PRIVACY POLICY AND COOKIES FILES

Version 3 from May 20th, 2021.

1. General rules of our Privacy Policy accepted by us

  1. TimeTo Sp. z o.o. attaches great importance to the privacy and security of personal data of users of the website operated at https://timetoloan.com/gb and other ADO services (hereinafter referred to as: the website). In this regard, we follow the principles arising from the following laws and regulations issued on their basis:
    1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as: GDPR);
    2. Act of 10 May 2018 on the protection of personal data (Journal of Laws of 2018, item 1000, hereinafter referred to as: UODO);
    3. Act of 18 July 2002 on the provision of electronic services (Journal of Laws of 2017, item 1219, consolidated text, hereinafter referred to as: PES);
    4. Act of 16 July 2004 - Telecommunications Law (Journal of Laws No. 171, item 1800, as amended, hereinafter referred to as: the Telecommunications Act).
  2. The administrator of personal data of persons using the Service is TimeTo Sp. z o.o. based in Gliwice at Dunikowskiego 10, 44-100, registered in the Entrepreneur Register of the National Judicial Register kept by the Gliwice District Court, 10th Commercial Division of the National Judicial Register under number 0000673031, NIP 6312669532.
  3. Privacy policy defines, among others:
    1. The scope and method of processing personal data of users of the Service (also referred to as: Client),
    2. possibilities of accessing this data,
    3. way of using this data,
    4. the policy of using cookies files on the Website.

2. Ways of collecting user data

  1. We care about the best possible match of our services to the user's situation and making it easier for the user to contact us. To achieve this, we collect various data about the user. However, we only collect and process the data that the user provides to us (with the exception - in certain situations - of data collected automatically using cookies and login data, as discussed below).
  2. According to the accepted practice of most websites, we store HTTP requests directed to our servers. Viewed resources are identified by URL addresses. The exact list of information stored in web server log files is as follows:
    1. public IP address of the computer from which the request came (this may be directly the user's computer);
    2. client station name - identification carried out by the http protocol if possible;
    3. time of arrival of the query;
    4. The first line of the HTTP request;
    5. response code http;
    6. the number of bytes sent by the server;
    7. URL address of the previously visited website by the user (referer link) - in case the transition to the ADO website was made through a link (affiliation);
    8. information about the user's browser;
    9. Information about errors that occurred during the HTTP transaction.
  3. The basis for processing the User's personal data is their consent to the processing of their personal data. The consent can only be given voluntarily by the User, by filling out the appropriate contact form on the Administrator's websites or in another way, such as by selecting the option to send a summary to an email or subscribing to a newsletter. The data provided in the form is processed for the purposes specified in the consent, i.e.
    1. Consent to the processing of personal data for marketing purposes by the Administrator, including Customer profiling;
    2. Consent to receive commercial information and offers from the Administrator;
    3. Consent to share the Customer's email address with the Administrator's business partners, in order to receive commercial information from them about new offers, promotions, services;
    4. Consent to receive a newsletter;
    5. Consent to process the Customer's phone number for direct marketing purposes.
  4. The consent given by the user for the processing of their personal data is completely voluntary, conscious, explicit, and confirmed by the User. The Administrator uses an opt-in policy to obtain consents, which means that only checking the checkbox constitutes the User's expression of consent to the indicated content.
  5. Personal data is also processed on the basis of Article 6(1)(f) of the GDPR for contact purposes unrelated to the provision of services by the Administrator on its own behalf or on behalf of business partners, for the purpose of responding to inquiries, as well as for archival and statistical purposes, which constitutes a legitimate interest of the Administrator.
  6. In connection with the processing of personal data, the User has the right to:
    1. requests for access to your personal data from the Administrator,
    2. requests for correction of your personal data by the Administrator,
    3. requests for the Administrator to delete your personal data,
    4. requests for the Administrator to limit the processing of your personal data,
    5. The right to withdraw consent to the processing of personal data at any time, which does not affect the processing of personal data between giving consent and withdrawing it,
    6. transfer of your personal data,
    7. Submitting a complaint to the supervisory authority - President of the Office for Personal Data Protection, Stawki 2, 00-193 Warsaw.
    8. In case of processing personal data based on Article 6(1)(f) of the GDPR, you have the right to object to the processing of personal data.
  7. To exercise the above rights, you should send an email to brakzgody@timetoloan.com, containing the following information: email address or phone number and the content of the request, e.g. data deletion or modification - in this case, you should provide a new email address to which the newsletter service is to be provided.

3. Profiling

  1. In the process of providing services, we make decisions in an automated manner based on data we have about you, including information provided by you in the form and stored in server log files. Based on this information, we assign you a personal profile relevant to the possibility of offering you services provided by our partners. These decisions are made automatically based on the scoring model we have developed. Automatically made decisions affect the selection of products offered to you.
  2. Profiling means processing personal data by using your personal data to assess some of your characteristics, in particular to analyze your economic situation, preferences, interests, and location. We profile you for the purposes related to our activities, i.e. offering you insurance if you are a driver, selecting a leasing offer according to your preferences.
  3. Automated decision making for the purpose of direct marketing of the Administrator's services, as well as services and products of the Administrator's business partners, is necessary for the proper conduct of the Administrator's business. Automated decision making for the above-mentioned marketing purposes is based solely on your consent.
  4. If you do not agree with our assessment made in the above manner, you can report it in the form referred to in point 2.6 above.

4. The scope of data collected about the user through the Service and the way it is used.

  1. The scope of data processing depends on the scope of consent given by the User, however, it is stated that in order to fully perform the service, the User should give all consents.
  2. If the user agrees to the processing of personal data, he/she should provide data enabling his/her identification and contact with him/her, i.e. at least first name, last name, e-mail address and telephone number. At the stage of filling in the contact form, the Administrator does not require any other personal data.
  3. In the case of some products and services, it may be necessary to provide a more detailed range of personal data. In such a case, the processing purposes will be indicated during a telephone conversation between the User and the Administrator's consultant, or simultaneously with the appropriate form used to register the relevant personal data by the User.
  4. The administrator hereby informs the User that the following tracking technologies are used to monitor the actions taken by the User on the Website:
    1. Pixel conversion for Facebook, Twitter, Google, LinkedIn, Pinterest, go.pl - for managing ads on the aforementioned Administrator's websites and conducting marketing, remarketing, and retargeting activities.
  5. The administrator collects data provided by the User in order to present the User with an offer of financial products (in particular loans and credits, products aimed at debt restructuring, insurance and investment products). Therefore, the client's personal data may be used in particular for the following purposes:
    1. Verification of the User's identity, including by means of a telephone conversation;
    2. presentation of an offer of a specific product or service of ADO business partner;
    3. establishing contact with the User directly by ADO business partner;
    4. implementation of the rights of individuals whose data is concerned;
    5. marketing activities, including the use of electronic communication means, including analysis of user behavior and needs, market analysis;
    6. sending a newsletter or sending an SMS message, or sending a summary, after obtaining appropriate consent;
    7. creating user databases;
    8. Improvement of our offer and content of the Service;
    9. for other purposes specified in this privacy policy.
  6. The administrator may, on the terms specified in Article 28 of the GDPR, entrust the processing of personal data to third parties without the separate consent of the user.
  7. The user acknowledges that their personal data may also be transferred to authorized state authorities in connection with proceedings conducted by them, at their request and after meeting the criteria confirming the necessity of obtaining this data from the Administrator.

5. Rules governing the use of cookie files

  1. The use of the Service by the user may involve the storage and saving of so-called cookie files on the user's computer (or other device enabling access to the Service, e.g. a smartphone). Cookie files are text-numeric files that allow the use of various functions of websites, e.g. they gather information about the way a given website is used, enable the saving of the user's session state, or allow for the adjustment and optimization of displayed content to their preferences.
  2. There are two main types of cookies used on the Website: "session cookies" and "persistent cookies". "Session cookies" are temporary files that are stored on the user's end device until logging out, leaving the website or turning off the software (web browser). "Persistent" cookies are stored on the user's end device for the time specified in the cookie parameters or until they are deleted by the user.
  3. Cookies are sent and may be stored on the user's computer in a way that allows access to them for the following purposes:
    1. Matching the content posted on the Service to the individual preferences and needs of the user (profiling, see above);
    2. Statistical data regarding activity on the Website (e.g. information about users' geographic location, frequency of using our services, reports on interests and demographic data) are collected to better understand how users use the Website and to improve its content, e.g. Google Analytics, Brand24.pl;
    3. Behavioral, contextual and remarketing advertising, such as Google AdWords, Google AdSense, ads using affiliate marketing technology;
    4. Saving or using cookies does not cause any configuration changes to the user's computer or software installed on that computer.
    5. The user has the ability to determine the conditions for storing or accessing cookies files using the settings of the software installed on the telecommunications end device used by him.
    6. Most web browsers allow cookies to be saved on the user's device by default. The user can block the option of saving cookies or give consent to their storage on their computer at any time by changing the settings in their web browser, advertising settings, mobile application advertising settings, and any other available methods.
    7. The cookie management instructions are available on the http://wszystkoociasteczkach.pl/ website in Polish and on the http://www.allaboutcookies.org/manage-cookies/ website in English. However, disabling the storage of cookies may make it difficult to use the Service, especially by limiting or disabling some of the Service's functions. Therefore, it is recommended to consent to the use of cookies by the browser.
    8. We hereby inform that if the user's browser accepts cookies, the user agrees to the use of these cookies in accordance with the provisions of Polish law, in particular Article 173 of the Telecommunications Law. In particular, the content of cookies may be transferred to advertisers and partners cooperating with ADO in the scope of services offered on the Service's websites or advertised through it.
    9. The user can delete installed cookies at any time using the appropriate option in the browser they are using. If browsing the website in incognito mode, all cookies installed during the visit to the website are automatically deleted when the browser is closed. Details should be sought from the browser software provider or in the "help" section of the browser menu.
    10. Cookies are also placed on the User's phone and may be used by advertisers and partners cooperating with the operator of the Service.

6. Personal data protection measures

  1. User information is processed by the Administrator with the use of appropriate technical and organizational measures in compliance with the requirements of Polish law, particularly as indicated in the introduction of this Policy. These measures are primarily aimed at protecting users' personal data from unauthorized access. Specifically, authorized individuals (employees and contractors of TimeTo Sp. z o.o.) who are obliged to keep this data confidential are granted access to users' personal data.
  2. The administrator stores personal data until the consent for personal data processing is withdrawn or for the time necessary to achieve the purpose for which the consent was obtained, in particular for the duration of the service or agreement and for the time during which it is possible to pursue claims related to the Company's activities, but not longer than for a period of 3 years from the day of obtaining your personal data.
  3. Additionally, data may be stored for the purposes of preventing abuse and fraud, for statistical and archival purposes for a period of 10 years from the end of the contract or event that necessitates such processing.
  4. At the same time, in order to ensure accountability, the Administrator will keep the data for the period during which the Administrator is obliged to keep the data or documents containing them to document compliance with legal requirements, including enabling their control by public authorities.
  5. Your personal data will not be transferred outside the European Economic Area.
  6. Personal data may also be disclosed to entities providing IT, legal, auditing, accounting, postal and courier services to the extent necessary to ensure proper provision of services, as well as to state authorities in connection with proceedings conducted by them under applicable law, and to entities to which we are obliged to provide them on the basis of applicable legal regulations.

7. Policy Changes

  1. Extension or modification of the scope or content of the services we provide, as well as changes in legal regulations, may require changes to the Privacy Policy. In such a situation, we will inform the user about the changes in the "Privacy Policy" tab. With the change of the Privacy Policy version, the date indicating the day of its implementation and the signature indicating the given version of the Policy will appear. No change will negatively affect the fundamental right of the User to exercise control over the data processed by us.

8. Contact with the administrator of the Service

  1. We make every effort to enable users to provide any comments, suggestions, tips, and reservations regarding our adopted data processing policy. The contact person responsible for contacting you is a customer service department employee. Please send any issues related to the content of this Policy to the email address: kontakt@timetoloan.com.
  2. In fulfilling the requirements of Article 13(1)(b) of the GDPR, the Administrator indicates that they have appointed a Data Protection Officer, whom interested Users may contact in writing at the Administrator's address or by email at iod@timetoloan.com.