Privacy Policy and Personal Data Protection on the Website

General Information

1. This Privacy Policy sets out the rules for the processing and protection of personal data provided by Users in connection with their use of the website available at www.virtline.com.
2. In order to ensure the security of personal data entrusted to us, we have implemented procedures designed to prevent breaches of personal data security. These procedures comply with applicable laws, in particular:
   ● Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: “GDPR”),
   ● the Act of 10 May 2018 on the Protection of Personal Data.
3. The website collects information about Users and their behavior in the following ways:
   ● through data voluntarily entered in the contact form,
   ● through website traffic monitoring codes (including, among others, cookies stored on Users’ end devices),
   ● the website may also store information about connection parameters (including timestamp, IP address, and device information).
4. We reserve the right to amend this Privacy Policy. Changes may result from the development of internet technologies, changes in personal data protection laws, or the development of the website. Amendments become effective upon publication of the updated version on the website.
5. The website may contain links to other websites which are not supervised by us. These websites may have their own privacy policies and terms of use, which we recommend reviewing.

---

Information Obligation under Article 13(1) and (2) of the GDPR

1. The controller of the personal data of Website Users is Virtline sp. z o.o. The Controller may be contacted at its registered office: ul. Wadowicka 8A, 30-415 Kraków, Poland, or via e-mail: security@virtline.com.
2. Users’ personal data will be processed for the following purposes:
   1. provision of website services – including processing data such as IP address, cookie data, web browser data, information on activity on the website, and session data (legal basis: Article 6(1)(a) and (f) of the GDPR),
   2. handling inquiries or responding to questions or requests sent via e-mail or the contact form (legal basis: Article 6(1)(f) of the GDPR),
   3. conducting quality analyses to improve website functionality and maintaining usage statistics, using cookies, IP addresses, browser data, website activity data, and session data (legal basis: Article 6(1)(f) of the GDPR),
   4. sending marketing information – solely on the basis of granted consent (legal basis: Article 6(1)(a) of the GDPR).
3. Providing personal data is voluntary but necessary to achieve the processing purposes indicated above. Failure to provide personal data will prevent the achievement of these purposes.
4. Recipients of personal data will only be entities authorized under applicable law. Personal data may be transferred to entities processing data on behalf of the Controller, such as IT service providers, marketing service providers, or website hosting providers. Such entities process data solely on the basis of agreements concluded with the Controller.
5. Personal data will be processed:
   1. for the duration of using the website – with respect to website services,
   2. for the duration of correspondence, and may be deleted at any time upon request,
   3. until consent is withdrawn – if processing is based on consent.
6. In connection with the processing of personal data, Users have the right to:
   1. access their personal data,
   2. obtain a copy of their personal data,
   3. rectification of personal data,
   4. erasure of personal data,
   5. restriction of processing,
   6. data portability,
   7. object to the processing of personal data,
   8. withdraw consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal – where processing is based on consent,
      in accordance with the GDPR. These rights may be exercised by contacting the Controller.
7. Users have the right to lodge a complaint with the President of the Personal Data Protection Office if they believe their personal data is being processed in violation of the GDPR.
8. Personal data will not be subject to automated decision-making, including profiling.

---

Cookie Information

The website uses cookies, which are IT data, in particular text files, stored on the User’s end device and intended for use of the website. Cookies typically contain the name of the website they originate from, the storage time on the end device, and a unique identifier.

Cookies are used for the following purposes:
a) creating statistics to understand how Users interact with the website, enabling improvements to structure and content,
b) determining User profiles to display personalized advertising content, in particular within the Google advertising network,
c) remembering font size and contrast settings.

1. The website uses two main types of cookies: “session cookies” and “persistent cookies.” Session cookies are temporary files stored on the User’s device until logging out, leaving the website, or closing the browser. Persistent cookies are stored on the User’s device for the time specified in their parameters or until deleted by the User.
2. Web browsers usually allow cookies to be stored by default. Users may change these settings at any time. Browsers allow cookies to be deleted or blocked automatically. Detailed information is available in the browser’s help or documentation. Limiting the use of cookies may affect certain website functionalities.
3. Cookies placed on the User’s end device may also be used by advertisers and partners cooperating with the website operator. Users are encouraged to review the Google Analytics Privacy Policy. Cookies may be used by advertising networks, particularly Google, to display ads tailored to how Users use the website. For this purpose, information about navigation paths or time spent on a given page may be stored. Users may view and edit preference information collected by Google using the following tool: https://www.google.com/ads/preferences/.

---

Information Regarding the Processing of Client Personal Data

Pursuant to Article 13(1) and (2) of the GDPR, we inform as follows:

I. Data Controller

The controller of your personal data is Virtline sp. z o.o., with its registered office at ul. Wadowicka 8A, 30-415 Kraków, Poland, e-mail: security@virtline.com.

III. Legal Basis and Purposes of Processing

Personal data of clients and their employees are processed for the purpose of:

1. concluding and performing contracts or undertaking pre-contractual actions, including preparing offers (legal basis: Article 6(1)(b) of the GDPR),
2. settlements, including enabling electronic payments for services (legal basis: Article 6(1)(b) and (f) of the GDPR),
3. maintaining necessary contact with client employees (legal basis: Article 6(1)(f) of the GDPR),
4. fulfilling tax, accounting, and other legal obligations, including issuing and storing invoices (legal basis: Article 6(1)(c) of the GDPR),
5. establishment, pursuit, or defense of claims (legal basis: Article 6(1)(f) of the GDPR).

IV. Requirement to Provide Data

Providing personal data is voluntary but necessary for concluding and performing contracts. Providing data required for issuing invoices is a statutory obligation under the Act on Tax on Goods and Services.

V. Recipients of Personal Data

1. Personal data may be disclosed only to entities authorized under applicable law, including tax authorities and other public authorities.
2. Data may be transferred to processors acting on behalf of the Controller, such as IT or accounting service providers, under relevant data processing agreements.

VI. Data Retention Period

Personal data will be processed for the duration of the contract, and thereafter:

1. for tax and accounting purposes – for 5 years from the end of the calendar year in which the tax payment deadline expired,
2. for claims-related purposes – for 3 years from the end of cooperation or contract performance, and in the case of ongoing proceedings, until their final conclusion and limitation of claims.

VII. Rights of Data Subjects

You have the right to:

1. access your personal data,
2. obtain a copy of your personal data,
3. rectify personal data,
4. erase personal data,
5. restrict processing,
6. object to processing,
   in accordance with the GDPR. These rights may be exercised by contacting the Controller.

VIII. Right to Lodge a Complaint

You have the right to lodge a complaint with the President of the Personal Data Protection Office if your personal data is processed in violation of the GDPR.