Effective Date: 26.02.2021
PLEASE READ THE FOLLOWING CAREFULLY
YOUR USE OF THIS SERVICE CONSTITUTES ACCEPTANCE BY YOU OF THIS PRIVACY STATEMENT.
L2 MARCIN KREJZA (collectively, “LOYALTYZEN ”, “we”, “our” and “us”.) has created this privacy statement (“Statement”) in order to demonstrate its firm commitment to the privacy of the details that you provide to us when using any of our business services, Application via www.loyaltyzen.com or www.lzen.co, (collectively “the website or site”) , as the data controller for the purposes of the Polish Data Privacy Regulation, the GDPR (General Data Protection Regulations EU 2016/679) as applicable to EU Users and the California Online Privacy Protection Act (CALOPPA) 2003, as applicable to United States users.
At LOYALTYZEN, we are committed to maintaining the trust and confidence of all visitors to our website. In particular, we want you to know that the website is not in the business of selling, renting or trading email lists with other companies and businesses for marketing purposes.
We believe your business is no one else’s. Your Privacy is important to you and to us. So, we’ll protect the information you share with us. To protect your privacy, LOYALTYZEN follows different principles in accordance with worldwide practices for customer privacy and data protection.
– We won’t sell or give away your name, mail address, phone number, email address or any other information to anyone.
– We ‘ll use state – of – the – art security measures to protect your information from unauthorized users.
We take your privacy seriously and take measures to provide all visitors and users of the website with a safe and secure environment.
The Personal Information on the site, is collected, controlled and processed by the following entities:
L2 MARCIN KREJZA (“The Data Controller”)
Wąska street 15/1, 115-133 Białystok,
Tel No: +48 606 396 175
This Policy explains our processing of your personal data and your rights according to the Australian Privacy Act, 1988, the EU GDPR, 2016 and the CALOPPA, 2003. LOYALTYZEN reserves the right to modify this Statement at any time without notice by posting the changes on this webpage.
“Personal Data” means any information which relates to a living, identifiable person. It can include names, addresses, telephone numbers, email addresses etc but it is wider than that and includes any other information relating to that person or a combination of information which, if put together, means that the person can be identified.
“Special Category data” means personal date about a person’s race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life or sexual orientation.
“Processing” covers all activities relating to the use of personal data by an organization, from its collection through to its storage and disposal and everything in between.
“Data subject” means the person whose personal data is being processed.
“Consent” any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
“Controller” the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
“Data handling” any set of operations or operations performed in an automated or not automated manner on personal data or files, thus collection, capture, systematization, distribution, storage, transformation or alteration, query, introspection, use, communication, forwarding, distribution or by any other means of making data available, coordination or interconnection, restriction, deletion or destruction;
“Data controller” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
“Addressee” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not;
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
“Profiling” any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements and;
“Privacy data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
RULES OF DATA HANDLING
The Data Controller recognizes the contents of this Data Management Guide as binding on itself, and states, that all data management related to his/her own activity is consistent and complies with the legal provisions as stated in the normative GDPR laws and with the applicable domestic sectoral laws, so especially as provided in the applicable Polish Data Privacy Regulation.
The Data Privacy laws obligates everyone responsible for using personal data has to follow strict rules called ‘data protection principles. They must make sure the information is:
- used fairly, lawfully and transparently
- used for specified, explicit purposes
- used in a way that is adequate, relevant and limited to only what is necessary
- accurate and, where necessary, kept up to date
- kept for no longer than is necessary
- handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
There is stronger legal protection for more sensitive information, such as:
- ethnic background
- political opinions
- religious beliefs
- trade union membership
- biometrics (where used for identification)
- sex life or orientation
There are separate safeguards for personal data relating to criminal convictions and offences.
The Data Controller defines his / her data management in such a way that it is with the principles set out in the GDPR & CALOPPA – legality, fairness and transparency, purpose limitation, data saving and accuracy, limited storage, integrity and confidentiality, as well as accountability – complies fully.
Accordingly, the Data Controller handles the collected, stored (managed) personal data solely for the clear and legitimate purposes defined and described below in subsequent paragraphs and only for the time stated. Thus, the subjects can read in detail about each of the data management activities in the mentioned points.
The legal basis for data management of the Data Controller is typically the consent of the data subject, the fulfillment of the contract concluded with the data subject, its preparation and the fulfillment of the legal obligation.
The legal basis for data management will be the fulfillment of the contract if the data subject orders the service from LOYALTYZEN, for example through the Website, i.e. a contractual relationship between the concerned (user) and the LOYALTYZEN.
We’re talking about statutory data management when a law obliges Data Controller to include some data as well as the duration of data storage.
Data Controller ensures data security and proper management. The Data Controller ensures that the data is stored in a form that allows identification of data subjects only for the time necessary to achieve the purposes for which personal data are processed. He/she also takes the technical and organizational steps to ensure that the data processed is adequately protected. Within this framework, he/she will take reasonable measures to prevent unauthorized access, alteration of use, transmission, disclosure, deletion or destruction, as well as unavailability of accidental destruction and damage resulting from changes in the technique used.
Therefore the Data Controller’s staff shall ensure that unauthorized persons do not access personal data and that the storage and placement of personal data is designed in such a way that it is not accessible, accessible, alterable, destroyed, or destroyed by an unauthorized person.
The Company undertakes that the personal data of the data subjects will only be forwarded to the addressee (third party or data processor) who also handles the personal data provided or transmitted to them in accordance with these principles. The Company does not sell the data of the affected persons.
The users of the Website are also responsible for the security of their data. For protecting Your username and password, please be careful about the security of these data and not give it to third parties.
INFORMATION WE COLLECT
You provide your mobile number and basic account data (which may include profile name, and about information) to create a LOYALTYZEN account.
While providing our services we may collect the “Personal Information” which is defined as any information that identifies or can be used to identify, contact, or locate the person to whom such information pertains. Namely, we may collect:
Identity information: name, ID number, documents proving your identity and any other information they may contain;
Residential information: residence address, and any other information they may contain;
Contact information: email address, mailing address, phone number;
Security information: alias, passwords;
You can correct or remove this information by accessing your account settings.
HOW WE USE INFORMATION
We, our authorized partners and our representatives store and use Your Personal Information only for providing and improving the website. In particular, we use Users’ Personal Information for the following purposes:
To improve our services to you and to provide you with the Services requested: We run the following processes to fulfil our obligations with you:
- Enabling you to access the Site and create an account
- Providing support to you when you use LOYALTYZEN
- Use the loyalty program features, i.e. order the rewards, take part in the promotions
To comply with our legal obligations: In many jurisdictions we are obliged to collect certain information about our Users to be authorized to act;
a. It is necessary for the performance of a contract to which you are a party, or to take steps prior to entering into a contract with you, for us to provide you with our services. Where we require information from you for these purposes, we have set out above which information it is necessary for us to process, without which we will be unable to provide you with our services.
b. Where we need to comply with a legal obligation; or in rare circumstances:
c. Where we need to protect your interests (or someone else’s interests); and/or
d. Where it is needed in the public interest or for official purposes
To improve customer service: information provided by Users helps us respond to customer service requests and support needs more efficiently;
To support our legitimate interests in developing the Site and the Services: These processes include:
- To aid the technical administration of the Site;
- To better understand how the Site is functioning for Users to inform our product development;
- To draw conclusions upon demographic information and;
- Preventing fraud, spam and abusive or inappropriate behavior and;
- Marketing activities to promote our services to registered users. These communications may be personalized to you and your interactions with the Site and can be delivered by email, social media advertising and other digital marketing channels
- Notifying you about upcoming promotions, Referral Discount Codes, services or customer surveys
- Undertaking impact reporting to understand the efficacy of our Services
- Undertaking research to better understand our customers interests
- Analysing your interactions to improve the efficiency of our marketing activity
To personalize User experience: We may use information in a general manner to understand how Our Users as a group use the services and resources provided on our website;
To send periodic emails: We may use the email address to send information and updates pertaining to your use of the transaction request;
To resolve disputes and enforce our agreements to the extent necessary and sufficient for protecting your interests or interests of other Users.
Information you share in public areas of LOYALTYZEN may be accessed, used, and collected by others around the world. We try to provide a secure environment by endeavouring to limit access to our database to legitimate users, but we cannot ensure that unauthorized parties will not obtain access. We also cannot control how approved users store or transfer the information you give to us, so you should not post sensitive information to LOYALTYZEN.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for tax and accounting purposes. This includes your name, personal data and email addresses.
We will also store comments or reviews if you choose to leave them.
HOW LONG WE RETAIN YOUR DATA
We will delete all data when the User running the loyalty program is no longer our customer and stops using the service.
For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time. (Website administrators can also see and edit that information.
We will retain your information for as long as your account is active, your information is needed to provide you services, or as required to fulfill our legal obligations.
By contacting us at firstname.lastname@example.org at any time to obtain the confirmation whether or not the personal data concerning you is being processed.
We may retain records where necessary to fulfil our regulatory or statutory duties.
WHAT ARE YOUR RIGHTS TO YOUR DATA?
All Your Personal Information we collect will always belong to you. However, we are a collector and a processor of Your Personal Information. That implies our obligations to respect your rights to Personal Information and facilitate the exercise of your rights thereto. In order to use any of your rights at any time please contact us and we will facilitate the exercise of your rights free of charge. We will inform you on the actions taken by us under your request as soon as practically possible, but in any case, not later than in 30 (thirty) calendar days.
In accordance with effective regulations you have a significant number of rights related to your Personal Information, such as e.g.:
Right to access. You may obtain from us the confirmation as to whether or not personal data concerning you is being processed and get access to such personal data. You are entitled to view, amend, or delete the personal information that we hold. Email your request to our data protection office at email@example.com and we will work with you to remove any of your personal data we may have.
Right to rectify your inaccurate Personal Information and to have incomplete personal data completed, including by means of providing a supplementary statement
Right to erase your Personal Information. Please note that a request to erase your Personal Information will also terminate your account on the Site. We will automatically and without undue delay erase your Personal Information when it is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
Right to restrict processing of your Personal Information;
Right to data portability. You may obtain from us the personal data concerning you and which you have provided to us and transmit it to another Personal Information Controller;
Right to object to processing of Your Personal Information,
Right to withdraw your consent to the usage of your Personal Information at any time
When someone visits the website, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We also make use of Google Ads Cookies and Facebook pixel. We do this to track things such as the number of visitors to the various parts of the site and interactions with the site. This information is processed in a way which does not identify anyone. We do not make and do not allow Google to make any attempt to find out the identities of visitors to our website.
For Facebook and Google Profile logins, Users shall have the option to register their profiling information with either their Facebook or Google Accounts. We advise our users to read and understand Facebook and Google Privacy Policies as well.
To transfer data between our websites, our applications and backends, communication is encrypted using the SSL (Secure Socket Layer) encryption. We protect the systems and processing by a series of technical and organizational measures. These include data encryption, pseudonymization and anonymization, logical and physical access restriction and control, firewalls and recovery systems, and integrity testing. Our employees are regularly trained in the sensitive handling of personal data and are obliged to observe data secrecy in accordance with legal requirements.
We do not knowingly gather or otherwise process personal data of minors under the age of 16. If we notice that one of our users/visitors is a minor we’ll immediately take steps to remove their information. If you believe we have processed or still hold information on minors, please send us an email at firstname.lastname@example.org and we’ll remove it A.S.A.P.
CHANGES IN THE PRIVACY STATEMENT
The effective date at the bottom of this page indicates when this Privacy Statement was last revised. We will notify you before any material change takes effect so that you have time to review the changes. Any change is effective when we post the revised Privacy Statement. Your use of the Services following these changes means that you accept the revised Privacy Statement.