Privacy Policy

Last modified: 8 Jan 2024

Scrum Dragon cares about privacy and ensures the security of Personal Data collected by Scrum Dragon or provided to Scrum Dragon by the users of the “Website”, as the case may be. Rules for Personal Data processing are laid down in this Privacy Policy.

This Privacy Policy is to inform you of:
● the Personal Data Controller;
● types of Personal Data processed;
● purposes and legal basis for Personal Data processing;
● measures adopted to protect your Personal Data;
● Personal Data recipients;
● rights available to the Users;
● transfer of your Personal Data to third parties and place of processing;
● updates of this Privacy Policy.

Your Personal Data are always processed in conformity with the applicable laws, including in particular under the Regulation of the European Parliament and the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”).
Your Personal Data may be also processed in Cookies, in line with rules laid down in the Cookies Policy, which constitutes an integral part of this Privacy Policy.

Who is the Personal Data Controller?
The Controller of your Personal Data is Agnieszka Topczewska-Pińczuk, address: Nowogródzka 4, 15-490 Białystok, Poland ("Scrum Dragon"). The "Controller", “we” or “us”, depending on the context.
You may contact the Controller at: a.m.topczewska[@]gmail. com. or otherwise as preferred, including verbally and in writing at the Controller's registered address.

What types of Personal Data may be processed?
Personal Data is information related to an identified or identifiable natural person (the “Personal Data”). Depending on the purpose, the Controller may collect, by itself or through third parties, the following Personal Data:
a) email address and message content;
b) first name, email address, and message content;
c) first name, last name, address, country of origin;
d) personal data contained in Cookies, as defined in the Cookie Policy.
Providing personal data is voluntary. However, failure to provide Personal Data may result in the inability to use given functionalities of the Website, access to certain content, or in the Controller’s inability to provide services, depending on the context.

What are the purposes, legal basis, and for how long your Personal Data are processed?
Your Personal Data are processed by the Controller for the purposes, under a legal basis and during the retention period indicated in the table below.

Purpose: period to communicate with you, in particular, to provide the message or query to the Controller upon your demand and receive the reply from the Controller
Legal basis: Controller's legitimate interests in communicating with the User who requests the Controller to provide an answer (Article 6.1 (f) of the GDPR)
Retention: until prescription periods for claims under the applicable law expire

Purpose: to provide you with the marketing or commercial information, distribute the Newsletter
Legal basis: voluntary consent of the User to receive solicited commercial information, e.g. Newsletter, offers (Art. 6.1 (a) of the GDPR), or Controller's legitimate interests in carrying out direct marketing activities (Art. 6.1 (f) of the GDPR)
Retention: until an effective objection is raised, the purpose of the processing expires, or the consent is withdrawn

Purpose: to determine, pursue and defend possible claims
Legal basis: Controller's legitimate interests in taking actions aimed at protecting its rights in proceedings before the courts or other state authorities (Article 6.1 (f) of the GDPR),
Retention: until prescription periods for claims under the applicable law expire

Purpose: to ensure the proper functioning of the Website and to improve our operations, systems, products or services
Legal basis: Controller's legitimate interests in conducting analyses and statistics on the use of particular functionalities of the Website (e.g. Google Analytics cookies, Facebook Pixel) (Article 6.1 (f) of the GDPR)
Retention: until an effective objection is raised or the purpose of the processing is achieved

What measures are taken to protect your Personal Data?
The Controller protects your Personal Data against unauthorized access, disclosure, change or destruction. I
n particular, the Controller uses anti-virus software and firewalls. Your Personal Data may be accessed exclusively by authorized individuals bound by confidentiality and by subcontractors that have entered into a Personal Data sub-processing agreement with the Controller and satisfy the security criteria described therein.

What does profiling involve, and are your Personal Data subject to profiling?
Profiling consists of any form of automated processing of Personal Data evaluating the personal aspects relating to a natural person, in particular, to analyze or predict aspects concerning a data subject's work performance, economic situation, health, personal preferences or interests, reliability or behavior, location or movements, where it produces legal effects concerning the data subject or similarly significantly affects the data subject.
We do not carry out any statistical evaluation of your behavior (profiling). In particular, there is no automated decision-making (see Article 22 section 1 in connection with Article 4.4 and Article 6.1 (b) of the GDPR).
If, following the Website's development, your Personal Data are to be profiled, the Controller shall inform you thereof, and profiling shall be carried out under relevant regulations. In case of profiling, the Controller shall implement the appropriate measures safeguarding your rights, freedoms and legitimate interests, including ensuring an option of human intervention at the Controller's side and a possibility to express a personal position and challenge a decision.

What are your rights?
You have the right to access, rectify, and erase your Personal Data, as well as the right to restrict processing and the right to data portability. You may object to the processing of the Personal Data, for instance, if the processing is based on the Controller's legitimate interest or if the Controller profiles your data. If the Personal Data are processed based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing carried out based on the consent given before the withdrawal. To this effect, you may contact the Controller at: a.m.topczewska[@]gmail. com. The Controller shall respond to your request to exercise any of the above rights within 1 (one) month of its receipt.

Can my Personal Data be transferred to any third parties?
Your Personal Data may be transferred to affiliates and partners of the Controller, Controller’s sub-contractors, as well as to a limited number of service providers (processors) that perform processing operations such as hosting services, ticketing, marketing or software tools providers. We may also share your Personal Data with our auditors, attorneys or other advisors bound by the obligation of confidentiality in connection with corporate functions.
These entities process your Personal Data on our instructions only and have implemented appropriate technical and organizational measures to safeguard your Personal Data. Your Personal Data may be accessed exclusively by authorized individuals bound by confidentiality and by subcontractors that have entered into a Personal Data sub-processing agreement with the Controller and satisfy security criteria set forth therein.
We may also disclose your Personal Data to comply with legal requirements, such as in response to a court order. In such an event, we will use all reasonable and lawfully available measures to object to overbroad, unclear or otherwise inappropriate requests for information.
We process your Personal Data on the territory of Poland, European Economic Area (EEA). If your Personal Data are transferred to subsidiaries, partners, service providers or third parties located outside the European Economic Area (EEA) which are not subject to an adequacy decision by the European Commission we will ensure that such recipient offers an adequate level of data protection, for instance by entering into EU Standard Contractual Clauses (SCCs) and implementing additional safeguards in accordance with legal requirements.
In Poland, you may file a complaint about Personal Data processing to the President of the Office for Personal Data Protection.

How do we change the Privacy Policy?
The Controller reviews the Privacy Policy on a regular basis and updates it, as necessary. Any changes to this Privacy Policy shall apply to you when published on the Website. It is strongly recommended to check the Website often, referring to the last modification date. If you object to any of the amendments to the Privacy Policy, please stop using the Website and request the Controller to remove your Personal Data.

*** In case of any doubts, this Privacy Policy shall be read and interpreted in conjunction with the Terms and Conditions of the Website. Any capitalized terms not expressly defined in this Privacy Policy shall have the meaning ascribed to them in the Terms and Conditions. You may request more details concerning the processing of the Personal Data from the Controller at any time and address them to the contact point at the beginning of this document.