Privacy Policy

1. General information

1. This policy applies to the website operating at the following URL: cogniforge.pl.
2. The website operator and the Personal Data Controller is: Cogniforge sp. z o.o., Stanisława Moniuszki 11,
   35-015 Rzeszów, Poland, NIP: 8133945040, REGON: 543588777, KRS: 0001214221.
3. The operator’s contact email address: contact@cogniforge.pl
4. The Operator is the Controller of your personal data with regard to data voluntarily provided on the Website.
5. The Website uses personal data for the following purposes:
• Running a newsletter
• Handling enquiries submitted through the form
• Presenting offers or information
6. The Website collects information about users and their behaviour in the following ways:
   1. Through data voluntarily entered in forms, which are then entered into the Operator’s systems.
   2. Through storing cookies on end-user devices.

2. Selected data protection methods used by the Operator

1. Login areas and places where personal data are entered are protected at the transmission layer (SSL certificate).
   As a result, personal data and login credentials entered on the website are encrypted on the user’s device and can only
   be read on the destination server.
2. User passwords are stored in hashed form. The hashing function works one-way, meaning it is not possible to reverse it,
   which is the current standard for storing user passwords.
3. The Operator periodically changes administrative passwords.
4. To minimise the risk of unauthorised access to data, the Operator uses complex passwords containing lowercase and uppercase
   letters, numbers, and special characters, with a minimum length of 8 characters.
5. Two-factor authentication is used on the website as an additional form of protection for logging in.
6. To protect data, the Operator regularly performs backups.

3. Hosting

1. The Website is hosted (technically maintained) on the operator’s server: Huge Voice.
2. In order to ensure technical reliability, the hosting company keeps server-level logs. The following may be recorded:
   • resources identified by a URL (addresses of requested resources such as pages or files),
   • time the request was received,
   • time the response was sent,
   • client station name, identified through the HTTP protocol,
   • information about errors that occurred during the HTTP transaction,
   • the URL address of the page previously visited by the user (referrer link), if the Website was accessed through a link,
   • information about the user’s browser,
   • information about the IP address,
   • diagnostic information related to the process of self-ordering services through forms on the website,
   • information related to email correspondence sent to the Operator and sent by the Operator.

4. Your rights and additional information on how data are used

1. In certain situations, the Controller has the right to transfer your personal data to other recipients if it is necessary
   to perform the contract concluded with you or to fulfil obligations incumbent on the Controller. This applies to the
   following groups of recipients:
   • the hosting provider acting under a data processing agreement
2. Your personal data are processed by the Controller no longer than necessary to carry out activities related to them,
   as specified in separate regulations (for example, accounting regulations). With regard to marketing data, such data will
   not be processed for longer than 3 years.
3. You have the right to request from the Controller:
   • access to your personal data,
   • rectification of your personal data,
   • erasure of your personal data,
   • restriction of processing,
   • data portability.
4. You have the right to object, with regard to the processing indicated in point 3.3(c), to the processing of personal data
   for the purposes of legitimate interests pursued by the Controller, including profiling. However, the right to object may
   not be exercised if there are valid legitimate grounds for processing which override your interests, rights and freedoms,
   in particular for the establishment, exercise or defence of legal claims.
5. You have the right to lodge a complaint regarding the Controller’s actions with the President of the Personal Data
   Protection Office, ul. Stawki 2, 00-193 Warsaw, Poland.
6. Providing personal data is voluntary, but necessary for the use of the Website.
7. With regard to you, actions involving automated decision-making, including profiling, may be undertaken for the purpose
   of providing services under the concluded contract and for the purpose of the Controller’s direct marketing.
8. Personal data are transferred to third countries within the meaning of personal data protection regulations. This means
   that we transfer them outside the European Union.

5. Information in forms

1. The Website collects information voluntarily provided by the user, including personal data, if such data are provided.
2. The Website may save information about connection parameters (timestamp, IP address).
3. In some cases, the Website may save information that makes it easier to link the data entered in the form with the email
   address of the user filling out the form. In such a case, the user’s email address appears within the URL of the page
   containing the form.
4. Data provided in the form are processed for the purpose resulting from the function of the specific form, for example to
   handle a service request, commercial contact, service registration, etc. Each time, the context and description of the form
   clearly inform the user of its purpose.

6. Controller logs

1. Information about users’ behaviour on the Website may be subject to logging. These data are used for the purpose of
   administering the Website.

7. Relevant marketing techniques

1. The Operator uses statistical traffic analysis on the website through Google Analytics (Google Inc., based in the USA).
   The Operator does not transfer personal data to the provider of this service, only anonymised information. The service is
   based on the use of cookies on the user’s end device. With regard to information about user preferences collected by the
   Google advertising network, the user may view and edit information resulting from cookies using the following tool:
   https://www.google.com/ads/preferences/

8. Information about cookies

1. The Website uses cookies.
2. Cookies are IT data, in particular text files, which are stored on the end device of the Website user and are intended for
   use with the Website’s pages. Cookies usually contain the name of the website they come from, the storage time on the end
   device, and a unique number.
3. The entity placing cookies on the Website user’s end device and obtaining access to them is the Website operator.
4. Cookies are used for the following purposes:
   1. maintaining the session of the Website user (after logging in), thanks to which the user does not have to re-enter their
      login and password on each subpage of the Website,
   2. achieving the purposes specified above in the section “Relevant marketing techniques”.
5. The Website uses two basic types of cookies: session cookies and persistent cookies. Session cookies are temporary files
   stored on the user’s end device until logging out, leaving the website, or turning off the software (internet browser).
   Persistent cookies are stored on the user’s end device for the time specified in the cookie parameters or until deleted by
   the user.
6. Web browsing software (internet browser) usually allows cookies to be stored on the user’s end device by default. Users of
   the Website may change these settings. The internet browser allows cookies to be deleted. It is also possible to block
   cookies automatically. Detailed information on this topic is available in the help section or documentation of the internet
   browser.
7. Restrictions on the use of cookies may affect some functionalities available on the Website’s pages.
8. Cookies placed on the Website user’s end device may also be used by entities cooperating with the Website operator,
   in particular: Google (Google Inc., based in the USA), Facebook (Facebook Inc., based in the USA), and Twitter
   (Twitter Inc., based in the USA).

9. Managing cookies – how to give and withdraw consent in practice

1. If the user does not want to receive cookies, they may change their browser settings. Please note that disabling cookies
   necessary for authentication processes, security, and maintaining user preferences may hinder, and in extreme cases may
   prevent, the use of websites.
2. To manage cookie settings, select the internet browser you use from the list below and follow the instructions:
   • Edge
   • Internet Explorer
   • Chrome
   • Safari
   • Firefox
   • Opera

   Mobile devices:

   • Android
   • Safari (iOS)
   • Windows Phone