
  9. The Administrator shall not process the User’s personal data for the purpose of automated decision-making affecting the User’s rights or obligations or freedoms within the meaning of Art. 9 paragraph. 2(f) GDPR. The Service may carry out profiling of the User’s personal data to the extent that it does not affect the aforementioned. rights, obligations and freedoms of the User; such profiling will concern marketing activities aimed at presenting the User with the best possible tailored offer of the Administrator’s services.
  10. Provision of personal data processed by the Administrator is voluntary, whereby:
    1. Provision of personal data in connection with the contract concluded / services provided on its basis is voluntary, but necessary for the conclusion and performance of the contract – without providing personal data it is not possible to conclude a contract / provide services.
    2. Provision of personal data in the case of processing based on the given consent is voluntary, and lack of consent will prevent the implementation of activities covered by the content of the given consent.
  11. The Administrator has the right to share the User’s personal data and other data with entities authorized under applicable law (e.g. law enforcement agencies).
  12. Detailed information about the Administrator’s data processing processes is the following table to this privacy policy.
No.Subject of processingData scopeBasis for processingPurpose of processingCategory of persons
1.Submitting an inquiry via a form directly from qlos.com or by email/telephone or any other form of contactNames and surnames,E-mail address,Telephone number,Content of the inquiryInternet Protocol (IP) address and other identifiers of the telecommunications network termination or data communications system used by the user,Processing is necessary to take action at the request of the data subject prior to entering into a contract (Art.6(1)(b) GDPR) or processing is necessary for the purposes of the legitimate interests pursued by the controller (Art.6(1)(f) GDPR),To conclude a contract with the Customer or to provide the Customer with the necessary information about the Administrator’s services.Persons who have contacted the Administrator through a form, e-mail or otherwise – in order to conclude a contract or obtain information about the Administrator’s services
2.Sending a proposal and quote for the serviceNames and surnames,E-mail address,Telephone number,Information and pricing regarding the service, IP address and other identifiers of the telecommunications network termination or data communications system used by the user,Consent of the data subject (Client) – (Art.6(1)(a) GDPR).Marketing of the Administrator’s own servicesThose who agreed to receive information
3.Ordering the serviceData on the business entity and persons representing the entity: Name of the company,First and last name,Address-email,Contact address, Phone number,Tax ID number,Data necessary for issuing a VAT invoice,IP address and other designations identifying the termination of the telecommunications network or information and communication system used by the user,Information on the start, termination and changes with respect to the purchased services, Information confirming the purchase of services – confirmation of purchase,Processing is necessary to take action at the request of the data subject prior to entering into a contract (Art.6(1)(b) GDPR).Concluding a contract with the customerPotential Customers
4.Provision of the ordered serviceData on the business entity and persons representing the entity: Name of the company,First and last name,Address-email,Contact address, Phone number,Tax ID number,Data necessary for issuing a VAT invoice,IP address and other designations identifying the termination of the telecommunications network or information and communication system used by the user,Information about the beginning, termination and changes with respect to purchased services, Information confirming the purchase of services – confirmation of purchase, Information about the course of implementation of the contract.Processing is necessary for the performance of a contract to which the data subject is a party (Art.6(1)(b) GDPR)Implementation of the contract with the customerCustomers
5.Service complaintCompany name,Names,Email address,Contact address,Phone number,Tax ID number,Data necessary for issuing a VAT invoice,Information about the beginning, termination and changes with respect to purchased services, Information confirming the purchase of services – confirmation of purchase, Information about the progress of contract implementation.The processing is necessary for the performance of a contract to which the data subject is a party (Art.6(1)(b) GDPR) or the processing is necessary for the purposes of the legitimate interests pursued by the controller (Art.6(1)(f) GDPR),Processing of complaintsCustomers
6.Fulfillment of public law obligations (including tax obligations), the assertion of claims and defense against claims.Data on the business entity and persons representing the entity: Name of the company,Name and surname,Address-email,Contact address, Phone number,Tax ID number,Data necessary for issuing a VAT invoice,IP address and other designations identifying the termination of the telecommunications network or information and communication system used by the user,Information about the beginning, termination and changes with respect to the purchased services, Information confirming the purchase of services – confirmation of purchase, Information about the course of implementation of the contract.Content of contacts with the party of a possible dispute.The processing is necessary for the purposes of the legitimate interests pursued by the administrator (Art.6(1)(f) GDPR),Fulfillment of public law obligations (including tax obligations), the assertion of claims and defense against claims.Klienci oraz strony sporu w którym uczestniczy Administrator.
7.Ensuring the security of the Site and the services provided by the AdministratorAddress-email,IP address and other designations identifying the termination of the telecommunications network or information and communication system used by the user,Information about the beginning, termination and changes with respect to purchased services, Information confirming the purchase of services – confirmation of purchase, Information about the progress of contract execution.Content of contacts with the customer.The processing is necessary for the purposes of the legitimate interests pursued by the administrator (Art.6(1)(f) GDPR),To ensure the security of the Website and the services provided by the Administrator.Customers and users of the Service
8Marketing of the Administrator’s own services.Name, E-mail address, telephone number, IP address and other designations identifying the telecommunications network termination or information and communication system used by the user, Information about the beginning, termination and changes with respect to the services purchased, Source of redirection to the ServiceProcessing is necessary for the purposes of the legitimate interests pursued by the controller (Art.6(1)(f) GDPR), Consent of the data subject (Client) – (Art.6(1)(a) GDPR) – In cases requiring such consent (e.g., sending commercial information by means of electronic communication, in particular emailMarketing of the Administrator’s own servicesCustomers, potential customers and users of the Service
9NewsletterE-mail addressConsent of the data subject (Client) – (Art.6(1)(a) GDPR).Newsletter mailingPeople who subscribe to the newsletter
10Maintaining social media accounts and interactions between these accounts and the administrator’s serviceIP address and other identifiers of the telecommunications network termination or data communications system used by the user,Data provided by the person within his/her account on the social networking siteThe processing is necessary for the purposes of the legitimate interests pursued by the administrator (Art.6(1)(f) GDPR),Ensure proper interaction between the administrator’s website and its social media accountsUsers of the Administrator’s service and users of a particular social network

§ 3. Social networks

  1. The administrator maintains accounts on social networks such as, but not limited to. Facebook, LinkedIn, Instagram or Mailerlite. The provider of each of these services may process Users’ personal data, and the details of this processing for each of these providers and the data of these providers are described in the following documents: Google:
  2. The processing of data within these accounts is carried out by Qlos and the owner of the social network in question as joint administrators.
  3. Personal data of Users under accounts in the aforementioned. social networks are processed in order to manage the account, use its functionalities, such as, in particular, interactions with the User, and for the Administrator’s marketing purposes. The data may also be processed for the purpose of interaction between the Service and the social network account in question, e.g. to enable plug-ins and similar mechanisms to function (e.g. to enable interaction with the social network account through the Service).
  4. The basis for the activities described in point. 1-3 above is the legitimate interest of the administrators, while within the framework of the aforementioned. accounts provider of a given social network may simultaneously process your personal data for other purposes (e.g., to offer third-party advertisements) on other grounds. The detailed rules for the processing of the User’s personal data by the provider of a given social network are set forth in the terms and conditions of that social network and the documents indicated in the links in paragraph. 1 above.
  5. The scope of the personal data referred to in this paragraph 3 includes the name or, as the case may be, the name of the User on the relevant social network and other information that the User provides within his/her account.
  6. The personal data referred to in this paragraph 3 are processed for the duration of the interaction between the User’s account on a given social network and the Service or the Administrator’s account on a given social network (such interaction being, for example, liking, publishing a comment, sending a message, etc.).
  7. To the extent not covered by this paragraph 3, the provisions of the remaining paragraphs of this privacy policy will apply to the processing of your personal data.

§ 4. Cookies

  1. The service uses cookies and similar technology. Cookies are small text files sent by a web server and stored by your browser’s computer software. When the browser reconnects to the site, the site recognizes the type of device the user is connecting from. The parameters allow only the server that created them to read the information contained in them. Cookies thus facilitate the use of previously visited sites. The information collected relates to the type of browser used, language, type of operating system, Internet service provider, time and date information, location, and information sent to the site via a contact form. This information may also include personal information, such as an IP address.
  2. The data collected is used to monitor and see how users use the Website to improve its operation and security, providing a more efficient and seamless navigation.
  3. Cookies identify the user, allowing the content of the site they use to be tailored to their needs. By remembering his preferences, it enables him to tailor targeted ads accordingly.
  4. The following types of cookies are used on the Website:
    1. “necessary” cookies to enable the use of services available on the site, such as authentication cookies used for services that require authentication on the site;
    2. cookies used for security purposes, e.g. used to detect misuse of the site’s authentication;
    3. “performance” cookies, which enable the collection of information about the use of the website’s pages;
    4. “functional” cookies, which allow “remembering” the user’s selected settings and personalizing the user’s interface, e.g. with regard to the user’s chosen language or region of origin, font size, website design, etc;
    5. “advertising” cookies, allowing to provide users with advertising content more tailored to their interests.
    6. “Analytical” cookies allow to better understand how the user interacts with the content of the website, to better organize its layout. These cookies collect information about how users use the website, the type of site from which the Service Recipient was redirected, and the number of visits and the time of the site visit. This information is used to compile statistics on the use of the website.
  5. Cookies can be divided into two groups:
    1. “Session” files are temporary files that are stored on the end device until you log off (leave the website).
    2. “Permanent” are stored on the user’s terminal device for the time specified in the parameters of “cookies” or until they are deleted by the user.
  6. The user has the option to disable or restore the collection of cookies at any time by changing the settings in their web browser. Instructions for managing cookies are available at http://www.allaboutcookies.org/manage-cookies or http://wszystkoociasteczkach.pl/

Links to relevant information on how to delete cookies for your browser are also provided below. This information is also available in the “help” tab of your browser.

If you do not change your browser settings, you agree that the Administrator may store cookies and similar files and read information from such files.