Binderless Service Privacy Policy

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR), we have provided below information regarding the processing and protection of your personal data: (a) in connection with our provision of services: (i) directly to you if you operate as a sole proprietorship, or (ii) to the entity you represent, act on behalf of, or through which you have been authorized to contact us in connection with our business relationship, (b) or in connection with your visits to and use of our website available at www.binderless.com (hereinafter: Service). Please carefully read this Privacy Policy (hereinafter: Privacy Policy) before using our services.

1. Who is the controller of your personal data?

The controller of your personal data processed in connection with the provision of services through the Service is Investment Port spółka z ograniczoną odpowiedzialnością with its registered office in Lublin at Gospodarcza 26, 20-213 Lublin, KRS: 0000909665 (hereinafter: Controller).

You can contact us by writing to the email address: support@binderless.com or by mail to: Investment Port Sp. z o.o., Gospodarcza 26, 20-213 Lublin.

2. How do we collect your personal data?

We collect your personal data when you use the Service, contact us through the contact form at www.binderless.com, by phone or email to learn about our offer, or when you use our services. We may also obtain data about your business activities or the entity you represent from public registers such as the Central Registration and Information on Business (CEiDG) or the National Court Register (KRS).

3. What personal data do we process?

3.1. Data that you provide to us directly:

• Creating an account in the Service: Email, first name, last name. Providing this data is necessary to use the services offered within the Service.
• Conclusion of service agreement
  • For individual entrepreneurs: first and last name, business name, business address, Tax ID (NIP) or other business identification number.
  • For company representatives: first and last name, position, name of represented entity. Providing this data is necessary to use the services offered within the Service.
• Phone communication and correspondence: First and last name, business or employment address, employer name, contact phone number, business email address. We also collect all information that you choose to provide us during conversations or correspondence with our employees or representatives. Providing this data is necessary to use the services offered within the Service.

3.2. Data obtained from third parties or public registers:

• Conclusion of service agreement
  • For individual entrepreneurs: address and contact details related to business activities obtained from information providers (e.g., business intelligence agencies) and publicly available registers (e.g., Central Registration and Information on Business (CEiDG)).
  • For company representatives: first and last name, position, name of represented entity, which may be provided to us by the company’s management or person concluding the agreement on behalf of the company, indicating you as the authorized contact person in connection with the agreement implementation.
• Agreement execution
  • Personal data (bank account number, payment card number) obtained from payment and service providers when you use credit or payment cards or conduct transactions through electronic banking systems; data obtained from our business partners if we have your consent or if permitted by law.
• Phone communication and correspondence
  • For company representatives: first and last name, position, name of represented entity, business phone number, business email address, which may be provided to us by the company’s management or person concluding the agreement on behalf of the company, indicating you as the authorized contact person in connection with the agreement implementation.

3.3. Automatically collected data:

• Device data – information about the device through which you access the Service (such as desktop computer, mobile phone, tablet), including operating system version and unique identifiers. Device-related information is linked to the user account you log into.
• Login data – technical information such as the Internet Protocol address (IP address) of the device through which you log into your Service account, information about time zone and operating system, login information (registration date, last password change date, last successful login date) and browser type and version.
• Service activity data – date of each visit, duration of visit, and the sequence in which you visited individual sections of our Service.

4. What is the purpose, legal basis, and retention period for your personal data?

• Using the Service account
  • Article 6(1)(b) GDPR – processing is necessary for the performance of a contract to which the data subject is party in connection with the Controller’s provision of services related to account maintenance and operation – with respect to persons conducting business activity;
  • Article 6(1)(f) GDPR – legitimate interest of the Controller consisting in ensuring proper performance of the contract – with respect to persons representing the entity that is party to the contract and persons designated to perform the contract. The data will be processed for the duration of the contract.
• Using the Service
  • Article 6(1)(b) GDPR – processing is necessary for the performance of a contract to which the data subject is party in connection with the Controller’s provision of electronic services regarding access to content and functionalities in the Service
  • Article 6(1)(f) GDPR – legitimate interest of the Controller consisting in protecting its own rights and business interests – in terms of ensuring Service security, including fraud prevention – and to the extent that the activities result from legal provisions, also Article 6(1)(c) GDPR, i.e., processing is necessary for compliance with legal obligations to which the Controller is subject. The data will be processed for the duration of Service use.
• Conclusion and performance of service agreement (Data of contractors, contractor representatives and contractor employees)
  • Article 6(1)(b) GDPR – processing is necessary for the performance of a contract to which the data subject is party – with respect to persons conducting business activity
  • Article 6(1)(f) GDPR – legitimate interest of the Controller consisting in ensuring proper performance of the contract – with respect to persons representing the entity that is party to the contract and persons designated to perform the contract;
  • Article 6(1)(c) GDPR – processing is necessary for compliance with legal obligations to which the Controller is subject (e.g., tax obligations). The data will be processed for the duration of the contract and the period resulting from relevant legal provisions, including tax and accounting regulations, anti-money laundering regulations.
• Phone communication and correspondence related to the contract (data of contractors, contractor representatives and contractor employees)
  • Article 6(1)(b) GDPR – processing is necessary for the performance of a contract to which the data subject is party – with respect to persons conducting business activity
  • Article 6(1)(f) GDPR – legitimate interest of the Controller consisting in ensuring proper performance of the contract – with respect to persons representing the entity that is party to the contract and persons designated to perform the contract. The data will be processed for the duration of the contract, and after its termination, cancellation or expiration for the period specified in the statute of limitations or necessary for pursuing claims until the final conclusion of the case.
• Managing customer relations, including promoting own services and products
  • Article 6(1)(f) GDPR – legitimate interest of the Controller consisting in ensuring the quality of provided services or promoting products and services offered by the Controller. Until objection to the processing of personal data for marketing purposes.
• Analytics and statistics
  • Article 6(1)(f) GDPR – legitimate interest of the Controller consisting in conducting analysis of user activity and preferences to improve Service functionality and provided services. The data will be processed for the duration of Service use or for the duration of the contract.
• Establishment, pursuit of claims or defense against claims
  • Article 6(1)(f) GDPR – legitimate interest of the Controller consisting in protecting its own rights and business interests. The retention period may be extended each time if processing is necessary for the establishment, exercise or defense of legal claims – the data will be stored for the period specified in the statute of limitations or necessary for pursuing claims until the final conclusion of the case.

In cases where legitimate interest is mentioned as the legal basis for processing your personal data, this refers to business premises such as the need to prevent abuse and damage, facilitate the use of services and improve their functionality, build positive relationships with Service users, measure satisfaction with our services, or use personal data for marketing purposes. We will process your data for purposes related to the implementation of our legitimate interest only when our interests have a clearly overriding nature over your interests, in accordance with Article 6(1)(f) GDPR. We do not process your personal data for automated decision-making purposes, including profiling.

5. Who may we share your data with?

We may share some of your personal data with the following categories of recipients:

5.1. service providers we use in operating the Service, in particular IT service providers and hosting services, including cloud computing, marketing and analytics service providers, postal and courier service providers, our legal advisors and tax advisors, as well as auditors. Service providers to whom we transfer your personal data, depending on contractual arrangements and circumstances, act as: 5.1.1. processor of your data on our behalf and solely on our instructions, whereby the sharing of your personal data with these entities always takes place on the basis of a data processing agreement meeting the requirements set out in Article 28 GDPR; 5.1.2. independent data controller, independently determining the purposes and means of using your personal data.

5.2. authorized state authorities, in particular organizational units of the prosecutor’s office, Police, President of the Personal Data Protection Office or President of the Office of Electronic Communications;

6. Data transfer outside the European Economic Area

The level of personal data protection outside the European Economic Area (“EEA”) differs from that provided by European law. The Controller transfers Personal Data outside the EEA only when necessary and with ensuring an adequate level of protection, primarily through:

1. cooperation with entities processing Personal Data in countries for which an appropriate European Commission decision has been issued regarding the determination of ensuring an adequate level of protection of Personal Data;
2. applying standard contractual clauses issued by the European Commission;
3. applying binding corporate rules approved by the competent supervisory authority.

7. Your rights in connection with our processing of your personal data

You have the right to:

7.1. pursuant to Article 15 GDPR – access your personal data that we process (i.e., you can find out if we process your personal data, and if so, request information about what data, for what purposes and how we process it);

7.2. pursuant to Article 16 GDPR – request rectification of your personal data that is incorrect or completion of incomplete personal data;

7.3. pursuant to Article 22 GDPR – not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. You have the right to obtain human intervention from the Company, to express your point of view and to contest this decision. The Company does not use automated decision-making, including profiling, which could produce such effects, unless you expressly consent to this, or if such processing is necessary for entering into or performing a contract between you and the Company, or is permitted by law;

7.4. pursuant to Article 17 GDPR – request erasure of your personal data, in specific cases, e.g., the data is no longer necessary for the purposes for which it was processed, consent for data processing has been withdrawn, if the Controller has no other legal grounds for processing, the data processing was unlawful;

7.5. pursuant to Article 18 GDPR – request restriction of processing of your personal data, in specific cases, i.e., (a) when you contest the accuracy of the processed data (for a period enabling us to verify their accuracy), (b) when the processing is unlawful and you oppose the erasure of the data, (c) when we no longer need the data for the purposes for which we processed it, but you need it for the establishment, exercise or defense of legal claims, (d) when you have objected to the processing of your data for purposes of our legitimate interests due to your particular situation – until it is determined whether these interests override your rights and freedoms (pursuant to Article 21(1) GDPR);

7.6. pursuant to Article 20 GDPR – data portability, i.e., the right to receive personal data in a structured, commonly used and machine-readable format and request that it be transmitted to another controller;

7.7. pursuant to Article 21(1) GDPR – object to processing of your personal data based on the Controller’s legitimate interest (i.e., based on Article 6(1)(f) GDPR) for reasons relating to your particular situation; In some cases, we may demonstrate that we have legitimate grounds for processing data that override your rights and freedoms (e.g., the necessity to ensure Service security and prevent fraud);

7.8. pursuant to Article 21(2) GDPR – object to processing of your personal data for direct marketing purposes of our products and services;

7.9. withdraw consent at any time for the processing of personal data, if we process such data based on consent. We inform you that withdrawal of such consent does not affect the lawfulness of processing of your data based on such consent before its withdrawal; 7.10. lodge a complaint with a supervisory authority when you consider that the processing of your personal data in the above scope violates the provisions of GDPR or national provisions. The competent authority for personal data protection in Poland is the President of the Personal Data Protection Office, address: Stawki 2, 00-193 Warsaw. You can exercise all the rights indicated above by contacting us by writing to the email address: support@binderless.com or by mail to: Investment Port Sp. z o.o., ul. Gospodarcza 26, 20-213 Lublin. We will make every effort to respond to all legally justified requests within one month of receiving them. It may happen that in the case of particularly complex requests or submission of several requests simultaneously, their consideration may take us longer than a month. In such a case, we will inform you about the extension of the deadline and provide you with current information regarding the implementation of your request.

8. Information about cookies

8.1. What are Cookies?

In the Service, we use “cookies”. Cookies are IT data, particularly in the form of small text files, which are stored on users’ end devices and are intended for use with websites. In cases where the user returns to the website, these files allow for the recognition of the device and appropriate adjustment of the displayed content. Through these files, data transmitted to the server by web browsers or devices of people using the website, such as IP address, software and hardware parameters, viewed pages, mobile device identification number, information about application usage, and other data concerning devices and system usage, are automatically acquired and recorded.

8.2. For What Purpose Do We Use Cookies?

8.2.1. We use cookies in the Service for the following purposes: 8.2.1.1. maintaining the continuity of your session after logging into the Service; thanks to this, within one session, you do not have to re-enter login data on each subpage of the Service; 8.2.1.2. using the “Remember me” option, which provides you access to your account in the Service without the need to log in each time you use the Service. This access is provided if you connect to the Service from the end device you used when selecting this option and placing the cookie. Please note that after selecting the “Remember me” option, anyone using your end device may gain access to your account in the Service, including data regarding your service agreement with the Administrator; 8.2.1.3. adapting the Service to your needs and remembering your settings in the Service; As part of these activities, we may collect information about when and for how long you visit our Service, information about your browser history and language preferences; 8.2.1.4. creating statistics on the viewership of Service subpages, analyzing the availability of our Service, ways of its use, and performance. We use this information to maintain, service, and continuously improve our services; 8.2.1.5. ensuring the security of the Service, login session, and detecting illegal activities.

8.3. Types of Cookies Used in the Service

8.3.1. Within the Service, two types of cookies are used – “session” and “persistent”. Session cookies are temporary files that remain on the user’s end device until logging out, leaving the website, or turning off the software (web browser). Persistent cookies, on the other hand, remain on the user’s end device for the time specified in the cookie parameters or until they are deleted by the user. 8.3.2. Due to the purpose of application, the following types of cookies are used within the Service: a) necessary – essential for ensuring the possibility of proper use of the functionalities provided within the Service; they enable basic functions such as security, identity verification, and network management; they cannot be disabled; b) marketing – used to track the effectiveness of advertisements in order to provide more tailored services and display ads that better match your interests; functional – allowing for the enrichment of Service functionality; without them, the Service will work correctly, but will not be adapted to user preferences; they collect data to remember individual user choices and provide them with better and more personalized experiences; c) analytical – help us understand how users interact with our website, also help detect errors and provide better overall statistics. 8.3.3. Our Service may contain links to other websites, including sites or applications of our business partners. Please remember that other entities’ websites may also use cookies. We have no control over third-party websites and are not responsible for the cookies they collect or have access to. When clicking on a link to another site, remember that each of them has its own cookie policy. We encourage you to familiarize yourself with them before you start using other websites.

8.4. Information Security

Data collected using cookies are gathered solely in connection with performing specific functions for the user. The collected data are encrypted in a way that prevents unauthorized access.

8.5. Service Usage Research

8.5.1. External cookies may also be placed by entities providing analytical services on our behalf, such as Google Inc., to collect information about the use of the Service for statistical purposes and to improve the Service’s operation, including, for example, counting visits to the Service, their duration, and determining which functionalities of the Service or its parts were most frequently used or visited and how they were used by individual users. The information collected in this way allows us to analyze the performance of the Service and determine directions for the development of new functionalities and services. 8.5.2. In the case of Google Analytics, information about how Google uses data from websites and applications that use their services is available at https://www.google.com/policies/privacy/partners/. 8.5.3. Additionally, we inform you about the possibility of downloading a browser add-on that limits the scope of information used by Google Analytics at https://tools.google.com/dlpage/gaoptout?hl=en.

8.6. Changing Browser Settings

8.6.1. Software for browsing websites (web browser, e.g., Safari, Firefox, Internet Explorer, Chrome, Opera) usually by default allows the placement of cookies on the user’s end device. Users can change these settings to block the automatic handling of cookies or to inform about their each transmission to the user’s device. Additionally, the web browser also allows for the deletion of cookies. Detailed information about the possibility and ways of handling cookies by a specific web browser is usually available in the “Help” section of the browser’s menu or on sites such as www.allaboutcookies.org. 8.6.2. We also inform that limiting the use of cookies may affect some functions provided within the Service.

9. Technical and organizational measures and processing security

All information we process, including your personal data, is stored on appropriately secured servers. We have also implemented appropriate and necessary technical and organizational measures to protect your data. We continuously monitor the level of information security within our IT network and update internal regulations and procedures to protect your data against accidental or unlawful loss, access, or disclosure, to identify foreseeable risks to the security of our IT network, and to minimize the risk resulting from threats to network security. We regularly assess the risk of security breaches in the network and regularly conduct tests in this regard.

10. Privacy policy changes

The Administrator reserves the right to change the Privacy Policy. The current text of the Privacy Policy will always be available in the Service. The current version of the Privacy Policy is effective from September 17, 2024.