Privacy policy

This privacy policy describes how we process information about you, including personal data and cookies.

1. General information

This policy applies to the website available at asttero.com.

The service operator and personal data controller is: ASTTERO SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, ul. Długa 39, 00-238 Warsaw, Poland.

The operator's contact email address is: contact@asttero.com.

The operator is the controller of your personal data with respect to data provided voluntarily through the website.

The website uses personal data for the following purposes:

• Running a newsletter
• Running a comment system
• Running online chat conversations
• Delivering marketing content (marketing communication based on cookies, analytics data and direct marketing),
• Handling enquiries submitted through forms
• Delivering ordered services
• Debt collection
• Presenting offers or information

The website collects information about users and their behavior in the following ways:

• Through data entered voluntarily in forms, which is then stored in the operator's systems.
• By saving cookie files on end devices (so-called "cookies").

2. Selected data protection methods used by the operator

Login and personal data entry points are protected at the transmission layer (SSL certificate). This means that personal data and login data entered on the website are encrypted on the user's computer and can only be read on the destination server.

Personal data stored in the database are encrypted in such a way that only the operator holding the key can read them. This protects the data in the event of database theft from the server.

User passwords are stored in hashed form. The hashing function works one way — it cannot be reversed, which is the current standard for storing user passwords.

To protect data, the operator regularly performs security backups.

An important element of data protection is the regular updating of all software used by the operator to process personal data, which in particular means regular updates of software components.

3. Hosting

The website is hosted (technically maintained) on servers operated by: OVH.

4. Your rights and additional information on how data are used

In some situations, the controller may transfer your personal data to other recipients if this is necessary to perform a contract with you or to fulfill obligations imposed on the controller. This applies to the following groups of recipients:

• postal operators
• law firms and debt collection agencies
• payment operators
• online chat solution providers
• authorized employees and collaborators who use the data to achieve the purpose of the website
• companies providing marketing services to the controller

Your personal data processed by the controller will not be kept longer than necessary to perform the activities related to them specified in separate regulations (e.g. accounting regulations). With respect to marketing data, data will not be processed for longer than 3 years.

You have the right to request from the controller:

• access to your personal data,
• rectification,
• erasure,
• restriction of processing,
• and data portability.

You have the right to object to the processing indicated in section 3.3(c) with respect to processing personal data for the purpose of pursuing the controller's legitimate interests, including profiling, provided that the right to object cannot be exercised where there are compelling legitimate grounds for processing that override your interests, rights and freedoms, in particular for the establishment, exercise or defense of claims.

You may lodge a complaint against the controller's actions with the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, Poland.

Providing personal data is voluntary, but necessary to use the website.

Automated decision-making, including profiling, may be applied to you in order to provide services under a concluded contract and for the controller's direct marketing.

Personal data are not transferred from third countries within the meaning of data protection regulations. This means we do not send them outside the European Union.

5. Information in forms

The website collects information provided voluntarily by the user, including personal data, where such data are provided.

The website may save information about connection parameters (timestamp, IP address).

In some cases, the website may save information that makes it easier to link data in a form with the email address of the user completing the form. In such cases, the user's email address appears inside the URL of the page containing the form.

Data provided in a form are processed for the purpose resulting from the function of the specific form, e.g. to handle a service request or business contact, register services, etc. Each time, the context and description of the form clearly explain what it is used for.

6. Administrator logs

Information about user behavior on the website may be logged. These data are used to administer the website.

7. Important marketing techniques

The operator uses statistical analysis of website traffic through Google Analytics (Google Inc. based in the USA). The operator does not transfer personal data to the provider of this service, only anonymized information. The service is based on the use of cookies on the user's end device. With regard to information about user preferences collected by Google's advertising network, the user can view and edit information resulting from cookie files using the tool: https://www.google.com/ads/preferences/

The operator uses remarketing techniques that allow advertising messages to be matched to the user's behavior on the website, which may give the impression that the user's personal data are used to track them; however, in practice no personal data are transferred from the operator to advertising providers. A technological requirement for such activities is enabled cookie support.

The operator uses the Facebook pixel. This technology allows Facebook (Facebook Inc. based in the USA) to know that a registered person is using the website. In this case it is based on data for which Facebook itself is the controller; the operator does not transfer any additional personal data to Facebook. The service is based on the use of cookies on the user's end device.

The operator uses a solution that studies user behavior by creating heat maps and recording behavior on the website. This information is anonymized before being sent to the service provider so that the provider does not know which natural person it relates to. In particular, entered passwords and other personal data are not recorded.

The operator uses a solution that automates website operation in relation to users, e.g. it may send an email to a user after visiting a specific subpage, if the user has consented to receiving commercial correspondence from the operator.

8. Information about cookies

The website uses cookies.

Cookies are IT data, in particular text files, stored on the website user's end device and intended for use with the website's pages. Cookies usually contain the name of the website they come from, the time they are stored on the end device and a unique number.

The entity placing cookies on the website user's end device and accessing them is the website operator.

Cookies are used for the following purposes:

• maintaining the website user's session (after logging in), so that the user does not have to re-enter login and password on every subpage;
• achieving the purposes set out above in the "Important marketing techniques" section;

Two basic types of cookies are used within the website: "session" cookies and "persistent" cookies. "Session" cookies are temporary files stored on the user's end device until logout, leaving the website or closing the browser. "Persistent" cookies are stored on the user's end device for the time specified in the cookie parameters or until deleted by the user.

Web browsing software (a web browser) usually allows cookies to be stored on the user's end device by default. Website users can change their settings in this regard. The web browser allows cookies to be deleted. It is also possible to automatically block cookies. Detailed information on this subject is contained in the browser's help or documentation.

Restrictions on the use of cookies may affect some functionalities available on the website pages.

Cookies placed on the website user's end device may also be used by entities cooperating with the website operator, in particular: Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA), Twitter (Twitter Inc. based in the USA).

9. Managing cookies — how to give and withdraw consent in practice

If the user does not want to receive cookies, they can change browser settings. Please note that disabling cookies necessary for authentication, security or maintaining user preferences may make it difficult and, in extreme cases, prevent use of websites.

To manage cookie settings, select the web browser you use from the list below and follow the instructions:

• Edge
• Internet Explorer
• Chrome
• Safari
• Firefox
• Opera

Mobile devices:

• Android
• Safari (iOS)
• Windows Phone