Tornimo

Privacy policy

Effective date: 24.01.2019
Last updated: 24.01.2019

This website is owned and operated by, or on behalf of Codewise. We are the data controller in respect of Personal Data of our users based in the European Union.

Codewise pays great attention to protecting Personal Data and complying with the law when it collects, processes and uses such data while performing its services. Therefore we provide you with this Privacy Policy because we want you to understand the types of information we collect as you use Tornimo.

All our Services with regard to using Tornimo are performed according to our Terms & Conditions. Please, take a moment to read them before you start using our Services. Moreover the integral part of this Privacy Policy is our Cookies Policy, where you can learn more about our use of cookies technology and other tracking technologies.

By accessing and using the Services, you acknowledge that you have read and understood the content of this Privacy Policy. We reserve the right to update this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of the Privacy Policy and, in some cases, we may provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Privacy Policy whenever you access the Services or otherwise interact with the Website to stay informed about our information practices and the ways you can help protect your privacy.

If you happen to be left with even more questions after reading our policy – or already have some – do not hesitate to contact our Data Protection Officer on the following email address: dpo@codewise.com.

 

I. Glossary

 

Here you will find a simple glossary which explains the most basic terms used in this Privacy Policy so it will be much easier for you to understand our role and purpose in the collection and the use of the collected Data (as defined below).

“Applicable laws” means all the laws and regulations relevant to the collection, processing and storage of data, especially all the data protection laws and the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

“Codewise” or “we” or “us” or „our” means Codewise spółka z ograniczoną odpowiedzialnością spółka komandytowa (limited liability, limited partnership) with a registered office at Lubicz 17G, 31-503 Kraków, Poland.

“Cookies” means small text files that are created when you use your browser to visit the Website and stored on your computer’s browser directory. Cookies allow the Website to remember your preferences as well as they allow to recognize websites visited and/or web browsers used from one visit to another.

“Data Protection Officer” means a Data Protection Officer as defined in article 37 – 39 of GDPR appointed by Codewise to watch the security of your Data (as defined below).

“Legal Grounds” means the legal basis for the collection, processing and storage of your Personal Information as indicated in the article 6 (1) of the GDPR.

“Personal Data” or “Data” any information that could be used to identify you as an individual.

“Data Processor” means Codewise in case that you provide us with Personal Data that you are in possession of as its controller (someone who determines the purposes and means of the processing of Personal Data) on the basis of a separate agreement called Data Processing Agreement.

“Website” means https://tornimo.io.

“Services” means services provided by Codewise via Website in accordance with the Terms and Conditions.

“You” means an individual that uses our Services via the Website or/and an individual who uses the Website but has no access to the areas of the Website and Services.

We try to only collect only as much of your personal data as we need to. We collect this information directly from you when you sign up for Tornimo or contact us for support. We can divide your personal data into the one that is provided by you to us on through the Website and the one that we collect automatically when you use our Website or Services. We do not obtain information from other sources and as a result we do not combine it with information we collect through our Services for purposes of advertising and user authentication.

 

II. Information you provide us with via the Website

 

We collect and process information you provide us with by using the Website or Services. Personal data submitted through the Website or Services includes the details you provide when:

  • using our registration forms and creating an account;
  • using our chat box or otherwise request support or communicate with us;
  • using our Services e.g. paying for subscriptions or participating in any interactive features of the Services.

In the newsletter form on the Website you can provide us with your basic data such as: your name and surname, email address, your role in the company, your company’s size and number of servers tracked.

You can also use our chat box to contact with us with regard to the Services we provide. In order to do this, you provide us with your email address as well. You can also send us your other personal data both concerning you or other persons.

By registering an account on the Website you can also provide us with additional information needed to use Services. Especially while using our Services you may also have to provide us with your postal address, company address, tax identification number as well as payment and invoice details. To the extent you provide credit card information through the Services, that information shall be collected and processed only by our third-party payment processors pursuant to their Privacy Policy and practices.

Please also note that such payment service provider you use may collect from you and process your Data on its own in order to perform such payment services with regard to its privacy policy. Once you leave the Website or are redirected to a third-party’s website or application, you are no longer governed by this Privacy Policy or our Terms and Conditions.

For these providers, we recommend that you read their privacy policies, so that you can understand the manner in which your Personal Information will be handled by them.

 

III. Data we collect automatically when you use the Website or Services

 

When you access or use the Website or Services we automatically collect information about you, including the one collected by Cookies and other tracking technologies.

We gather certain information about your use of the Website or Services, including the type of browser you use, access times, pages viewed, your IP address and the page you visited before navigating to the Website.

We use various technologies to collect information, including cookies and tracking pixels. For more information about cookies and other tracking technologies, and how to disable them, please see our Cookie Policy.

 

IV. Purposes, Legal Grounds for Data processing and retention of relevant Data

 

Below you can find out for which reasons we use your Personal Data (purposes of data processing) and what is the legal basis of it (Legal Grounds of data processing):

  • entering into a contract with you (in particular registering your account and verifying your identity) – article 6 (1) (b) of the GDPR;
  • performing the contract, in particular performing the Services, managing your account, providing you with customer support, processing transactions / issuing invoices, handling your requests, complaints and chargebacks – performance of a contract concluded with you – article 6 (1) (b) of the GDPR;
  • pursuing claims or defending against claims, responding to your inquiries, improving Services and the Website usage, detecting, preventing, and responding to actual or potential fraud, illegal activities, or intellectual property infringement, monitoring compliance with our Terms and Conditions, ensuring accountability (demonstration of compliance with our obligations under the law, in particular under the GDPR), storing data for archiving or statistical purposes – legitimate interest – article 6 (1) (f) of the GDPR which is the same as purposes indicated therein,
  • conducting necessary tax and accounting operations – legal obligations Codewise is subject toarticle 6 (1) (c) of the GDPR i.e. conducting relevant tax and accounting operations in the ordinary course of business,
  • performing marketing of our products and Services (our direct marketing, customer satisfaction survey, analysis), conducting aggregate analysis and develop business intelligence that enables us to operate, protect and make informed decisions about our business – legitimate interest – article 6 (1) (f) of the GDPR i.e. to promote our products and Services or improve and change our systems.

For the purposes of advertising, market research as well as the research of behaviour and preferences of users, with the purpose of improving the quality of services by results of such research, the legal basis on which we process your Data in these circumstances is your voluntary consent according to the act on providing services by electronic means.

Sometimes we may also ask you for your voluntary consent to the specific form of marketing, i.e. sending commercial information via e-mail (newsletter) or contacting with you by other means for our commercial purposes in accordance with applicable law (telecommunication law, act on providing services by electronic means). You can withdraw your consent at any time contacting our Data Protection Officer at the following a-mail address: dpo@codewise.com. Please not that withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Please see the description of your rights in connection with data processing as determined in point VI. Your rights.

 

V. Retention periods

 

Your Personal Data will be retained by Codewise for the duration of your account and may be retained for a period after this time according to our terms of agreement with you or as necessary and relevant to our legitimate interests (i.e. creating statistics and improving and changing our systems, pursuing claims or defending against claims, handling your complaints and chargebacks, sending marketing communications) or in accordance with applicable legal obligations in order to meet the tax and accounting law requirements.

This means that for example with respect to payment details: while we don’t process details like your card number, we will be required by law to retain information about the payment in our systems for accounting purposes, such as the bank account number associated with it.

However, with regard to the data processing for marketing purposes we are obliged to process your Data for that purposes only as long as you do not object it. When you send us your request in that matter, we will cease to process your data for marketing purposes. Also when you have consented to marketing communications via e-mail or other telecommunication means for our marketing purposes e.g. you agreed to receive our newsletter, you may withdraw your consent at any time by contacting us. Moreover you may unsubscribe from newsletter at any time by clicking the unsubscribe link in the sent email. In these circumstances, your personal data will be processed until your withdrawn of the consent.

Data is stored using generally accepted security standards and in compliance with Applicable laws. If you need more detailed Information about the retention of your Personal Data, please contact our Data Protection Officer.

 

VI. Your rights

 

The following rights may apply to you in connection with the processing of Personal Data with regard to using our Website and Services if relevant conditions of the GDPR are fulfilled:

  • the right to be informed (Article 13 of the GDPR) – by publishing this Privacy Policy and Cookies Policy we also keep you informed of what we do with your Personal Data and are fully transparent in this process,
  • the right to confirm whether personal data is processed and the right to obtain access to it (Article 15 of the GDPR) – you have the right to be informed by us if we process your data,
  • the right to obtain copies of processed Personal Data (Article 15 of the GDPR) – you have the right to request a copy of your Data that we hold about you by contacting us,
  • the right to obtain the rectification of inaccurate Personal Data and the right to have incomplete personal data completed (Article 16 of the GDPR) – contact us using the contact details of our Data Protection Officer provided below to let us know if any of your Personal Data is  inaccurate or not incomplete, so that we will be able to change it in the relevant manner.
  • the right to obtain the erasure of Personal Data “right to be forgotten” (Article 17 of the GDPR) – you have this right to erasure of your Data without undue delay in some circumstances mentioned in the GDPR such as: the Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, when you withdraw consent to consent-based processing, the processing is for direct marketing purposes or the Data has been unlawfully processed and if in all of the above examples any of the legal exclusions will not apply to your situation; therefore please remember that we are not obliged to erasure some of your Data if we still need it for example for compliance with a legal obligation or exercising or defending of legal claims.
  • the right to obtain restriction of processing of Personal Data (Article 18 of the GDPR) – you have the right to restrict the processing of your Data in some circumstances such as when you contest the accuracy of the Data, processing is unlawful but you oppose erasure, we no longer need the Data for the purposes of our processing, but you require Data for the establishment, exercise or defence of legal claims or you have objected to processing, pending the verification of that objection,
  • the right to Personal Data portability (Article 20 of the GDPR) – when the Data is held by us by consent or for the performance of a contract and the processing is carried out by automated means, Codewise provides you with the possibility of obtaining and reusing your Personal Data for your own purposes across services used by you in a safe and secure way without affecting the usability of your Data ,
  • the right to object to processing of personal data (Article 21 of the GDPR) – you have the right to object to the processing of your Personal Data in certain circumstances for example, your Personal Data is being processed on the basis of legitimate interests and there is no overriding legitimate interest for us to continue to process your Personal Data, or if your Data is being processed for direct marketing purposes,
  • the right to withdraw consent (Article 7 (3) of the GDPR) – if the processing of your data is based on your consent (please see the last indention in point IV. Purposes, Legal Grounds for Data processing and retention of relevant Data), you have the right to withdraw your consent at any time and Codewise has to stop processing your Data unless Codewise has other Legal Grounds for processing of your Data; the withdrawal of consent does not affect the compliance of the processing which was made on its basis before the withdrawal of consent.

You may exercise the abovementioned rights by contacting our Data Protection Officer at the following email address: dpo@codewise.com. Please include information that will enable us to verify your identity within your request. Without verifying your identify, especially if you do not provide us with additional information if needed, we will not be able to handle your request therefore it will not be processed.

You are also entitled to submit a complaint to the competent supervisory authority (currently in Poland it is the President of the Office for Personal Data Protection) at any time in the event of a breach of your rights regarding the processing of Personal Data.

 

VII. Disclosure of the Data

 

Codewise shares your Data only with qualified and authorized employees as well as trusted third parties, including:

  • providers acting on behalf of Codewise that support the operation of the Services such as cloud platforms providers, analytics providers, IT services providers, customer messaging platform providers,
  • parties directly authorised by you to receive Data, such as payment service providers; the use of the Data by an authorized third party is subject to this third party’s privacy policy once you leave our Website or are redirected to a third party’s website or application;
  • parties authorised by the applicable law such as: courts and other public and government authorities.

 

 

VIII. International transfer of Data

 

Your Personal Data may be transferred to a third country i.e. outside the European Economic Area, however, only in accordance with Applicable laws and with appropriate safeguards in place, to (i) entities covered by decision of the European Commission stating appropriate level of the personal data (Article 45 of the GDPR), including decision regarding the Privacy Shield (EU Commission Decision 2016/1250), (ii) using appropriate safeguards stated in the Article 46 of the GDPR such as standard contractual clauses adopted by the European Commission (EU Commission Decision on standard contractual clauses for the transfer of Personal Data to processors established in third countries under Directive 95/46/EC) or binding corporate rules in accordance with Article 47 of the GDPR.

An adequacy decision is a decision taken by the European Commission establishing that a third country provides a comparable level of protection of personal data to that in the European Union, through its domestic law or its international commitments. It is one of the tools provided for under the General Data Protection Regulation to transfer Personal Data from the EU to third countries. The EU-U.S. Privacy Shield framework is a “partial” adequacy decision, as, in the absence of  general data protection law in the U.S., only the companies committing to abiding by the binding Privacy Shield principles benefit from easier data transfers.

You may also learn more about:

In this context, we use only secure cloud servers, including AWS cloud – a secure, private cloud platform. AWS participates in the EU-U.S. Privacy Shield framework. Amazon Web Services is our processor. AWS Amazon cloud platform uses various security technologies and procedures to protect personal data and is compliant with third-party assurance frameworks such as ISO 27017 for cloud security, ISO 27018 for cloud privacy, PCI DSS Level 1, and SOC 1, SOC 2, and SOC 3. For more details please see AWS Amazon security and privacy policy at www.aws.amazon.com.

 

IX Applicable safeguards

 

Codewise uses various security technologies and organisational procedures that help protect your Personal Data from unauthorized access, use, disclosure, alteration or destruction.

  • Your Data is processed only by qualified and authorized personnel with regard to the  permitted business functions.
  • Codewise appointed the Data Protection Officer who in particular watches over the security of your Data, monitors our compliance with the GDPR, and is a point of contact for you in all matters regarding Data protection; here you have contact to our Data Protection Officer: dpo@codewise.com.
  • Codewise protects children’s privacy therefore the Website is not intended for, designed to be used by or targeted at children and we do not intentionally collect data from anyone under 13 (thirteen) years old as we are also in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act); in case your child under the age of 13 has submitted his or her Data to us without your permission as a parent or a guardian, do not hesitate to contact our Data Protection Officer using the following email address: dpo@codewise.com so we will be able to promptly remove your child’s Data from our system and instruct our processors to do the same.
  • Codewise follow applicable identification measures, therefore our security procedures mean that we may request proof of your identity before we disclose Personal Data to you or handle your request regarding Personal Data as covered by your rights stated in point VI. Your rights;
  • We use security measures such as encryption in the transmission of your Personal Data between your system and ours, and we use firewalls to help prevent unauthorized persons from gaining access to your Personal Data.
  • With regard to payments, supplied sensitive/credit Data is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to keep the Data confidential. After a transaction, your private Data (credit cards, social security numbers, financials, etc.) will not be stored on our servers.
  • We rely only on providers who ensure an appropriate level of security of your Data. We take care of your data therefore we verify our processors with accordance to safeguards stated in point VIII. International transfer of Data.
  • We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of your Data. Therefore we provide you also with the system functionalities which help us detect suspicious logging to your account and notify you about such incidents.

We want you to feel confident using our Website to conduct business. However, you should also take care of how you handle and disclose your Data and avoid sending Personal Data through insecure channels or networks. It is important for you to protect yourself against unauthorized access to your password and to your computer. Be sure to sign off when you finish using a shared computer and under no circumstances do not share your password with anyone, even with us – we will NEVER ask for it. If we notify you about suspicious logging or traffic on your account, please be sure to change your password immediately also to accounts in other systems for which you use the same password.

 

X. Codewise as a Data Processor

 

Codewise does not generally provide services regarding processing of Personal Data on your behalf. This means that we process metrics and other numerical or statistical information that you submit to us in the range of Services which is not treated as Personal Data.

If you want us to be also a Data Processor, we will process Personal Data submitted to us by you according to the terms determined in our Data Protection Agreement. In the range of that Data Protection Agreement we shall not process those Data except on your instructions, unless required to do so by Applicable laws.

If you intend also to provide us with Personal Data as defined in this Privacy Policy, please contact our Data Protection Officer on the following email address: dpo@codewise.com as concluding the Data Protection Agreement is necessary in this case.

Please note that if you use Services in such a way that your employees or workers have their own accounts in the organizational structure created by you on your master account, concluding the Data Processing Agreement is necessary as you provide us with Personal Data of these persons. Therefore you are obligated to agree on the terms of the Data Processing Agreement made available to you in the panel of your account or in any other way that shall let you become familiar with its provisions.

 

XI. Contact details

 

If there are any questions regarding this Privacy Policy, you may contact us using the information below:

Codewise Sp. z o.o. Sp. K.
Ul. Lubicz 17G, 31-503 Kraków, Poland

General contact form: https://codewise.com/contact/

Codewise’s Data Protection Officer contact: dpo@codewise.com