Privacy Policy

1. Definitions
   1. Controller – Joanna Idaszakwith its registered office in Dąbrówka at Fosowa 11/1 Street.
   2. Personal Data – any information about a natural person, identified or identifiable by one or several factors defining his/her physical, physiological, genetic, psychic, economic, cultural, or social identity, including the IP of the device, location data, online identifier and information collected through cookie files and other similar technologies.
   3. Policy – this Privacy Policy.
   4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
   5. Website – an online service run by the Controller at the address Dąbrówka 62-069, Fosowa 11/1 Street.
   6. User – any natural person visiting the Website or using one or more services or functionalities described in the Policy.

1. Data processing in connection with the use of the website
   1. In connection with the User’s use of the website, the Controller collects data with the scope necessary to provide its respective services and collects information about the User’s activity on the Website. The detailed rules and purposes of processing the Personal Data collected during the use of the Website by the User are described below.
2. Purposes and legal basis of data processing ON the website

USE OF THE WEBSITE

1. Personal Data of all the persons using the Website (including the IP address or other identifiers and information collected through cookie files and other similar technologies) are processed by the Controller:
   1. to provide services electronically to provide Users with access to the content collected on the Website – in this case, the legal basis for the processing is that processing is necessary for the performance of a contract (Article 6(1)(b) of GDPR);
      
      
      
   2. for analytical and statistical purposes – in this case, the legal basis for the processing is the legitimate interest pursued by the Controller (Article 6(1)(f) GDPR) to analyze the activity of Users and their preferences in order to improve the functionalities used and the services provided;
   3. for the marketing purposes of the Controller – in this case, the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) RODO) relation to the User’s consent to receive marketing communications.
   4. for technical, administrative purposes and in order to ensure the security of the IT system and to manage the system – in this case, the legal basis for the processing is the legitimate interest pursued by the Controller (Article 6(1)(f) of GDPR) to carry out IT and administrative work aimed at maintaining the security and proper functioning of the Website;
   5. to determine and pursue possible claims or defend against claims – the legal basis for the processing is the legitimate interest pursued by the Controller (Article 6(1)(f) of GDPR) to protect its rights.
2. Activity of a User on the Website, including his/her Personal Data, is recorded in system logs (a special computer program for storing a chronological record of information about events and actions concerning the IT system used for providing services by the Controller). The information collected in logs is processed mainly for purposes related to the provision of services. The Controller also processes the information for technical, administrative purposes and in order to ensure the security of the IT system and to manage the system and also for analytical and statistical purposes – in this respect, the legal basis for the processing is the legitimate interest pursued by the Controller (Article 6(1)(f) of GDPR) to provide and improve the functionality offered to Users.

WAITING LIST

1. The Controller launches a waiting list for people who want to know when Controller’s product will be ready to launch. Signing-up to for the waiting list form requires to provide User’s e-mail address, which is needed to contact the User.
2. Personal Data are processed to identify the sender and to contact with her/him – the legal basis for the processing is the legitimate interest pursued by the Controller (Article 6(1)(f) GDPR) to engage people interested in Controller’s product aimed at building target group of clients and keeping them updated about the launch date.

MARKETING COMMUNICATION

1. We will use User’s e-mail address, to send you direct marketing communication (in the form of e-mail messages) if he/she consent to this. User can consent by checking the respective field under the Waiting list form available on Website. The legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) RODO) relation to the consent to receive marketing communications.
2. User may withdraw her/his consent to marketing communication at any time, by clicking the resignation link in an e-mail sent to her/him. With any problems with the withdrawal of the consent in the aforementioned way, write us at contact@packsu.com.
3. Cookies and similar technologies

1. Cookies are small text files installed on the User’s device. Cookies collect information facilitating the use of a Website, e.g. by remembering User information such as logins or language preferences. The Controller of the data processed in connection with the use of cookies is Joanna Idaszak. On the Website, the Controller uses its own files, which are installed directly by the Website. Third-party cookies, which are cookies from a domain other than the domain of the site the User is visiting are also used, primarily for analytics and advertising activities.
2. The Website uses cookies predominantly to ensure efficient operation of the website, remember the choices made by the User on the website, and, if the User grants the relevant consents, also analyse and track movement on the Website. The Website also installs cookies to enable social media functionality, based on the consent obtained.
3. Below please find detailed information concerning the cookies used by the Controller on the Website. The Controller regularly uses tools to scan the Service to determine what cookies are stored on the User’s device, in order to make the list of cookies used as accurate as possible. The Controller uses the following files: required, functional, analytical, advertising and social media cookies.

REQUIRED COOKIES

1. The Controller uses necessary cookies primarily to provide Users with the services and functionalities of the Website that the User wishes to use. These files are installed in particular for the purpose of remembering login sessions or filling out forms, as well as for the purpose of setting privacy options.
2. The legal basis for the processing of data in connection with the application of the required cookies is that such processing is necessary for the purposes of performing contracts (Article 6(1)((b) of the GDPR).
3. If the User wishes to obtain more information about the individual cookies in this category, i.e. the names of specific cookies, an overview of the functioning thereof, or the validity or origin thereof, the User should click on the “Manage cookies” button, which is located in Section 5 of the Privacy Policy, or the button with the same content available in the footer of each sub-page of the Website. After the cookie banner is displayed, the User should click on the “Manage cookies” button and then display the “Necessary cookies” list and the “Details” button below.
   
   
   

FUNCTIONAL AND ANALYTICAL COOKIES

1. Functional cookies are used in order to remember and adjust the Website to the User’s choices e.g. in terms of language preferences. Functional cookies may be installed by the Controller and its partners through the Website.
2. Analytical cookies make it possible to obtain information such as the number of visits and traffic sources of the Website. They are used to determine which pages are more popular and to understand how Users navigate the Website by storing statistics about the traffic on the Website. The processing is done to improve the performance of the Website. The information collected by these cookies is aggregated and is therefore not intended to establish the identity of the User. Analytical cookies may be installed by the Controller and its partners through the Website.
3. The legal basis for the processing of Personal Data in connection with the use of functional and analytical cookies by the Controller is its legitimate interest (Article 6(1)(f) of the GDPR), consisting in ensuring the highest standard of services rendered in the Website in connection with the User’s consent for the registration of such cookies (separately for analytical files and separately for functional files).
4. The processing of Personal data in connection with the use of functional and analytical cookies is subject to securing the User’s consent for the use of (separately) functional and analytical cookies through the platform for managing consents for cookies. The consent may be withdrawn at any time through that platform.
5. If the User wishes to obtain more information about the specific files of those categories, i.e. the names of the specific cookies, an overview of the functioning, or the validity or origin thereof, the User should click on the “Manage cookies” button, which is located in Section 5 of the Privacy Policy, or the button with the same content available in the footer of each sub-page of the Website. After the cookie banner is displayed, the User should click on the “Manage cookies” button and then display the “Analytical cookies” or “Functional cookies” list, and then on the “Details” button under each of the lists.

ADVERTISING COOKIES

1. Advertising cookies allow matching the advertising content displayed to the interests of Users within and outside the Website. Based on the information from these cookies and the User’s activity on other services, a profile of the User’s interests is built. Advertising cookies may be installed by the Controller and its partners through our Service.
2. The legal basis for the processing of Personal Data in connection with the use of advertising cookies by the Controller, for this purpose, is its legitimate interest (Article 6(1)(f) of the RODO), consisting of promoting the Controller’s brand and informing about the Controller’s current offer, including by directing marketing information to the Service Users corresponding to their interests, in connection with the User’s consent to the recording of advertising cookies.
3. Processing of Personal Data in connection with the use of advertising cookies is possible after obtaining the User’s consent to the use of consent through the consent management platform. This consent can be withdrawn at any time through this platform.
4. If the User wants to get more information about individual cookies in this category, i.e. the name of each cookie, description of operation, validity period and origin, click the “Manage cookies” button, which can be found in Section 5 of the Privacy Policy – “Manage cookies” or a button with the same content available in the footer of each subpage of the Website. When the cookie banner appears, select the “Cookie Settings” button and then expand the “Advertising Cookies” list, then the “Details” button below.
   
   
   

SOCIAL MEDIA COOKIES

1. These cookies are installed by the Controller’s partners to match the displayed content on the social media used by the User. Based on the information from these cookies and activity on other sites or social media, an interest profile is built. This ensures that the content displayed is tailored to User’s individual needs. Social media cookies do not directly store personal information, but identify the web browser and hardware, and if the User accesses the Website via a mobile device, also the User’s location. If the User does not allow the use of these cookies, the Controller will not be able to prevent the same content from being displayed or allow the User to like and share content posted by the Controller on social media.
2. If the User wishes to obtain more information about the specific files of those categories, i.e. the names of the specific cookies, an overview of the functioning, or the validity or origin thereof, the User should click on the “Manage cookies” button, which is located in Section 5 of the Privacy Policy, or the button with the same content available in the footer of each sub-page of the Website. After the cookie banner is displayed, the User should click on the “Manage cookies” button and then display the “Social media cookies” list, and then on the “Details” button under each of the lists.
3. MANAGING COOKIE SETTINGS
   1. Any use of cookies for the purpose of collecting data via such cookies, including obtaining access to data recorded on the User’s device, requires the User’s prior consent. The Controller secures the User’s consent in the Website through the cookies consent management platform. Such consent may be withdrawn at any time in accordance with the rules described in Section 5.3 below.
   2. Consent is not required only in the case of cookies which must be applied to render any telecommunication services (data transmission for the purposes of displaying content) – the User does not have the option of disabling such cookies if he/she wishes to continue the use of the Website.
   3. Consent for the collection of cookies in the Platform may be withdrawn through the cookies consent management platform. The User may go back to the banner by clicking on the following button “Manage cookies” or by clicking on the button with the same content available in the footer of each subpage of the Platform.
   4. After clicking on the banner, the User may withdraw consent by clicking on the “Manage cookies” button. Then it is necessary to move the scrollbar/uncheck a checkbox in the relevant category of cookies and click on “Save preferences and close”.

1. User may also withdraw consent by changing his/her browser settings. Detailed information is available by clicking the links below:
   
   
   
   1. Microsoft Edge: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
   2. Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka
   3. Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
   4. Opera: http://help.opera.com/Windows/12.10/pl/cookie.html/
   5. Safari: https://support.apple.com/kb/PH5042?locale=en-GB.
2. User may at any time verify the status of his/her current privacy settings for the browser he/she is using via the tools available by clicking the links below:
   1. http://www.youronlinechoices.com/pl/twojewybory
   2. http://optout.aboutads.info/?c=2&lang=EN.
3. In order to exercise the User’s rights to access, rectify, erasure, restrict, data portability, object to the processing of personal data, lodge a complaint or ask any other question regarding cookies, please send your request to contact@packsu.com or other contact details of the Controller set out in this Privacy Policy.
4. ANALYTICAL, MARKETING and PAYMENT TOOLS USED BY CONTROLLER OR THE CONTROLLER’S PARTNERS

1. The Controller and its partners apply various solutions and tools used for analytical and marketing purposes. Basic information regarding such tools is described below. For more detailed information on the use of such tools, please refer to the data privacy settings and the privacy policies of the relevant partner.
2. The current and complete list of the Controller’s Partners:
   1. Google
   2. Packsu.com

YOUTUBE API

1. The YouTube API allows us to integrate video features from YouTube into Webiste. These features allow Users to play videos directly on Website. As such, YouTube may process User information such as IP address or video viewing behaviour in accordance with its own privacy policy. Detailed information on the scope and terms of data collection related to this tool is available at: https://policies.google.com/privacy

GETSITECONTROL

1. GetSiteControl is a widget used to create interactive elements on a Website, such as contact forms, surveys, and cookie notifications. This tool may collect User’s data, including email addresses and other information voluntarily provided by Users, in order to improve Website interactions. All data will be stored and processed in accordance with data protection legislation. Detailed information on the scope and terms of data collection related to this tool is available at: https://getsitecontrol.com/privacy/

GOOGLE ANALYTICS

1. Cookies of Google Analytics are files used by Google to analyse Users’ habits in regard to using the Website and to create statistics and reports concerning the functioning of the Website. Google does not use the collected data for User identification and does not combine such information to allow for the identification of Users. Detailed information on the scope and terms of data collection related to this tool is available at: https://www.google.com/intl/pl/policies/privacy/partners.

GOOGLE PIXEL

1. Google Pixel is an analytics tool that allows Controller to track the effectiveness of marketing activities and advertising campaigns that Controller run on Google’s advertising platforms. Data collected by Google Pixel includes information about Users’ activity on the Website, such as pages visited or conversions made. This information is used to optimise advertising campaigns and is processed in accordance with Google’s privacy policy. Detailed information on the scope and terms of data collection related to this tool is available at: https://policies.google.com/privacy?hl=en-EU

GOOGLE TAG MANAGER

1. Google Tag Manager is a tool for managing scripts on a website. It allows you to install different types of scripts on your website. These include scripts related to user consent, scripts that track user behaviour through analytical tools such as Google Analytics, or conversion tracking from advertising systems such as Google Ads. In connection with the use of this tool, Google collects aggregate information about the operation of these scripts without being able to identify any specific user. Detailed information on the scope and terms of data collection related to this tool is available at: https://www.google.com/analytics/terms/tag-manager/

LINKEDIN PIXEL

1. LinkedIn Pixel is a analytics tool that allows Controller to track the effectiveness of campaigns that Controller run on LinkedIn platform. Data collected by LinkedIn Pixel includes information about Users’ activity on the Website, such as pages visited or conversions made. This information is used to optimise Controller’s advertising campaigns, retargeting Users through LinkedIn ads and to learn aggregate insights about categories of members interacting with Controllers ads. Detailed information on the scope and terms of data collection related to this tool is available at: https://www.linkedin.com/legal/privacy-policy#data

META PIXEL

1. Meta Pixel is a tool that enables the measurement of the effectiveness of advertising campaigns carried out by the Controller on Facebook. The tool allows advanced data analysis to optimise the activities of the Controller, also using other tools offered by Meta. Detailed information on the scope and terms of data collection related to this tool is available at: https://pl-pl.facebook.com/help/443357099140264?helpref=about_content.

MICROSOFT CLARITY

1. Microsoft Clarity is an analytics tool that monitors User behaviour on a Website, such as clicks, scrolling and navigation. The Personal Data is processed to analyse how the Website is used and to optimise its functionality. Microsoft Clarity operates in accordance with applicable data protection laws, and all information collected is anonymous and used for analytical purposes only. Detailed information on the scope and terms of data collection related to this tool is available at: https://clarity.microsoft.com/terms

STRIPE

1. Stripe is a tool Stripe that allows to make payment without leaving the Website. Stripe also provides Controller real-time insight into key indicators such as total sales, number of transactions, average order value or conversion rate. Detailed information on the scope and terms of data collection related to this tool is available at: https://boringowl.io/docs/privacy-policy.pdf

USER.COM

1. User.com is an analytics and marketing tool that allows Controller to increase the engagement and conversion of Users of the Website, including through sending personalised automate emails. The tool may process personal information, such as data provided during registration on the Website (e.g. email addresses) and basic Personal Data about User’s interaction on the Website (such as registration, log in, consent to marketing communication etc.). Detailed information about User.com’s data processing can be found at the following link: https://www.user.com/security/privacy-policy

7. Period of personal data processing
   1. The period of data processing by the Controller depends on the type of provided service and the purpose of the processing. In principle, data are processed for the entire period of providing the service or fulfilling a purchase order until the moment of withdrawing consent or filing an effective objection to the data processing in cases where the legal basis for the processing is the Controller’s legitimate interest.
   2. The data processing period may be extended if the processing is necessary to determine and pursue possible claims or defend against claims and, after that time, only when and to the extent required by law. After the elapse of the processing period, the data are irreversibly deleted and anonymized.
8. Rights connected with personal data processing

RIGHTS OF DATA SUBJECTS

1. The following rights are vested in Data Subjects:
   1. right to information on personal data processing – on that basis, the Controller provides the person making the request with information about data processing, including first of all about the purposes and legal grounds for the processing, the scope of the data held, entities to which they are disclosed and the planned date for deleting the data;
   2. right to receive a copy of data – on that basis, the Controller provides a copy of the data processed to a person making the request;
   3. right to rectification – the Controller is obligated to remove any non-compliance or errors in personal data processed and supplement them if they are incomplete;
   4. right to erasure – on that basis, one may demand deleting the data whose processing is no longer necessary to achieve any of the purposes for which they were collected;
   5. right to restriction of processing – if such a request is made, the Controller stops performing any operations on the personal data except for those to which the data subject has given consent and except storing them in accordance with the adopted retention rules or until the reasons for restricting the processing disappear (e.g. the data supervisory authority issues a decision permitting further data processing);
   6. right to data portability – on this basis, to the extent that the data are processed in connection with an executed contract or given consent, the Controller delivers the data provided by the data subject in a machine-readable format. Is it also allowed to request that the data are transmitted to another entity on condition, though, that both the Controller and the other entity have the technical capabilities to do so;
   7. right to object to personal data processing for marketing purposes – the data subject has the right to object at any time to personal data processing for marketing purposes without the obligation to justify such an objection;
   8. right to object to data processing for other purposes – the data subject may object at any time to personal data processing carried out on the basis of the Controller’s legitimate interest (e.g. for analytical or statistical purposes or for reasons connected with protecting property); such an objection should include a justification;
   9. right to withdraw consent – if data are processed on the basis of a given consent, the data subject may withdraw it at any time, which does not have, however, any effect on the lawfulness of processing based on consent before its withdrawal.
   10. right to complain – if the data subject believes that the personal data processing breaches the provisions of GDPR or other personal data protection regulations, the data subject has the right to lodge a complaint with the supervisory authority for the processing of Personal Data having jurisdiction over the Data Subject’s habitual residence, place of work or place where the alleged infringement was committed. In Poland, the supervisory authority is the President of the Personal Data Protection Office.
2. NOTIFICATION OF REQUESTS ASSOCIATED WITH EXERCISING THE RIGHTS
   1. A request about exercising the rights of data subjects may be filed:
      1. by letter to Controller’s office address;
      2. by e-mail to the address: contact@packsu.com.
   2. The request should, as far as possible, indicate precisely what the request is about, i.e. in particular:

1. what right the person submitting the request wishes to exercise (e.g., the right to receive a copy of the data, the right to erasure, etc.);
2. what processing the request relates to (e.g., use of a specific service, activity on a specific website, etc.);
3. what purposes of processing the request relates to (e.g., purposes related to the provision of services, etc.).

1. If the Controller is unable to identify the person filing a request on the basis of the notification made, the Controller will ask the petitioner for additional information. Provision of such data is not mandatory however, failure to provide them will result in a request recognition refusal.
2. The request may be filed in person or through an attorney-in-fact (e.g. a family member). In view of data security, the Controller encourages data subjects to use a power-of-attorney in the form certified by a notary public or an authorized legal counsel or attorney-at-law, which will significantly accelerate verification of the request’s authenticity.
3. A reply to the request should be provided within one month of its receipt. If it is necessary to extend the deadline, the Controller shall inform the applicant about the reasons for the delay.
4. Where the application is submitted to the Company electronically, the response is given in the same form unless the applicant requests otherwise. In all other cases, the response is given in writing. When the deadline for exercising the request makes it impossible to reply in writing and the applicant’s data processed by the Controller allows for contact by electronic means, the response should be provided electronically.

1. Data recipients
   1. In certain cases, if necessary to achieve the purposes described above, Personal Data will be disclosed to external entities providing services to the Controller (e.g. IT service providers).
   2. The Controller reserves the right to disclose selected information items referring to the User to relevant authorities or third parties which will demand that they are provided such information pursuant to an appropriate legal basis and in compliance with prevailing laws.
2. Transfer of data outside the EEA
   1. The level of Personal Data protection outside the European Economic Area (EEA) differs from that guaranteed by the European law. For this reason, the Controller transmits Personal Data to places outside the EEA only when necessary and ensuring an adequate protection level, mainly by:
      1. cooperating with Personal Data processors in the countries with respect to which a relevant decision of the European Commission has been issued; in some cases, the European Commission additionally requires that such processors should participate in programs approved by the European Commission that associate entities from outside the EEA and which participants are required to provide Personal Data the same level of protection as granted within European Union (for more detailed information, see https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_pl
      2. ;
      3. application of standard contractual clauses issued by the European Commission; along with the required additional security measures they provide Personal Data the same protection level as it prescribed in the European Union; standard contractual clauses can be found https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_pl;
      4. application of binding corporate principles approved by the relevant supervisory authority.
   2. Controller transfer Users’ Personal Data outside the EEA:

1. in connection with the use of GetSiteControl tool. In such case Users’ Personal Data shall be transferred to the U.S. by service provider i.e. Microsoft Ireland Operations Limited to his subcontractor i.e. Microsoft Corporation Inc.. The transfer of Personal Data to a subcontractor Microsoft Corporation  Inc. located in the U.S., shall be based on an adequacy decision referred to in Section 11.1. in accordance with that subcontractor’s registration on the Data Privacy Framework’s (https://www.dataprivacyframework.gov/)list of self-certified entities.
2. in connection with the use of Google Analytics tool, because the provider of this tool, Google Ireland Limited, based in Ireland, transfers Personal Data to its subcontractors providing services outside the EEA, i.e.:

1. Google UK Ltd in the UK, Google Israel Ltd. in Israel, TMJ, Inc. in Japan, SCSK Serviceware Corporation in Japan, K.K. Teledirect Japan, Jellyfish U.K. Limited in the UK, Accenture Japan Ltd. in Japan, Google Argentina S.R.L. in Argentina, Google Infraestructura Argentina S. R.L. in Argentina, Cognizant Technology Solutions de Argentina SRL in Argentina, Atento Argentina S.A. in Argentina ─ in that case Personal Data is transferred outside the EEA based on the adequacy decision referred to in paragraph 11.1.1 above;
2. Google Peru S.R.L. in Peru, Google Kenya Limited in Kenya, Google FZ LLC in the United Arab Emirates, Google Colombia Limitada in Colombia, Google Brasil Internet Ltda. in Brazil, Google Australia Pty Ltd. in Australia, Google Asia Pacific Pte. Ltd. in Singapore, GOC Services India Private Limited in India, GOC Philippines, Inc. in the Philippines, TTEC Brasil Serviços Ltda. in Brazil, TDCX (MY) Sdn. Bhd. in Malaysia, Regalix India Private Limited in India, Regalix Inc. in the USA, Intelenet Global Services Private Limited in India, HCL Technologies Limited in India, HCL (Brazil) Tecnologia da Informação Ltda in Brazil, HCL America Inc. in the USA, GlobalLogic Technologies Limited in India, GlobalLogic Inc. in the USA, EPAM Systems Inc. in the USA, Concentrix Daksh Services India Private Limited in India, Concentrix Solutions Corporation in the USA, Competence Call Center İstanbul Çağrı Merkezi Hizmetleri Anonim Şirketi in Turkey, Cognizant Technology Solutions Philippines, Inc. in the Philippines, Cognizant Technology Solutions India Private Limited in India, Cognizant Technology Solutions de Mexico S.A. de C.V. in Mexico, , Cognizant Serviços de Tecnologia e Software do Brasil S/A in Brazil, Accenture Solutions Private Limited in India, Accenture LLP in the U.S., Accenture Inc. in the Philippines, Accenture Co. Ltd. in Taiwan ─ in that case Personal Data is transferred outside the EEA based on the standard contractual clauses issued by the European Commission as referred to in paragraph 11.1.2 above;
3. in connection with the use of Google Tag manager tool, because the provider of this tool, Google Ireland Limited, based in Ireland, transfers Personal Data to its subcontractors providing services outside the EEA, i.e.:

1. Google UK Ltd in the UK, Google New Zealand Limited in New Zealand, Google Israel Ltd. in Israel, SCSK Serviceware Corporation in Japan, K.K. Teledirect Japan in Japan, Jellyfish U.K. Limited in the UK, Accenture Japan Ltd. in Japan, Google Argentina S. R.L. in Argentina, Google Infraestructura Argentina S.R.L. in Argentina, Cognizant Technology Solutions de Argentina SRL in Argentina ─ in that case Personal Data is transferred outside the EEA based on the adequacy decision referred to in 11.1.1 above,
2. Google Peru S.R.L. in Peru, Google Kenya Limited in Kenya, Google FZ LLC in the United Arab Emirates, Google Colombia Limitada in Colombia, Google Brasil Internet Ltda. in Brazil, Google Australia Pty Ltd. in Australia, Google Asia Pacific Pte. Ltd. in Singapore, GOC Services India Private Limited in India, GOC Philippines, Inc. in the Philippines, TDCX (MY) Sdn. Bhd. in Malaysia, Regalix Inc. in the US, Intelenet Global Services Private Limited in India, HCL Technologies Limited in India, HCL (Brazil) Tecnologia da Informação Ltda in Brazil, HCL America Inc. in the US, GlobalLogic Technologies Limited in India, GlobalLogic Inc. in the US, EPAM Systems Inc. in the US, Concentrix Daksh Services India Private Limited in India, Concentrix Solutions Corporation in the US, Cognizant Technology Solutions Philippines, Inc. in the Philippines, Cognizant Technology Solutions India Private Limited in India, Cognizant Technology Solutions de Mexico S.A. de C.V. in Mexico, Cognizant Serviços de Tecnologia e Software do Brasil S/A in Brazil, Accenture Solutions Private Limited in India, Accenture LLP in the USA, Accenture Inc. in the Philippines, Accenture Co. Ltd. in Taiwan ─ in that case Personal Data is transferred outside the EEA based on the standard contractual clauses issued by the European Commission as referred to in paragraph 11.1.2 above;
3. in connection with the use of Meta Pixel tool, because the provider of this tool, Meta Platforms Ireland Limited, based in Ireland, transfers Personal Data to its subcontractors providing services outside the EEA, i.e.:

1. Meta Platforms Inc. based in the USA ─ in that case the Personal Data is transferred outside the EEA based on the adequacy decision referred to in paragraph 11.1.1. above, in accordance with that subcontractor’s registration on the Data Privacy Framework’s (https://www.dataprivacyframework.gov/) list of self-certified entities.
2. Andale Inc., Greater Kudu LLC, Goldframe LLC, Meta Operations LLC, Morning Hornet LLC, Offprints LLC, Omanyte LLC, Paile LLC, Raven Northbrook Services Limited, Scout Development LLC, Siculus Inc, Sidecat LLC, Stadium LLC, Starbelt LLC, Woolhawk LLC, Vitesse LLC, Winner LLC d/b/a Ernst LLC located in the USA ─ in that case Personal Data shall be transferred outside the EEA based on the standard contractual clauses issued by the European Commission as referred to in paragraph 11.1.2 above;
3. in connection with Microsoft Clarity tool. In such case Users’ Personal Data shall be transferred to the U.S. by service provider i.e. Getwebcraft Limited in Cyprus to his subcontractor i.e. Amazon.com Inc. The transfer of Personal Data to a subcontractor Amazon.com  Inc. located in the U.S., shall be based on an adequacy decision referred to in Section 11.1. in accordance with that subcontractor’s registration on the Data Privacy Framework’s (https://www.dataprivacyframework.gov/) list of self-certified entities.
4. Contact data

1. The Controller may be contacted by e-mail contact@packsu.com or by letter sent to the mailing address Dąbrówka 62-069, Fosowa 11/1 Street.
2. Amendments to the privacy policy
   1. The Policy is verified on an ongoing basis and updated when needed.
   2. The present version of the Policy was approved and has been in force since February 1st, 2025.