1. Collection and use of personal data
1.1 Who processes my personal data?
Indicating the entity responsible for processing personal data depends on the purpose for which it is collected:
- If you use services provided by one of the companies of the XDISC Group, that is:
- XDISC S.A. with headquarters in Warsaw, Heliotropów 45/53, 04-796 Warsaw, NCR 0000383408, VAT PL1132450605;
- SILVER MEDIA Spółka z o.o with headquarters in Warsaw, Heliotropów 45/53, 04-796 Warsaw, NCR 0000196150, VAT PL9521937464;
- OPTICAL DISC MASTERING Spółka z o.o. with headquarters in Warsaw, Heliotropów 45/53, 04-796 Warsaw, NCR 0000446039, VAT PL5242756419
- hereinafter jointly referred to as the “XDISC Group”; or you are a representative or contact person acting on behalf of the customer, the data controller will be the company which is the service provider.
- if you leave data for the purposes of:
- signing up for events,
- receiving a newsletter,
- receiving marketing information,
your data will be processed by the companies belonging to the capital group, as joint administrators.
1.2 For what purposes is my personal data processed?
We process personal data obtained from customers, suppliers or other third parties, as well as individuals representing them or cooperating with us on their behalf, to the extent necessary for us to provide services as part of our business activities. This scope includes, but is not limited to: proper identification of contact persons or representatives of our customers; their employees or associates; maintenance of business relationships and in the event of a potential dispute regarding the provided services or cooperation, we may process this personal data in order to resolve the dispute. As part of the project implementation, we may process personal data such as: name and surname, job position, contact details or other relevant data, defined further and resulting from the implemented projects.
When using our website, your personal data is collected and further processed for purposes related to individual functionalities of a specific website. Depending on the website where you leave your data, we will inform you about the appropriate purposes of processing each time, however, knowing the capabilities of our websites, we can indicate the following data processing purposes:
- signing up for an event or publication,
- subscription to materials of interest,
- signing up for a program, contest or campaign,
- submitting a request for a quote,
- ordering marketing information,
- submitting a contact inquiry,
- using the application or online tool.
Providing data is always voluntary. If you are an employee or associate of our customer and you work with us on their behalf, it is possible that we will receive your contact details from our customer.
1.3. On what basis can XDISC Group process my personal data?
Depending on the purpose for which your data is processed, the XDISC Group Companies in Poland have appropriate legal grounds for processing your data, for example:
- when you are asked to consent to the processing of personal data for a specific purpose – art. 6 (1)(a) GDPR,
- when processing personal data is necessary to perform the contract concluded with you or to take action at your request before concluding the contract – art. 6 (1)(b) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation),
- when processing is necessary to fulfill a legal obligation incumbent on us, e.g. if it is necessary to provide personal data to state authorities – art. 6 (1)(c) GDPR.
- when we have to implement the legitimate interests, e.g. accepting your inquiry and answering it; resolving a dispute; maintaining business contacts; identifying representatives, contact persons or other employees or associates of our customers acting on their behalf – rt. 6 (1)(f) GDPR,
Other examples of the legitimate interest, referred to above, include:
- preventing fraud, criminal activities and acting to protect our IT systems,
- personalizing the user experience and improving the efficiency, usability and effectiveness of XDISC Group’s Internet presence,
- carrying out and analyzing our marketing activities, unless the law requires separate consent,
- meeting our corporate and social responsibility obligations.
- Does my processed personal data belong to a special category of data?
XDISC Group does not intentionally collect special category data, unless such an obligation results from applicable law, for example for the purposes of recruitment or employment. Special category data includes personal information related to racial or ethnic origin, political opinions, trade union membership, religious beliefs or worldview, health, sexuality, sexual orientation or criminal record of the user, as well as genetic or biometric data.
We urge users to be prudent when providing information and in no case provide sensitive information, unless they expressly consent to the use of such information by the XDISC Group for the purpose of legal activity by the XDISC Group and to entrust the processing and storage of such data in XDISC Group databases.
2. Automated data collection
The collected information does not always constitute personal data, which allows identifying a specific user, but it may be the case when it is possible to associate the IP address or location information with a user’s email address.
An IP address is an identification number assigned to a user’s computer when connected to an Internet network, allowing communication between that computer and the server. The IP addresses of users visiting the website may be registered, in order to ensure the security of the IT system and for diagnostic purposes. This information may also be used in aggregate form to analyze internet trends and evaluate the operation of the website.
Cookies are files that our websites send to the user’s computer or device, connected to the Internet, during their visit to our site. Cookies allow the website to remember the user’s computer or device for several purposes.
Our websites display a banner asking for the user’s consent to store cookies on their devices. If the user does not give consent, the activities carried out via the user’s computer or device will not be monitored for marketing purposes. A second type of cookies, also known as session cookies, may be required to support the functionalities of the website. The user’s choices will be saved for a period of 90 days. If the user wants to change the previously selected option, they should delete the cookies from their Internet browser.
Additional information on cookie management can be found in the Help file of the web browser or on websites such as www.allaboutcookies.org
The table below lists the different types of cookies that are used on our websites:
Type and duration
Performance (e.g. user’s web browser)
Our websites have been built on the basis of common internet platforms. These platforms use embedded cookies to help solve problems related to compatibility (e.g. by identifying the browser type) and performance (e.g. by loading content faster).
Deleted after you quit your browser
Security (e.g. Asp.NET)
If a user registers to use some of the XDISC Group’s websites with restricted access, the system checks via cookies that the user’s device is securely logged in throughout the entire visit to the site. A login and password are required to access the restricted section of the XDISC Group websites.
Deleted after you quit your browser
Cookies may also remember the user’s preferences on the website (e.g. the language they choose) and try to improve the website’s performance (e.g. through a personalized greeting or content). This operation of cookies most often concerns parts of the website that can be accessed after registering or creating an account.
Deleted after you quit your browser
We use third party analytics tools to understand how users browse our website. The obtained information allows us to improve the quality and content of the website. Collective statistical data concern, like the total number of page views and references to our website. More detailed information on the use of Google Analytics tools by the XDISC Group can be found below.
Persistent cookies, deleted after 2 years, if the user does not visit the website again
We use a third party tool that allows us to ask a certain percentage of users for feedback. In this case, cookies are used to prevent users from being invited to participate in a survey repeatedly.
The first type of cookie (1) stores information on whether the user has replied to a survey pop-up – so they won’t be asked again.
The second type of cookie (2) stores information on whether the user received a survey pop-up to prevent the invitation from being displayed again for a period of 90 days.
Deleted after you quit your browser
Deleted after 90 days and/or containing a survey pop-up.
Social networking tracking cookies
Persistent cookies, deleted after 2 years, if the user does not visit an XDISC Group website again.
Individual XDISC Group websites may use other third party tools and widgets to offer users additional functionalities. The use of these tools may result in storing cookies on users’ devices to facilitate website browsing.
Cookies themselves do not contain information about the user’s email address and their personal data. Our analytical reports may contain other identifiers, including IP addresses, which are used to determine the number of unique users and trends by country of origin, not identifying individual users.
VISITING OUR WEBSITE OR ENTERING A LOGIN TO ACCESS PART OF THE SITE INTENDED ONLY FOR REGISTERED USERS, IS EQUIVALENT TO CONSENT FOR STORING COOKIES ON THE USER’S COMPUTER OR DEVICE CONNECTED TO THE INTERNET.
2.2 Google Analytics
XDISC Group uses Google Analytics. More information on the use of Google Analytics can be found at: http://www.google.com/analytics/learn/privacy.html
A beacon is a small picture file placed on a website that allows the collection of certain information sent by the user’s device, such as an IP address, time of visit, browser type, cookies stored during previous visits by the same server. The use of beacons is in accordance with applicable law.
The XDISC Group or service providers may use beacons to monitor the effectiveness of third party websites that provide us with recruiting or marketing services, collect website user statistics or manage cookies.
The user can disable beacons by turning off cookies associated with a certain beacon. It can still record anonymous visits from the IP address of a specific user, but the information collected by cookies will not be recorded in this case.
Some newsletters or messages sent by the XDISC Group contain embedded links that allow confirming the recipient’s email address. The collected information is used to determine the user’s interests and improve the quality of their future browsing experience.
2.4 Location tools
XDISC Group may collect and use geographic location data of the user’s device. Location data is collected to provide users with information about services we believe may be of interest to them, because of their location. They are also collected in order to improve our products and services based on geolocation solutions.
3. Widgets and social apps
4. Children’s privacy
The XDISC Group understands the importance of protecting children’s privacy, especially on the Internet. The XDISC Group websites are not intended for children under the age of 16. One of the principles of the XDISC Group’s policy is to refrain from deliberately collecting or storing data of users under the age of 16, except when such data is part of activities related to the provision of professional services.
5. Data processing agreements
XDISC Group does not disclose personal data to unrelated entities, except in situations where it is necessary to conduct our business, process an application or in situations required or permitted by law or professional standards. For example, we may transfer personal data to tax authorities, public authorities, financial and social security institutions or other third parties. If it is necessary and results from the provisions of law, the XDISC Group provides personal data in response to inquiries from the judiciary and law enforcement authorities, as well as in order to act in accordance with the relevant legal provisions, orders or regulations issued by the judicial authorities and regulations issued by governmental or professional institutions.
The XDISC Group may, in certain cases, disclose personal data to employees or associates of the XDISC Group Companies in Poland (joint controllers), or – in the form of entrusting data processing – may disclose them to external companies, service providers or sellers acting on our behalf in order to process user reports or provide services to clients. In the case of cooperating with service providers, we may transfer the personal data obtained by us to third parties – service providers. The XDISC Group will only transfer personal data to third parties if our stringent personal data processing and security standards are met. The XDISC Group transfers personal data to third parties only to the extent necessary to provide services to the XDISC Group by these parties.
Additionally, the XDISC Group may entrust the processing of personal data to a third country, i.e. outside the European Economic Area, and send them to companies associated in the XDISC Group, other external entities cooperating with the XDISC Group or acting on our behalf for the purposes described in this Policy Privacy. Including for the purpose of providing infrastructure support services in the IT area by other affiliated companies of the XDISC Group. The XDISC Group may also store personal information in a place that has a jurisdiction other than that of the specific user. The transfer of data to a third country may, however, take place only when (subject to other provisions of generally applicable law) the conditions for ensuring an adequate level of protection of natural persons, guaranteed in the GDPR, are met, e.g. a contract containing standard contractual clauses requiring specific level of personal data protection.
The XDISC Group may disclose personal data in connection with the sale, assignment or other transfer of ownership of the website and resulting in this scope the sale / transfer of rights to the website to which the said data is related, as well as at the request of authorities or law enforcement authorities, or when it is required by applicable laws, court orders or other government regulations. The necessity to disclose personal data may also be caused by conducting data privacy or security audits and / or when handling complaints or taking actions related to a security risk. The XDISC Group does not sell personal data to third parties, which could use it for marketing purposes.
During a standard visit to an XDISC Group website, it is not necessary to provide personal data, however the XDISC Group may require data transferring, if the user wishes to obtain additional information about our services or events. The user may also be asked whether they consent to particular personal data processing. If you receive certain information or services, such as an electronic newsletter, you may unsubscribe at any time by following the instructions in each email. In the event of unsubscribing, the XDISC Group deletes the user’s information immediately, however this may require providing additional data.
As mentioned before, users have the option of configuring their web browsers to disable all cookies or to notify when they are stored. However, please note that if you disable cookies, some elements of the XDISC Group website may not function properly.
7. Data Access
If you provide us with your personal data, in most cases you have adequate access to it, in order to modify it. You can also send a request to firstname.lastname@example.org to update or delete certain data. The XDISC Group will take all appropriate steps to comply with this request, provided that it is in accordance with the applicable law.
Please have in mind the data subject rights you have under the GDPR:
- the right of access (including obtaining confirmation whether your personal data has been processed and obtaining information about the purposes, sources, categories of data or the duration of storage), which also includes the right to receive a copy of your own data free of charge (for any subsequent copies requested by the data subject, we may charge a reasonable fee based on administrative costs),
- the right to rectification (when personal data are inaccurate), which also includes supplementing incomplete personal data. For this purpose we may ask you to provide an additional statement,
- the right to erasure (the so-called “right to be forgotten”) when, for example, the personal data are not necessary to achieve the purposes for which they were collected, consent to their processing has been withdrawn or there are no other legal grounds for their processing,
- the right to restriction of processing, when e.g. you question the correctness of personal data – for a period allowing us to check the correctness of this data,
- the right to object processing,
- the right to data portability, including receiving in a structured, commonly used machine-readable format your own personal data that you provided,
- the right to withdraw consent (however the withdrawal of consent does not affect the lawfulness of the processing carried out before the withdrawal),
- the right to file a complaint to the President of the Personal Data Protection Office, if you believe that the processing of personal data violates the provisions of the GDPR.
8. Data security and integrity
The XDISC Group applies appropriate policies and procedures to protect personal data against loss, misuse, alteration or damage. However, even despite our best efforts, it is not possible to completely protect your data against all threats. We make every effort to ensure that access to your personal data is limited. Persons who have access to the data are obliged to keep it confidential. Additionally, one of the principles of the XDISC Group’s policy is to store personal data only for the duration in which
- they are necessary to process your request,
- they are necessary to implement a right or obligation resulting from generally applicable laws or policies, regulations or other requirements
- in force in the companies of the XDISC Group, or
- until you request that such information be deleted.
The duration of personal data storage depends on the specific nature and circumstances (especially the purpose) for which it was collected.
Personal data processed on the basis of expressed consent will be deleted or anonymized after its withdrawal or expiration.
Personal data, provided during the course of business relationships, regarding our customers, business partners (natural persons) or their representatives (including contact persons) will be processed during the duration of such relationships and will be stored after their termination if:
- law regulations impose an obligation on the XDISC Group to store personal data, including for the purpose of meeting the regulatory requirements for the business activities of the XDISC Group,
- the storage of personal data is necessary to achieve the goals of the legitimate interests of the XDISC Group.
In the case of contact persons, we will process their data in order to maintain business relationships, unless (provided that it is compliant with the GDPR) an objection to such processing is raised.
9. Links to other websites
The XDISC Group makes every effort to ensure the protection of personal data. A Data Protection Officer has been appointed (e-mail: email@example.com) and is the contact person for matters related to personal data, including questions or comments or concerning your personal data.