Updated at 2020-09-18.
The website administrator is Rafał Muszyński, Harmonizely.
- By creating a user account via the site, placing an order, subscribing to the newsletter, submitting a complaint, withdrawing from the contract or simply contacting us, you provide us with your personal data and we guarantee that your data will remain confidential, secure and will not be available to any third party without your permission.
- We entrust the processing of personal data only to verified and trusted entities providing services related to the processing of personal data.
- We use Google Analytics tool that collects information about your website visits, such as the subpages that you have viewed, the time you spent on the website, and the transitions between individual subpages. For this purpose, cookies files of Google LLC are used for the Google Analytics service. As part of the mechanism for managing cookie settings, you have the option of deciding whether we will be able to use marketing functions or not as part of the Google Analytics service.
- We use analysis tools, such as LiveSession, to better understand your behaviour on the website. This is related to the use of LiveSession cookies. As part of the cookie settings, you can decide whether you agree to use LiveSession for us in your case or not.
- We use the Intercom chat system. This is related to the use of Intercom cookies.
We use our own cookies for the proper functioning of the site.
If the above information is not enough for you, you will find further details below.
The administrator of your personal data within the meaning of the provisions on the protection of personal data is Rafał Muszyński, Harmonizely.
The purposes, legal bases and period of personal data processing are indicated separately for each purpose of data processing (see the description of the individual purposes of processing personal data below).
Third Party Stored Data
We may also collect additional information if you use our Zoom integration. The information we collect includes any or all of your Zoom account details and the information about your Zoom meetings.
GDPR grants you the following potential rights related to the processing of your personal data:
- the right to access personal data,
- the right to rectify personal data,
- the right to delete personal data,
- the right to limit the processing of personal data,
- the right to object to the processing of personal data,
- the right to transfer data,
- the right to lodge a complaint to the supervisory body,
- the right to withdraw consent to the processing of personal data, if you have given such consent.
The rules related to the implementation of the indicated powers are described in detail in art. 16 - 21 GDPR.
If you believe that in the processing of your personal data we have committed a violation of the provisions on the protection of personal data, you have the option of lodging a complaint with the supervisory body (the President of the Office for the Protection of Personal Data).
You can also always ask us to provide you with information about what data we own about you and for what purposes we process it. Just send a message to firstname.lastname@example.org.
We guarantee the confidentiality of all personal data provided to us. We ensure that all security measures and protection of personal data required by the provisions on the protection of personal data are taken. Personal data are collected with due diligence and properly protected against access by unauthorized persons.
We use the hCaptcha anti-bot service (hereinafter "hCaptcha") on our website. This service is provided by Intuition Machines, Inc., a Delaware US Corporation ("IMI"). hCaptcha is used to check whether the data entered on our website (such as on a login page or contact form) has been entered by a human or by an automated program. To do this, hCaptcha analyzes the behavior of the website or mobile app visitor based on various characteristics. This analysis starts automatically as soon as the website or mobile app visitor enters a part of the website or app with hCaptcha enabled. For the analysis, hCaptcha evaluates various information (e.g. IP address, how long the visitor has been on the website or app, or mouse movements made by the user). The data collected during the analysis will be forwarded to IMI. hCaptcha analysis in the "invisible mode" may take place completely in the background. Website or app visitors are not advised that such an analysis is taking place if the user is not shown a challenge. Data processing is based on Art. 6(1)(f) of the GDPR (DSGVO): the website or mobile app operator has a legitimate interest in protecting its site from abusive automated crawling and spam. IMI acts as a "data processor" acting on behalf of its customers as defined under the GDPR, and a "service provider" for the purposes of the California Consumer Privacy Act (CCPA).
List of Assignments
We entrust the processing of personal data to the following entities:
1. Heroku, Salesforce The Landmark @ 1 Market St. Suite 300 San Francisco, CA 94105 – In order to store personal data on the server,
2. MailChimp, The Rocket Science Group, LLC 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA – in order to use the mailing system in which your data is processed, if you register at harmonizely.com
All entities entrusted with the processing of personal data guarantee the use of appropriate security measures and the security of personal data required by law.
Objectives and Processing Activities
By creating a user account, you must enter your email address, full name and define your account password. Providing data is voluntary, but necessary to create an account.
The data entered by you as part of the user account is processed only to maintain the account and provide you with the possibility of using it. Providing data in the user's account is to facilitate the submission of orders in the store by automatically substituting data for the order form.
The legal basis for the processing of your personal data as part of the user account is the implementation of the account agreement, which you include based on the regulations of the store - art. 6 par. 1 lit. b GDPR.
The data collected in the user's account is processed and stored on a server provided by Heroku.
Your data will be processed as part of your account for as long as you have a user account. After removing the account, your data will be removed from the database, except for the data about submitted orders.
You can access your personal data processed within your account at any time by logging in to your user account. After logging in to your account, you can modify your data at any time, as well as delete it. You can also decide to delete your account at any time by sending a message to the email address email@example.com.
In relation to the data collected in the user's account, you also have the right to transfer the data referred to in art. 20 GDPR.
If you want to subscribe to the newsletter, you must provide us with your e-mail address via the registration form on the website.
The data provided to us when subscribing to the newsletter is used to send you a newsletter, and the legal basis for their processing is your consent (art. 6 (1) letter and GDPR) when you subscribe to the newsletter.
Data is processed as part of the MailChimp mailing system and collected on a server provided by The Rocket Science Group, LLC and stored on a server provided by The Rocket Science Group, LLC.
The data will be processed for the duration of the newsletter operation, unless you cancel your receipt earlier, which will delete your data from the database.
At any time, you can correct your data stored in the newsletter database, as well as request their removal, giving up receiving the newsletter. You also have the right to transfer the data referred to in art. 20 GDPR.
By contacting us via e-mail, including by sending an inquiry via the Intercom chat, you naturally provide us with your e-mail address as the sender's address. In addition, you can also include other personal information in the body of the message.
Your data is processed in this case in order to contact you and the basis for processing is art. 6 par. 1 lit. a GDPR, or your consent resulting from initiating contact with us. The legal basis for processing after the end of the contact is a justified purpose in the form of archiving correspondence for internal needs (art. 6 (1) (c) of the GDPR).
The content of the correspondence can be archived and we can not clearly determine when it will be deleted. You have the right to request a communication history that you carried out with us (if it was subject to archiving), as well as request its removal unless its archiving is justified due to our overriding interests, e.g. protection against potential claims on your part.
Cookie files and other tracking technologies
Cookies are small text information stored on your terminal device (eg computer, tablet, smartphone) that can be read by our system.
You can find more details below.
Consent to cookies
Third party cookies
Analysis and statistics
We use the Intercom system to communicate with clients in real time. This is related to the use of Intercom cookies.
We use LiveSession cookies to track user behavior on the website so we can know where user exactly clicked and we can watch video of the user session on our website.
When embedding the Harmonizely scheduling page using embed code, the Google Analytics tag is included.
Using the website involves sending queries to the server on which the page is stored. Each query addressed to the server is saved in the server logs.
Logs include Your IP address, server date and time, information about the web browser and operating system you are using. Logs are saved and stored on the server.
The data stored in the server logs are not associated with specific people using the site and are not used by us to identify you.
The server logs are the only auxiliary material used to administer the site, and their content is not disclosed to anyone except those authorized to administer the server.