Privacy policy

The privacy policy describes the rules for processing information about you, including personal data and cookies.

1. General information.

  1. The service operator is: with its registered office in Poznań at the following address: 60- 829 Poznań, ul. Franklina Roosevelta 22, entered into the National Court Register maintained by the District Court for Poznań - Nowe Miasto i Wilda in Poznań, 8th Commercial Division of the National Court Register under the KRS number 0000612359, REGON (Statistical Number) 364261632, NIP (Tax Identification Number) 7822622168, share capital of PLN 215,228.00, paid in full.
  2. The Operator is the Administrator of personal data in relation to data provided voluntarily by users during the establishment of services, when using the services or when using various types of marketing actions that may be carried out by the Operator (eg contests, newsletters, etc.).
  3. The data provided by users to use the services are used in the process of commissioning and providing them. This mainly includes activities such as:
    • technical launch of services,
    • invoicing,
    • processing and storage of financial documents based on special provisions: tax, financial and accounting, etc.,
    • informing about the dates of expiration of services and the possibility of their extension,
    • informing about planned technical work,
    • informing about important configuration changes,
    • informing about changes in regulations,
    • providing technical support, including answering users' questions,
    • explanations regarding settlements,
    • direct commercial contact - if you ask for it.
    • sending marketing information by e-mail / SMS / by phone / other channels - if the user agrees to such forms of contact (eg by subscribing to the newsletter, indicating the appropriate agreement registering the service, or in the client's panel - detailed rules, the scope of consent together with the appointment of the relevant regulations are found then at the place of consent),
  4. The operator, as a hosting company, may also be a processor of personal data - in relation to data, which administrators are clients and which have been entrusted to him by concluding an appropriate contract. Detailed rules then determine this contract. This Policy does not apply to the use of this type of data. In relation to them, the Operator is not an administrator.
  5. This Policy does not include any information regarding services, goods or websites belonging to entities other than the Operator.
  6. The website performs the functions of obtaining information about users and their behaviors in the following manner:
    1. Through data entered voluntarily in forms, which are entered into the Operator's systems.
    2. By saving cookies in the end devices.
    3. By saving technical logs at the level of the web server, mail and the Operator's application.

2. Detailed information on the processing of personal data

The processing of personal data takes place in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Regulation on Data Protection) of 27 April 2016 (Official Journal No. 119), hereinafter referred to as GRDP, taking into account the provisions of the Act on the provision of electronic services and other generally applicable laws.

  1. Administrator of personal data

  2. The personal data administrator is: H88 S.A. with its registered office in Poznań, Franklina Roosevelta 22, 60-829 Poznań, entered into the National Court Register maintained by the District Court for Poznań - Nowe Miasto i Wilda in Poznań, 8th Commercial Division of the National Court Register under the KRS number 0000612359, REGON (Statistical Number) 364261632, NIP (Tax Identification Number) 7822622168, share capital of PLN 215,228.00, paid in full.

    Contact details of the Administrator: ul. Franklina Roosevelta 22, 60-829 Poznań, e-mail: info@ssl4less.eu, tel.: +48 12 446 63 77

  3. Data Protection Inspector

  4. The administrator has appointed the Data Protection Inspector (hereinafter referred to as DPS), which is available under the following contact details: e-mail address: iod@h88.pl

  5. Voluntary personal data

  6. The Supplier informs that unless otherwise indicated in the content of individual forms (eg indicating that the data is provided on a voluntary basis), the Supplier's services can not be used anonymously or using a pseudonym. In connection with the above, refusal to provide data may result in refusal to conclude a contract and provide the service ordered.

  7. To create a customer account in order to order the Supplier's services, it is necessary to create a login and provide:

  8. People who do not run a business


    • first name and last name
    • address
    • e-mail adress
    • phone number
    • personal identity number
    • (Mandatory data)

    • first name and last name
    • company name
    • business address
    • e-mail adress
    • phone number
    • VAT number
    • (Mandatory data)

  9. Types of data processed, purposes, legal basis for data processing by the Supplier and the expected retention period

  10. The type of data

    The purpose of processing

    Legal basis

    The period of data storage

    Mandatory data

    Contact details of the client's staff (in particular: name, surname, e-mail address, phone number)

    Maintaining customer account on the site, providing the services ordered, providing contact in connection with the performance of services

    Article 18 para. 1 of the Act on the provision of electronic services

    Article 6 para. 1 point b) GRDP (necessary for the performance of the contract)

    Until the client account is deleted

    Investigation or defense of possible claims

    Article 6 para. 1 point f) GRDP (legally justified interest)

    Until the expiration of the period of possible claims

    Marketing, including direct marketing, products or services of the Administrator

    Article 6 para. 1 point f) GRDP (legally justified interest)

    Until the opposition is expressed on the basis of art. 21 - 22 GRDP

    Sending commercial information by e-mail (e-mails and text messages), making telephone calls to present promotional or personalized offers

    Article 6 para. 1 point a) GRDP in conjunction with from art. 172 para. 1 of the telecommunications law and art. 10 para. 2 of the Act on Providing Services by Electronic Means (Consent)

    Until the consent is withdrawn or the objection raised under Art. 21 - 22 GRDP

    Data necessary due to the chosen method of settlement of services, in particular:

    Bank account details from which payment was made

    Data included in issued invoices (VAT invoices)

    Data on ordered and performed services (order history)

    Settlement of services provided

    Article 18 para. 2 of the Act on the provision of electronic services

    Article 6 para. 1 point b) GRDP (necessary for the performance of the contract)

    Until the expiry of the period of prescription of possible claims or the expiration of the time limit for the obligation to keep accounting documents

    Execution of legal obligations in the scope of accounting and accounting

    Article 6 para. 1 point c) GRDP (fulfillment of legal obligations in the field of accounting)

    Investigation or defense of possible claims

    Article 6 para. 1 point f) GRDP (Legally legitimate interest)

    Data contained in correspondence with the Administrator (in completed contact forms, notification system, e-mail, chat application, traditional correspondence)

    Records of telephone conversations

    Conducting correspondence, handling requests, requests, inquiries or complaints. Demonstration of the content of declarations or requests made by a person

    Article 6 para. 1 point c) GRDP (fulfillment of legal obligations to respond to requests of data subjects)

    Article 6 para. 1 point f) GRDP (legally justified interest)

    Until the expiration of the period of possible claims

    Investigation or defense of possible claims

    Article 6 para. 1 point f) GRDP (Legally legitimate interest)

    Data characterizing the manner of using the service provided electronically (operational data):

    Identification identifying the person being broadcast on the basis of available data

    Marks identifying the end of the telecommunications network or the IT system used by the person

    Information on the start, end and scope of each use of the service provided electronically

    Information on the use by the recipient of services provided electronically

    Providing quality parameters of the service and optimization

    Maintaining security measures

    Query support

    Determining cases of unauthorized use of the service and providing data to authorized bodies

    Article 18 para. 5 - 6 of the Act on the provision of electronic services

    Article 6 para. 1 point f) GRDP (legally justified interest)

    Up to 6 months

    In the case of data regarding access to the customer's panel and placing orders, instructions or requests - for the duration of the service, and later until the expiration of the possible claims.

    All data described above, processed by the Administrator in information systems.

    Execution and storage of backup copies, ensuring the ability to continually ensure the confidentiality, integrity, availability and robustness of processing systems and services; ensuring the ability to quickly restore the accessibility and access to personal data in the event of a physical or technical incident.

    Article 6, paragraph 1, point c) in conjunction from art. 32 para. 1 point b) and c) GRDP (fulfillment of legal obligations to ensure the security, integrity and availability of data)

    According to the internal backup schedule

  11. The right to withdraw consent

  12. If the Administrator processes personal data on the basis of consent, such consent may be withdrawn at any time. Withdrawal of consent does not affect the legality of the processing carried out prior to its withdrawal.

  13. The rights of a person regarding the processing of their personal data

  14. The person has the following rights regarding his personal data:

    The right to access data

    Article 15 GRDP.

    The essence of the law: The data subject has the right to obtain from the administrator confirmation whether personal data concerning him is being processed, and if so, he is entitled to access to them and information provided in this provision.

    The right to rectification and supplementation

    Article 16 GRDP

    The essence of law: The data subject has the right to require the administrator to immediately correct personal data that is incorrect about him. Taking into account the purposes of processing, the data subject has the right to request supplementing incomplete personal data, including by submitting an additional statement.

    The right to remove

    Article 17 GRDP

    The essence of law: The data subject has the right to request the administrator to delete his personal data immediately, and the administrator has the obligation to delete personal data without undue delay, if one of the circumstances indicated in this provision occurs.

    The right to limit processing

    Article 18 GRDP

    The essence of the law: Limiting processing means marking stored personal data in order to limit their future processing. After such marking of the data, their processing, except for storage, is possible only on the basis of consent or for the purposes set out in this provision. Restrictions may be demanded in the cases specified in this provision.

    The right to transfer data

    Article 20 GRDP

    The essence of law: The data subject has the right to receive, in a structured, commonly used machine-readable format, personal data about him that he provided to the administrator, and he has the right to send this personal data to another administrator without any interference from the controller

    The right to raise objections

    Article 21 GRDP

    The essence of the law: If personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of his personal data for the purpose of such marketing, including profiling, to the extent that the processing is related to such direct marketing.

    The objection shall also be in other cases specified in art. 21-22 GRDP.

    A person may exercise the above rights by contacting the Administrator in any of the ways set out at the beginning. This also applies to the withdrawal of granted consents. During remote contact, the Administrator may request personal information to verify identity.

  15. Recipients of data

  16. Data may be disclosed to entities acting on behalf of the Administrator or performing services to the Administrator, in particular:

    • entities maintaining registers of Internet domain subscribers ordered by a person or intermediaries registering a given domain;
    • entrepreneurs from the advertising and marketing industry (advertising agencies, call-centers, software platforms for sending e-mails or text messages, chat communication);
    • entrepreneurs providing services related to pursuing or defending claims as well as legal and accounting services (debt collection, law and tax offices, accounting offices);
    • subcontractors and servicemen;
    • auditors;
    • postal operators and courier companies.

    The data may also be disclosed:

    • bodies that, under applicable law, remain entitled to request their release, including, in particular, courts, prosecutors, police, tax and customs administration;
    • other entities entitled to access data on the basis of legal provisions.
  17. Transmission of data to third countries

  18. DAs a rule, personal data are not transferred to a third country or an international organization outside the European Economic Area (EEA). However, such a transfer may take place to the extent described below.

    The transfer of personal data outside the EEA may take place in connection with the Administrator's use of analytical or advertising services provided by Google LLC, including Google Adwords and Google Analytics. The transfer takes place in the United States of America on the basis of the European Commission's decision (the so-called Privacy Shield), stating that an adequate level of personal data protection will be ensured for the entities participating in the program, including the provider of the above services - Google LLC, Mountain View, California.

    The transfer of data may also take place in the case of ordering a service requiring the transfer of personal data to a third country, i.e. in particular, Internet domain registration, whose register is operated by an entity established in a non-EEA country or an SSL certificate operated by such entity. In this case, personal data shall be transmitted irrespective of whether a decision of the European Commission stating the appropriate level of data protection has been issued for a given third country or international organization or if other safeguards as referred to in Article 5 have been provided. 46 or 47 GRDP. The data will be provided only to the extent necessary to perform the ordered service.

    Bearing in mind that it is impossible to specify in advance and describe all possible situations of transfer of personal data outside the EEA due to domain registration, purchase of SSL certificates or ordering other services offered by the Administrator (there are over 1500 domains operating in the IANA database, including national, international and nTLD domains, whose registers are often maintained by separate organizations), detailed information can be obtained:

    In addition, detailed information on the transfer of data outside the EEA in connection with the provision of individual services can be obtained by contacting the Data Protection Inspector (e-mail address: iod@h88.pl).

  19. Profiling

  20. In relation to the Person, actions can be taken consisting of automated decision making, including profiling to provide services under the concluded contract and for the purpose of conducting direct marketing by the Administrator. They do not have legal effects and are not based on specific category data.

  21. The right of complaint

  22. The person has the right to lodge a complaint to the Inspectory body, which is the President of the Office for Personal Data Protection, if he / she considers that his / her personal data is processed contrary to applicable law.

3. Selected methods of data protection.

  1. The operator applies various types of protective mechanisms to personal data, in particular:
    • protection against unauthorized access
    • protection against data loss
  2. Users' passwords are not stored in the database in an open manner or encrypted in a reversible way.
  3. The places of login and entering personal data are protected at the transmission layer (SSL certificate).
  4. The operator applies measures to protect against data loss (eg disk arrays, regular backups).
  5. The operator applies adequate protection measures for the processing sites in case of fire (eg special fire extinguishing systems).
  6. The operator applies adequate measures to protect the processing systems in the event of a sudden power failure (eg dual power lines, aggregates, UPS voltage backup systems).
  7. The operator applies means of physical protection of access to data processing sites (eg access control, monitoring).
  8. The operator applies measures to ensure appropriate environmental conditions for servers as part of the data processing system (eg environmental conditions control, specialized air conditioning systems).
  9. The operator applies organizational solutions to ensure the highest possible level of protection and confidentiality (training, internal regulations, password policies, etc.)
  10. The operator has appointed the Data Protection Inspector.

4. Information in forms.

  1. The website collects information provided voluntarily by the user, including personal data, if they are provided.
  2. The website can save information about the connection parameters (time stamp, IP address).
  3. The website, in some cases, may save information facilitating the linking of data in the form with the user's e-mail address filling out the form. In this case, the user's email address appears inside the url of the page containing the form.
  4. The data provided in the form are processed for the purpose resulting from the function of a specific form, eg in order to process the service request or commercial contact, registration services, etc. Each time, the context and description of the form clearly informs what it is used for.

5. Logs.

  1. Information about some of the users' behaviors is subject to logging in. These data are used to administer the website and to ensure the most efficient service of the hosting services provided.
  2. The subscription may be subject to:
    1. resources specified by URL identifier (addresses of requested resources - pages, files),
    2. the time of the question,
    3. time of sending a response,
    4. name of the client station - identification performed by the HTTP protocol,
    5. information about errors that occurred during the execution of the HTTP transaction,
    6. URL address of the page previously visited by the user (referrer link) - in the case when the website was accessed via a link,
    7. information about the user's browser,
    8. information about the IP address,
    9. diagnostic information related to the process of self-ordering services by recorders on the website,
    10. information related to e-mail support if the user uses the postal service provided by the Operator.

6. Information about cookies.

  1. The website uses cookies.
  2. Cookies are IT data, in particular text files, which are stored on the Website User's end device and are intended for using the Website's websites. Cookies usually contain the name of the website from which they originate, their storage time on the end device and a unique number.
  3. The entity that places cookies on the Website User's terminal device and gains access to them is the Website operator.
  4. Cookies are used for the following purposes:
    1. creating statistics that help to understand how Website Users use websites, which allows improving their structure and content;
    2. maintaining the Website User's session (after logging in), thanks to which the User does not have to re-enter their login and password on every subpage of the Website;
    3. preserve information about service commands for the refference program;
    4. determining the user's profile in order to display him tailored materials in advertising networks, in particular the Google network.
  5. The Website uses two basic types of cookies: "session" and "persistent" cookies. Session cookies are temporary files that are stored on the User's end device until logging out, leaving the website or turning off the software (web browser). Persistent cookies are stored in the User's device for the time specified in the cookie file parameters or until they are deleted by the User.
  6. Software for browsing websites (web browser) usually allows cookies to be stored in the User's device by default. Website Users can change the settings in this area. The web browser allows deletion of cookies. It is also possible to automatically block cookies. Detailed information on this subject is provided in the help or documentation of the web browser.
  7. Restrictions on the use of cookies may affect some of the functionalities available on the Website.
  8. Cookies placed on the Website User's end device may also be used by entities cooperating with the Website operator, in particular for companies: Google (Google Inc. with its registered office in the USA), Facebook (Facebook Inc. with its registered office in the US), Twitter (Twitter Inc. based in the USA).
  9. The operator uses the Google Analytics service to analyze website traffic
  10. The operator uses remarketing, i.e. activities that allow advertising networks to display advertising messages tailored to their behavior on the Website. The technological condition of such activities is the use of cookies.
  11. In terms of information about user preferences collected by the Google advertising network, the user can view and edit information resulting from cookies using the tool: https://www.google.com/ads/preferences/

7. Managing cookie files - how to express and withdraw consent in practice?

  1. If the user does not want to receive cookies, he can change the browser settings. We reserve that disabling cookies necessary for authentication processes, security, maintaining user preferences may be difficult, and in extreme cases it may prevent the use of websites
  2. In order to manage cookies settings, select from the list below the web browser you use and follow the instructions:

    Mobile devices: