In order to operate the Brand Fibres service, Brand Fibres collects and provides various information from the Customer for a variety of business purposes. This policy sets out how Brand Fibres seeks to protect Customer data according to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on General Data Protection Regulation (GDPR). “Customer” means any visitor of our websites, user or tester of our free services or subscribers of our paid services. While we collect more data from those who decide to be more involved with us, all Customers benefit from the same measures that we put in place to protect their data. Being transparent and providing accessible information to Customers about how we will use their data is important for Brand Fibres.
North Gate
Ul. Bonifraterska 17
00-203 Warszawa
email: contact@brandfibres.com
The Data Protection Officer (DPO) is responsible for overseeing data protection strategy and implementation to ensure compliance of Brand Fibres with GDPR requirements. He is also responsible for awareness-raising and training of staff involved in processing operations. He reports directly to Brand Fibres top management.
Any Customer may contact the Data Protection Officer about all issues related to processing of their data and to exert their rights. Data Protection Officer responsibility is to reply to all Customer questions and queries. In order to do so, he maintains a set of formal procedures to handle consultation, modification, consent revocation and erasure of Customer data.
Email: dpo@brandfibres.com
The purposes for which Customer data may be used by Brand Fibres include the following:
Visitors:
Users of paid services:
Brand Fibres processes Customer data fairly and lawfully in accordance with individuals’ rights. This generally means the following:
Brand Fibres does not use any element of collected Customer data to profile its Customers as per GDPR Article 4 (evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements) and does not process sensitive personal data as per GDPR Article 9 (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation).
Brand Fibres conducts regular data protection impact assessments on the Brand Fibres service and ensures that the developments take into account security and data protection aspects. Customers’ data protection settings are set to private by default. Brand Fibres has a set of internal information security policies and procedures such as Access control, Supplier relationships, Incident Management, Business continuity, Disaster Recovery, Human Resources, Risk Management, etc., which are maintained/tested regularly in order to be able to keep the confidentiality, integrity and availability of Customer data. Particularly for IT teams, dedicated security measures are in place like development guidelines, secure development, developer talks, awareness training. The security level of the application is regularly assessed by expert and independent penetration testing. Our production network is firewalled and not reachable by our public blog and website which are not connected through our production network. All our servers are firewalled. Access to our production cluster is restricted to a limited amount of specific employees through SSH with key-based authentication, and from dedicated PCs with restricted Internet access in a separate office VLAN, only used for this specific purpose. Where other organizations process Customer data as a service on Brand Fibres’s behalf, Brand Fibres establishes what, if any, additional specific data security arrangements need to be implemented in contracts with those third party organizations. All Customer specific data and information in Brand Fibres is stored in separate accounts for each Customer. Each Customer has its own access and set of data, completely separated from the other Customers. The database containing all Brand Fibres Service settings (project settings, user settings, collected and processed data) are stored on encrypted hard disk partitions which are mounted by our monitoring system after server start. All Backups are transferred via encrypted channels and backups are automatically deleted after a period of 6 months after contract termination.
Our service is hosted on dedicated servers (servers partial-virtualized and only accessible by us and clients in case of issues) in Poland. The hosting provider is connected to the internet with DDOS protection. Only our hosting provider and its personnel are allowed to physically access the data centers where our servers are stored.
Brand Fibres infrastructure is built so that we can tolerate individual errors with automatic failover. Data is generally saved redundantly. Automated monitoring observes various metrics on our servers and alerts us on critical errors. Brand Fibres services are monitored 24 hours a day with automatic SMS service to developers in case of a fatal error. In case there is no response, a second developer will be contacted as well.
Checks are divided into different categories and services. We check that:
In order to provide the Brand Fibres service to its Customers, Brand Fibres utilizes two subcontractors (processors):
Brand Fibres has Data Processing Agreements in place with its subcontractors according to European data protection legislation:
For the supporting activities, Brand Fibres utilizes the following subcontractors according to their general terms for business use.
More information on the security and data protection aspects of these subcontractors can be found in:
Google:
https://gsuite.google.com/terms/dpa_terms.html
https://gsuite.google.com/intl/en/security/
Nazwa.pl:
https://www.nazwa.pl/fileadmin/nazwa/Regulaminy/Pl_prywatnosci.pdf
3S:
https://panelklienta.3s.pl/policy
Brand Fibres remains fully liable to its Customers for the performance of its subcontractors.
Cookies are small amounts of information that may be stored by Brand Fibres websites on Customer’s devices. Cookies may not allow identification of the party receiving the cookies, unless such party has already provided Brand Fibres with personal information allowing such identification – login or sign up. Brand Fibres use cookies to provide an enhanced support for Customers using Brand Fibres services.
Brand Fibres uses:
Customers may set their browser parameters in order to select the types of cookies they wish to receive or not receive from Brand Fibres.
In the case of a breach of Customer data, Brand Fibres will inform the affected Customer, where feasible, not later than 72 hours after having become aware of it. If the breach includes personal data, Brand Fibres will cooperate with the Customer to assess the need or obligation to inform the data protection supervisory authority of the jurisdiction where the Customer is established. For Customers based in the European Union, Brand Fibres shall report the breach to the Polish data protection authority as per GDPR Article 33.