Privacy policy
WHAT DOES THIS POLICY DESCRIBE?
This Privacy Policy (” Policy “) contains information on the processing of personal data by Migam SA based in Warsaw (” Migam “, ” Administrator “, ” we “), and in particular specifies the types of personal data that Migam collects, explains in how and why Migam collects and uses individual personal data, explains when and why Migam will share personal data with other entities, and presents the rights and possibilities of data subjects regarding the processing of their personal data.
The policy applies if you are:
a user of the website migam.ai (“ Website User ”);
user of contact forms available on the website migam.ai ;
the recipient of the Free Panel service or a third party contacted by Migam at the request of a deaf or hard of hearing person;
a Migam client, i.e. a natural person with whom Migam has concluded an agreement for the provision of the Migam Translator service (” Client “) or a representative of any of Migam’s clients (” Client Representative “);
a natural person interested in Migam’s offer in the scope of services provided and contacting Migam in order to obtain information or establish cooperation (” Potential Customer “) or a person representing or acting on behalf of an entity interested in the services provided by Migam (” Potential Customer Representative “);
supplier, i.e. a person supplying specific goods or services to Migam (” Supplier “) or a person representing or acting on behalf of any of Migam’s suppliers (” Supplier Representative “);
a job candidate , i.e. a person taking part in the recruitment processes conducted by Migam and providing Migam with his/her personal data for this purpose (” Job Candidate “);
the recipient of Migam’s marketing activities, i.e. the recipient of e-mailing, newsletter or other form of marketing conducted by Migam (” Marketing Recipient “).
We process your personal data in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ( general data protection regulation – ” GDPR “).
WHO IS THE ADMINISTRATOR OF YOUR PERSONAL DATA AND HOW CAN YOU CONTACT US?
The administrator of your personal data is Migam SA with its registered office in Warsaw at the following address: ul. Józefa Hauke-Bosaka No. 16A, 01-540 Warsaw, entered into the register of entrepreneurs kept by the District Court for the Capital City of Warsaw. Warsaw in Warsaw, 14th Commercial Division of the National Court Register under KRS number: 0000983987, NIP: 9512387159, REGON: 360614795, with share capital of PLN 253,918.00, fully paid up.
In matters related to the processing of your personal data, you can contact the Administrator by correspondence, at the address of the Administrator’s registered office or by e-mail: iod@migam.org .
WHAT PERSONAL DATA DO WE PROCESS, FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS?
Due to the fact that we process personal data for various purposes, to various extents and on various legal bases specified in the GDPR, in order to provide you with the most transparent information possible, we have grouped them by referring to the purpose of personal data processing.
Use of the Website and its functionalities
Personal data of Website Users (including the IP address or other identifiers and information collected via cookies) are processed by the Administrator:
in order to enable the Administrator to provide electronic services via the Website to the extent that the Administrator makes available to the Website Users the content or functionalities contained in the Website (Article 6(1)(b) of the GDPR);
for analytical and statistical purposes, when processing is necessary to implement the legitimate interest of the Administrator consisting in analyzing the activity of Website Users, as well as their preferences, in order to improve the functionalities and services provided, improve the functionality of the Website and its maintenance (Article 6(1) letter f GDPR);
for the purpose of establishing, pursuing or defending against claims, i.e. when processing is necessary to implement the Administrator’s legitimate interest in protecting his rights (Article 6(1)(f) of the GDPR).
The Website User’s activities, including his or her personal data, are recorded in system logs. The information collected in this way is processed by the Administrator primarily for purposes related to the provision of services and functionality within the Website. The administrator also processes this data for technical and administrative purposes, to ensure the security of the IT system and its management, as well as for analytical and statistical purposes, which constitutes the implementation of its legitimate interest (Article 6(1)(f) of the GDPR).
Using contact forms available on the Website
The Administrator provides electronic contact forms on the Website, through which the Website User can contact the Administrator on a selected matter, report an error in the operation of the Website or propose a change to it. Using the contact form requires providing basic personal data necessary to contact the Website User and answer the question or consider the application. The user may additionally provide any data if he/she believes that it will improve contact or handling of the request. Providing Personal Data marked as mandatory is required to accept and handle the inquiry, and failure to provide it results in the inability to process it. Providing other data is voluntary, and if they are provided, the Administrator assumes that the Website User has consented to their processing.
Personal data collected via forms are processed by the Administrator:
based on the legitimate interest of the Administrator, i.e. in order to contact you and handle the notification sent via the contact form (Article 6(1)(f) of the GDPR);
for analytical and statistical purposes, which is necessary to implement the legitimate interest of the Administrator, consisting in maintaining statistics of inquiries submitted by Users via the Website in order to improve its functionality, as well as its products and services (Article 6(1)(f) of the GDPR) ;
based on your consent, in the case of providing personal data that is not necessary to establish contact or handle the request sent via the contact form (Article 6(1)(a) of the GDPR).
Using the Free Panel service
The Administrator provides access to the so-called service via the Website. “Free Panel”. The service is dedicated to deaf and hard of hearing people who, as part of the Free Panel, can connect free of charge to a sign language interpreter provided by the Administrator and use him to deal with any matters of everyday life. Using the Free Panel service requires the Administrator to process personal data of persons contacting the translator using the service (” Deaf Person “), to the extent provided by these persons (including image) and personal data of third parties with whom the translator contacts at the request of a Deaf Person (“ Interlocutor ”), to the extent provided by these persons (including voice).
Personal data of Deaf People are processed by the Administrator:
in order to enable him to provide the Free Panel service via the Website (Article 6(1)(b) of the GDPR);
in the case of special category personal data, including personal data regarding a hearing defect (health condition) – based on the express consent of the Deaf Person (Article 9(2)(a) of the GDPR).
The personal data of the Callers are processed by the Administrator for purposes arising from the legitimate interests pursued by the Administrator, such as providing the Free Panel service at the request of a Deaf Person and enabling him to contact the Caller (Article 6(1)(f) of the GDPR).
Execution of a paid contract for the provision of the Migam Translator service
The Administrator provides its Customers with a paid Migam Translator service, which consists in the Administrator enabling Customers to remotely access and use the services of sign language interpreters. As part of the provision of the service, the Administrator processes personal data of Customers with whom he has concluded a binding cooperation agreement and their representatives. The processed personal data may include in particular data such as: name, surname, name and address of the business activity, correspondence address, NIP (Tax Identification Number), REGON (REGON) number, bank account number, position/function, e-mail address, telephone number, as well as information regarding the contract between the Customer and the Administrator and the conditions of its implementation. It may happen that the personal data of the Client or his representative will come from publicly available sources, such as the National Court Register.
The Administrator processes Customers’ personal data:
in order to conclude and perform the contract concluded with the Client for the provision of the Migam Translator service (Article 6(1)(b) of the GDPR);
in order to fulfill the legal obligations of the Administrator resulting from legal provisions, e.g. tax regulations (Article 6(1)(c) of the GDPR);
for purposes arising from the legitimate interests pursued by the Administrator, such as maintaining business relations, ongoing contact, conducting marketing activities, establishing or pursuing possible claims or defending against such claims (Article 6(1)(f) of the GDPR).
Personal data of Customer Representatives are processed by the Administrator for purposes arising from legally justified interests pursued by the Administrator, such as taking actions necessary before concluding a contract with the Customer, concluding and implementing the concluded contract for the provision of the Migam Translator service, ongoing contact and maintaining business relations, conducting activities marketing, establishing or pursuing possible claims or defending against such claims (Article 6(1)(f) of the GDPR).
Establishing cooperation with Migam
If you are interested in Migam’s offer in the scope of services provided and contact Migam in order to obtain information or establish cooperation (on behalf of yourself or the entity you represent), the Administrator may collect and process your personal data obtained during telephone conversations, e-mail correspondence -mail and meetings. This may include, in particular, data such as: name and surname, name of the business activity, contact details, information regarding the demand for services provided by Migam and other data – if you voluntarily decided to provide them to us. Your data may also come from publicly available sources, such as the National Court Register.
The Administrator processes personal data of Potential Customers:
for purposes arising from legally justified interests pursued by the Administrator, such as presenting the offer at the express request of the interested person, ongoing contact in connection with the offer, maintaining relationships, determining or pursuing possible claims or defending against such claims (Article 6(1)(a) f GDPR);
in order to take actions at the request of the Potential Customer, necessary before concluding a contract for the provision of services (Article 6(1)(b) of the GDPR).
Personal data of Potential Customer Representatives are processed by the Administrator for purposes arising from legally justified interests pursued by the Administrator, such as presenting Migam’s offer, ongoing contact in connection with the offer, maintaining relationships, taking actions necessary before concluding a contract with the Customer, determining or pursuing possible claims. or defense against such claims (Article 6(1)(f) of the GDPR).
Supplying us with services and goods
The Administrator processes personal data of its Suppliers and their representatives. The processed personal data may include in particular data such as: name, surname, name and address of the business activity, correspondence address, NIP (Tax Identification Number), REGON (REGON) number, bank account number, position/function, e-mail address, telephone number, as well as information regarding the contract between the Supplier and the Administrator. It may happen that the personal data of the Supplier or its representative will come from publicly available sources, such as the National Court Register.
Suppliers’ personal data are processed by the Administrator:
in order to conclude and perform the contract (Article 6(1)(b) of the GDPR);
in order to fulfill the legal obligations of the Administrator resulting from legal provisions, e.g. tax regulations (Article 6(1)(c) of the GDPR);
for purposes arising from legitimate interests pursued by the Administrator, such as maintaining business relations, ongoing contact, determining or pursuing possible claims or defending against such claims (Article 6(1)(f) of the GDPR).
The personal data of the Suppliers’ Representatives are processed by the Administrator for purposes arising from legally justified interests pursued by the Administrator, such as taking actions necessary before concluding a contract with the Supplier, concluding and implementing the contract concluded with the Supplier, ongoing contact and maintaining business relations, determining or pursuing possible claims. or defense against such claims (Article 6(1)(f) of the GDPR).
Recruitment
If you apply for a job at Migam, the Administrator collects information obtained from you during the recruitment process. This will be in particular personal data contained in the application documents sent by you or provided by you during telephone conversations, e-mail correspondence and recruitment meetings.
The processing of personal data of Job Candidates by the Administrator takes place:
in order to fulfill the legal obligations of the Administrator resulting from legal provisions, including labor law provisions (Article 6(1)(c) of the GDPR);
based on the consent of the Job Candidate, in the event of providing personal data to the extent beyond that indicated in the provisions of law, including labor law provisions and for the purposes of future recruitment processes – provided that the Job Candidate has expressed his consent (Article 6(1)(a) .a, Article 9(2)(a) of the GDPR);
for purposes arising from legitimate interests pursued by the Administrator, such as determining or pursuing possible claims or defending against such claims (Article 6(1)(f) of the GDPR).
Marketing our products and services
The Administrator may conduct marketing activities aimed at acquiring new Customers, strengthening relationships with Customers and strengthening the Migam brand and image. These activities may include, in particular, sending marketing e-mails, sending a newsletter or other content ordered by the Website User, as well as telephone contact.
The processing of personal data by the Administrator for marketing purposes takes place:
based on the consent granted by the Marketing Recipient, provided that in a given case it is a valid and effective basis for the processing of personal data (Article 6(1)(a) of the GDPR). Consents are most often obtained via forms or dedicated checkboxes posted by the Administrator on the Website or in another effective way, including oral form. The administrator will need your consent, among others: for sending the newsletter or other content ordered from the Administrator;
based on our legitimate interests related to conducting direct marketing, provided that there is a significant and appropriate type of relationship between the Administrator and the Marketing Recipient, e.g. when the Marketing Recipient is a Client of the Administrator or acts on his behalf (Article 6(1)(a) f GDPR).
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
When necessary to achieve the purposes for which we process your personal data, we may transfer it:
entities authorized to receive data under the law;
entities processing your personal data on our behalf (e.g. providers of ICT systems and solutions, service providers);
other entities to which you have agreed to share your personal data with them or to which the transfer of your personal data takes place on another valid legal basis for processing.
In each case of providing or entrusting the processing of your personal data, we will ensure that only the minimum information necessary to achieve the purposes of processing is provided.
Your personal data will not be transferred outside the European Economic Area (EEA).
If your data is to be transferred outside the EEA, we will ensure that cooperation with such entities is based on an appropriate legal basis and that they ensure appropriate protection standards.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
The period of personal data processing by the Administrator depends primarily on the purpose for which your data is processed. As a rule, the Administrator processes data for as long as it is necessary to achieve the purpose for which the data was collected.
If you are a recipient of the Free Panel service or a third party contacted by Migam at the request of a Deaf Person, we will process your personal data only for the duration of the service. Your personal data will not be subject to any form of recording.
If you are a Customer or Supplier of Migam or you represent/act on behalf of one of these entities, we will process your personal data for the duration of the contract concluded with you or the entity you represent or for the period of validity of your data. After this period, we store your data to the extent necessary for the time required by applicable legal requirements (e.g. the obligation to store financial documentation for 5 years). In justified cases, we will store your personal data for as long as it is necessary to pursue our legitimate interests.
If you are a Potential Migam Customer or its Representative, we will store your personal data for as long as it is necessary to achieve the purpose for which the data was provided to us, but no longer than until you object to the processing of personal data for this purpose.
If you are a Job Candidate, we will process your personal data until the recruitment process in which you have registered is completed. If you have consented to the processing of your personal data for future recruitment purposes, your personal data will be stored for a period of two years from the moment of collection. If you decide to withdraw your consent, your personal data will be stored for as long as possible until it is withdrawn. In justified cases, we will store personal data for as long as it is necessary to pursue our legitimate interests.
If you are a Recipient of Migam Marketing Activities, your personal data will be processed for as long as it is useful to achieve Migam’s marketing purposes, but no longer than until you withdraw your consent (if it constitutes a valid and effective basis for the processing of your data) or an effective object to the processing of your personal data for these purposes.
After the processing period has expired, the data is irreversibly deleted or anonymized by the Administrator.
WHAT RIGHTS DO YOU HAVE?
In connection with the processing of your personal data, you have the following rights towards the Administrator:
The right to withdraw consent
If we process your personal data on the basis of your consent, you can withdraw this consent at any time. Withdrawal of consent takes effect from the moment of withdrawal. Withdrawal of consent does not affect the lawfulness of the processing we carried out on its basis until its withdrawal.
Withdrawing your consent does not result in any negative consequences for you, but it may prevent you from further using the services or functionalities offered by the Administrator, which, according to the law, we can only provide with your consent (e.g. sending a newsletter).
The right to access data
You have the right to obtain from us confirmation whether we process personal data concerning you, and if so, you are entitled to access it and information about the purposes of data processing, categories of data processed, recipients or categories of recipients of data, planned period data storage or criteria for its determination, the right to request from the Administrator rectification, deletion or limitation of data processing and to object to such processing, the right to lodge a complaint with the supervisory authority, the source of data (if they do not come from you) and automated processing decisions, including profiling. You also have the right to obtain a copy of your personal data.
If your personal data is transferred to a third country or international organization, you also have the right to be informed about the appropriate safeguards referred to in Art. 46 GDPR, related to the transfer.
The right to transfer data
You have the right to receive from the Administrator your personal data that you have provided to him and to send this data to another selected administrator, provided that the processing of your personal data by the Administrator is based on your consent (Article 6(1)(a) or Article 9(2)(a) of the GDPR) or on the basis of a contract (Article 6(1)(b) of the GDPR) and the processing is carried out in an automated manner.
If technically possible, you also have the right to request that your personal data be sent by the Administrator directly to another administrator.
The right to rectify data
You have the right to request that the Administrator immediately correct any incorrect personal data concerning you and complete any incomplete data.
Right to object
You have the right to object at any time – for reasons related to your particular situation – to the processing of your personal data, provided that we process it on the basis of our legitimate interest (Article 6(1)(f) of the GDPR). In such a case, the Administrator will no longer be able to process this data, unless he demonstrates the existence of valid legally justified grounds for processing, overriding your interests, rights and freedoms or grounds for establishing, pursuing or defending claims.
If the Administrator processes your personal data for the purposes of direct marketing, you have the right to object at any time to the processing of your personal data for the purposes of such marketing. If you object to the processing of your personal data for direct marketing purposes, the Administrator will not be entitled to further process your personal data for such purposes.
The right to delete data (“right to be forgotten”)
You have the right to request the Administrator to immediately delete your personal data if:
Your personal data is no longer necessary for the purposes for which the data was collected or otherwise processed,
you have withdrawn your consent to the processing of your personal data and the Administrator has no other legal basis for their processing,
you have objected to the Administrator’s data processing and there are no overriding legitimate grounds for processing,
you have objected to the Administrator to the processing of your personal data for direct marketing purposes,
Your personal data is processed unlawfully,
Your personal data must be deleted in order to comply with the legal obligation.
The right to delete personal data is not absolute and will not apply in the cases specified in Art. 17 section 3 GDPR (e.g. to the extent that data processing is necessary to establish, pursue or defend claims).
The right to restrict processing
You have the right to request that the Administrator restrict the processing of your personal data if:
you question the accuracy of your personal data – for a period enabling the Administrator to check the accuracy of this data,
the processing of personal data by the Administrator is unlawful and you object to the deletion of personal data, requesting instead to limit their use,
The administrator no longer needs your personal data for processing purposes, but you need them to establish, pursue or defend claims,
you have objected to the processing of your data – until it is determined whether the legally justified grounds on the part of the Administrator override the grounds for your objection.
The right to lodge a complaint with the supervisory authority
In any case in which you believe that our processing of personal data violates the provisions of the GDPR, you have the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection.
How can I submit my request?
In order to exercise the above rights, please contact us by mail or at the e-mail address indicated in point 2 of the Policy.
How long will it take for us to fulfill your request?
The Administrator will provide you with information about the actions taken in connection with your request regarding your rights, without undue delay, and no later than within 1 month of receiving the request. Due to the complexity of the request or the number of requests, the Administrator may extend this deadline by another two months, of which you will be informed in advance.
DO YOU HAVE TO PROVIDE US WITH YOUR DATA AND WHERE WE GET IT IF IT DOESN’T COME FROM YOU?
Providing your personal data is generally voluntary, but remember that refusing to provide it may prevent us from achieving the purposes for which the data is collected, e.g.:
prevent participation in recruitment processes conducted by the Administrator;
make it impossible or significantly more difficult to contact you or provide you with the offer you are requesting;
prevent the conclusion or implementation of the contract concluded with you.
If you are a Customer Representative, Potential Customer Representative or Supplier Representative and you have not provided us with your personal data, it probably comes from the entity you represent. Your personal data may also come from publicly available sources, such as the National Court Register.
HOW DO WE KEEP YOUR DATA SECURE?
The Administrator monitors the risks related to the processing of your personal data on an ongoing basis in order to ensure that personal data are processed safely, protected by adequate security measures, ensuring that only authorized persons have access to the data and only to the extent necessary. necessary due to the tasks they perform. The Administrator also ensures that its subcontractors and other entities processing data on its behalf guarantee the use of appropriate security measures and provide an appropriate guarantee of data security.
POLICY CHANGES
The policy is verified on an ongoing basis and updated, if necessary. The current version of the Policy has been adopted and is valid from March 28, 2022.