This document deals with the processing and protection of personal data of the Users in connection to their use of the service: https://www.mikado.pl/ (hereinafter: Abramis Portal), owned by Abramis Sp. z o.o. ul. Łąkowa 52 a, 05-092 Łomianki, NIP 1180014612. (Administrator)

Abramis Sp. z o.o. respects the privacy rights of Users of the Abramis Portal. In particular, it shall ensure that their personal data is protected and appropriate organizational and technical arrangements are in place to prevent third parties from interfering with the privacy of users. Our actions are designed to ensure that the Users are and feel fully safe at the level appropriate to the applicable law, including:

1. Regulation (EC) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: RODO);
2. The Law of 10 may 2018 on the protection of personal data;
3. The Law of 18 July 2002 on the provision of services through the electronic means;
4. The Law of 16 July 2004 Telecommunications Law Act.

Use of Abramis Portal is executed through a safe SSL protocol, which significantly increases the protection of data transmission over the Internet.

Please note that Abramis Portal may provide external links to allow its Users to access other websites directly or, when using Abramis Portal, you may also have additional Cookie files from third parties, in particular from suppliers such as: Facebook, Instagram, YouTube in order to enable you to take advantage of the functionality of Abramis Portal that is integrated with these services.

Each provider (Facebook, Instagram, YouTube) sets out the Cookies rules in its privacy policy and therefore we do not have any impact on the privacy policy of these providers and the use of Cookies by these services.

For safety reasons, we recommend that User should review the Privacy and use of Cookies Policy, if shared, before using resources offered by other websites or services. If they were not made available, we recommend the User to contact the website or the service administrator for further information in that area.

Glossary:

• Cookie – it is a small piece of information that the server stores on your computer, which the server can read when it reconnects to this computer.
• System log – this is the information that a User’s computer transmits to the server each time it connects, it can contain different data (e.g. IP number), which can be used to determine more or less precisely where the location of the initial connection,
• IP address – an individual number that any computer connected to the Internet typically has, an IP number can be permanently associated with a computer (static) or assigned to it for a given connection (dynamic),
• SSL – a special standard for transmitting data over the Internet, where the transmission is encoded, unlike ordinary transmission, where the transmission is carried out in open text.

In accordance with the GDPR regulation, we will inform you that:

1. Administrator and Data Protection Officer
   • The Administrator of your personal data is Abramis Sp. z o.o. represented by the Management Board of the Company (hereinafter: Administrator).
   • The Administrator appointed the Data Protection Officer, Mr Dariusz Piesio.
   • In matters related to the processing of your personal data, you can contact the Administrator and the Data Protection Officer by mail, by addressing your letter to: Abramis Sp. z o.o. ul. Łąkowa 52a, 05-092 Łomianki or by means of a contact form: https://www.mikado.pl .
   • Information clause concerning the processing of personal data by Abramis Sp. z o.o. is available on the website of Abramis in the “Downloads” folder: https://mikado.pl/wp-content/uploads/2022/04/Clause-on-Personal-Data-Processing-by-Abramis-Sp.-z-o.o..pdf

1. Data Gathering

We store HTTP requests submitted to the server by the Users using the Abramis Portal. The resources browsed are identified by URLs and are related to:

• the public IP address of the end device that the request was submitted from;
• the name of the User’s station – identification is made through the http protocol as long as it is possible;
• the name of the User shared during the authentication process;
• timestamp of the submitted request;
• first line of the http request;
• response code of the http;
• amount of data sent through the server;
• URL address of the website previously visited by the User – in case when the Portal has been accessed through an external link;
• information about the User’s browser;
• information about any errors that occurred during the http transaction processing;

The abovementioned data are not connected to any specific persons that are browsing the Abramis Portal.

The Abramis Portal does not automatically collect any information apart from those necessary to maintain a proper functionality of the Portal, that are included in Cookie files.

Data gathered in such way are used i.a. in order to:

• manage the Abramis Portal;
• personalise our website to your preferences;
• enable use of services offered through our Portal;
• identify potential safety hazards;
• process requests and complaints submitted by you or related to you, connected to our Portal;
• distribute business-related communication;
• distribute e-mail notifications requested by you;
• distribute the newsletter if you subscribed to it (at any moment you can inform us that you are no longer interested in receiving newsletter anymore);
• assure a proper level of protection of our website and to prevent any potential frauds;
• verify compliance with terms and conditions of use of our Portal (that includes monitoring of private communication sent through our private communication service);

The User of the Abramis Portal may be requested to provide additional data, such as:

• first and last name
• e-mail address
• body of the contact message

Provision of the abovementioned data is voluntary yet lack of it will limit functionality of the Abramis Portal in scope of services that require the use of it (e.g., responding to submitted queries)

• To use the newsletter functionality of the Abramis Portal, that requires voluntary consent to receive messages from the User. Consent is voluntary. I may withdraw my consent at any time and the withdrawal of consent shall not affect the lawfulness of the processing which was authorized prior to its withdrawal. To withdraw your consent to the “newsletter”, please send us your information on this matter through the contact form: https://www.mikado.pl/kontakt/ .

Third-party websites

Our Abramis Portal provides hyperlinks to and details of third-party websites. We have no control and are not responsible for the privacy policy and practices of any third parties.

• Personal Data Processing

The user data collected through the Abramis Portal may be used to respond to the User’s inquiries submitted via the contact form, to make a service reservation, to share commercial information, or to distribute newsletter.

Personal data collected through forms that User expressed consent to, are processed for the purpose and time necessary to process the query properly. The details shall be specified in the relevant clauses under the specific forms.

The basis for the processing of personal data

All the basis of data processing by the Administrator are contained in the information Clause available at the Abramis Portal in the “Download” folder: https://mikado.pl/pliki-do-pobrania/. We shall process personal data in accordance with the Privacy Policy and with Article 6(1)(a), (b), (c) and (f) of the GDPR.

Gathering of the Personal Data

The following types of the personal data may be gathered, stored and used:

• PC data, including the IP address, geolocation, type and version of the browser and the operating system;
• data about your visits and use of this website, including source of links, duration of the visit, particular websites viewing and your navigation path within the Portal;
• information such as e-mail address that you provide when registering to our Portal;
• information provided during creation of you profile at our Portal
• information such as your first and last name and e-mail address that you provide voluntarily in particular purpose: e.g., in the contact form, newsletter;
• information submitted while using services on our Portal;
• Information that are generated while using our Portal, including when, how often and in what circumstances you are using it;
• Information related to all the items you purchase, services that you use or transactions that you make through our Portal, including first name, last name, address, phone number and e-mail address;
• Information included in all sorts of correspondence sent to us via e-mail or through our Portal, including the messages and metadata;
• all other sorts of personal data that you submit to us voluntarily.

User’s Rights

In relation to his/her data processing, User has a right to:

• access the data;
• rectify the data;
• remove or restrict processing, without affecting the processing carried out by the Administrator before the revocation of the consent or limitation of the processing objectives;
• lodge a complaint with the supervisory authority of the protection of personal data, the President of the Data Protection Office, where the processing of personal data of a User would be incompatible with the applicable law;

Update of the personal data

We kindly request you to inform us, should the data that we possess require correction or an update.

Transfer of personal data to third parties

We will not transfer User’s personal information to third parties or any other related third parties for direct marketing purposes without User’s explicit consent. The personal data collected shall not be transferred to international organizations or to any third countries. Personal data may be processed by other entities in accordance with European Union or national law.

Sharing, entrusting personal data

We may share or entrust your personal information:

• to the extent required by law;
• in connection with potential legal proceedings;
• to establish, enforce or defend our rights (including sharing information with others to prevent fraud);
• to the extent necessary to carry out Our business and to provide services,

Personal Data Safety

• We will undertake all technically and organizationally reasonable measures and precautions to prevent the loss, misuse or alteration of your personal data.
• We will keep all personal information you provide on our secure servers (password and firewall protected) for the period of time necessary for their processing.
• All information you provide through our websites is protected by encryption technology.
• The User acknowledge that transmitting information over the Internet, despite being protected by encryption technology, can be potentially dangerous.

Retention of data

The data shall be processed for the period necessary for their processing, including, in period in accordance with the legitimate interest of the Administrator or required by the law. If the processing of data is based on consent, the data will be processed until the consent to process the data is withdrawn, revoked.

1. Use of Cookie files

Abramis Portal, pursuant to Article 173 of the Act of 16 July 2004, Telecommunications Law, uses Cookie files which constitute information, in particular text files, which are stored in the User’s end device. Cookie files typically contain the name of the website they come from, the time period for which they are stored on the end device, and a unique number.

Cookie files are used in order to:

• facilitate User’s experience while using the Abramis Portal;
• recognize the user if Abramis Portal is re-connected to the device on which they were saved;
• customize Abramis Portal content to User’s specific preferences and optimize User’s use of websites tailored to User’s needs.

Abramis Portal uses the following types of Cookies:

• “session” – stored in the User’s end device until you log out, leave the web page, or turn off the web browser;
• “permanent” – stored in the end device of the User for a period specified in the Cookies parameters or until the user deletes them;
• “indispensable” – to enable the use of the services available through Abramis;
• “functional” – to remember user-selected settings and customize the user interface;
• “own” – posted by Abramis Portal;
• “external” – coming from a website external to Abramis Portal;

Information is not anyhow connected with User’s personal data on Abramis Portal and is not used to identify the User. The amount of information that is collected automatically depends on User’s browser settings. User should check the browser settings to see what information the browser shares automatically or in order to change these settings. To do so, we recommend that you read the “Help” section of your web browser.

Storage and accepting conditions of Cookies can be achieved by configuration of the settings in the web browsers, for example:

• In Internet Explorer
• In Microsoft Edge
• In Mozilla Firefox
• In Chrome
• In Opera
• In Safari

Web browsing software i.e., a web browser, usually allows cookies to be stored on your end device by default. Users of Abramis Portal can make changes to this setting.

Web browser allows to remove Cookie files. It is also possible to automatically block Cookies. Detailed information about this action can be acquired through the help section of the browser or in documentation of the browser used by the User. If the User is not willing to accept Cookies, an adequate action should be taken through a change of Cookies settings of the User’s browser. However, disabling consent to Cookies files necessary for authentication, security, or maintaining user preferences may make it difficult and, in extreme cases, impossible to use the Abramis Portal.

1. Privacy Policy updates

This Policy may be updated periodically through upload of a new version to our website. Please check this website of the Abramis Portal periodically to make sure you understand all changes to this Policy.