Security by Design from Software Engineering Perspective

Who is the controller of your personal data?

The controller of your personal data is Piotr Siemieniak UP Secure with registered office in 80-395 Gdańsk, ul. Olsztyńska 3A/31 with EU taxpayer identification number (VAT ID / NIP) PL-582-159-65-68.

What is the legal basis and purpose of the processing?

Your personal data will be processed on the basis of 6(1)(b) of General Data Protection Regulation.

Your personal data will be processed for the purposes of business relationships which include for example:

• Responding to an inquiries
• Presenting our services and offerings (including voice calls, video calls, email communication)
• Preparing contracts for delivery of our services

Data controller will not sell your personal data.

How long we will process your data?

Your personal data will be processed for: * 30 days after a resignation before an event * 5 years (counting from end of current calendar year) after an event has been conducted * 1 year (counting from end of the current calendar year) for the issued issued certificate document * Indefinitely for certificate ID and completion date without any personal data to enable certification validation for the future

Your data may be processed by following categories of recipients, including but not limited to:

• software development and software maintenance providers
• email hosting providers
• external sales and marketing service providers

Your data will not be shared with external entities who would be qualified as separate data controllers to your data without your direct consent unless it is required by law.

Do we intend to transfer data to third countries?

We may transfer your personal data to third countries only under a valid legal basis that includes but is not limited to use of standard data protection clauses, approved codes of conduct, approved certification mechanism or basing on an adequacy decision.

What are your rights related to processing of personal data?

You have the right to lodge a complaint with a supervisory authority.

What are the consequences of failure to provide your personal data?

Failure to provide your personal data or provide a consent for a free subscription to an email newsletter will not have any legal implications. You will not be able to receive an email newsletter without providing your correct personal data.

Who is the controller of your personal data?

The controller of your personal data is Piotr Siemieniak UP Secure with registered office in 80-395 Gdańsk, ul. Olsztyńska 3A/31 with EU taxpayer identification number (VAT ID / NIP) PL-582-159-65-68.

What are cookies?

Cookies are information stored in text form on the user's end device when the user accepts it or configures the browser accordingly. The information stored in cookies may be read by the website on which the user is located at any given time and access to the files of other websites is not possible.

What kind of cookies are used?

Our systems use two categories of cookies:

• Technical (system) cookies necessary for the proper functioning of the website
• Analytical cookies to conduct research on website traffic.

How do I manage cookies?

Cookies are stored for a certain period of time on your end device (permanent files with a storage time from 1 day to 2 years) and temporary files (session files with storage time limited to leaving the website or restarting the web browser).

Information on how to manage cookies can be found at:

• https://support.mozilla.org/pl/kb/usuwanie-ciasteczek
• https://support.google.com/chrome/answer/95647
• https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies

What cookies are used?

Technical cookies:

• csrftoken
• cookieconsent_status

Google Analytics analytics: * _gid * _ga * __cfduid

You can read more about Google Analytics' privacy policy on the following pages:

• https://marketingplatform.google.com/about/analytics/terms/us/
• https://policies.google.com/technologies/partner-sites

Who is the controller of your personal data?

The controller of your personal data is Piotr Siemieniak UP Secure with registered office in 80-395 Gdańsk, ul. Olsztyńska 3A/31 with EU taxpayer identification number (VAT ID / NIP) PL-582-159-65-68.

What is the legal basis and purpose of the processing?

Your personal data will be processed on the on your consent basing on article 6(1)(a) of General Data Protection Regulation.

Your personal data will be processed for the purposes related to the marketing activities provided by the controller which include for example email marketing, SMS marketing, direct calling, social media messaging.

The controller will send email messages on a regular basis related to for offered products and services, including but not limited to information regarding:

• articles related to privacy, data protection and security;
• information about offered services and software solutions created or sold by the controller;
• information regarding offered on-site and online training sessions;
• information regarding social communities managed by the controller.

Data controller will not sell your personal data.

How long we will process your data?

Your personal data will be processed until you withdraw your consent for the processing of your personal data. You have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Your data may be processed by following categories of recipients, including but not limited to:

• software development and software maintenance providers
• email hosting providers
• external sales and marketing service providers

Your data will not be shared with external entities who would be qualified as separate data controllers to your data without your direct consent unless it is required by law.

Do we intend to transfer data to third countries?

We may transfer your personal data to third countries only under a valid legal basis that includes but is not limited to use of standard data protection clauses, approved codes of conduct, approved certification mechanism or basing on an adequacy decision.

What are your rights related to processing of personal data?

You have the right to lodge a complaint with a supervisory authority.

What are the consequences of failure to provide your personal data?

Failure to provide your personal data or provide a consent for a free subscription to an email newsletter will not have any legal implications. You will not be able to receive an email newsletter without providing your correct personal data.