Information Notes.

Information notes:

  1. Potential partners
  2. Clients and their representatives
  3. Service providers and their representatives
  4. Newsletter subscribers
  5. Blog users
  6. Participants of offline educational events
  7. Persons interested in a career in Nifty Design Labs
  8. Facebook users
  9. Subjects who required from us execution of their rights
  10. Participants of contests organized by Nifty Design Labs
  11. Participants of workshops, trainings, and other similar events organized by Nifty Design Labs (online)

INFORMATION NOTE FOR POTENTIAL PARTNERS | GDPR

Dear Sir/Madam,

According to the General Data Protection Regulation (GDPR) in force since 25th of May 2018, we want you to know:

WHO WE ARE:

1. The controller of your personal data is Mr. Aaron Peters, conducting business as “Aaron Peters” with his registered office at Brouwersweg 143, in Maastricht, Netherlands, holder of VAT-EU number: NL339091022B01 (hereinafter referred to as “Nifty Design Labs”).

WHERE DO WE HAVE YOUR DATA FROM:

2. We have gathered your personal data from publicly available sources.

WHAT SORT OF YOUR PERSONAL DATA IS PROCESSED BY US:

3. We only process your identification data (first name, surname, image), employment data (job position, place of employment), and contact data (contact address, e-mail address, and phone number).

WHY DO WE PROCESS YOUR DATA:

4. We only process your personal data in order to establish business contacts with you or your employer – based on art. 6 par. 1 pt. f) of GDPR which is the legitimate interest of the controller understood as the endeavor to create a contact network in relation to the controller’s business activity – for the period necessary to achieve the controller’s legitimate interest, but no longer than until you effectively place an objection to the processing of your personal data. Your personal data may be processed longer if we obtain another legal basis to do so (such as conclusion and execution of the contract or defending against possible claims resulting from its execution), which we will inform you about promptly after we obtain a new legal basis for the processing of your personal data.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

5. Your personal data may be disclosed by us only to our hosting providers and electronic mail providers.

6. Your personal data may be transferred outside the European Economic Area, due to the fact that Google Ireland Ltd. company incorporated in Ireland together with Google LLC company incorporated in the USA and its subsidiaries also incorporated in the USA provide us with hosting services (regarding both electronic mail and cloud computing services). The legal basis for the transfer of your personal data to Google LLC and its subsidiaries and the legal mechanism protecting this transfer is the Standard Contractual Closes enacted by the European Commission.

WHAT ARE YOUR RIGHTS

7. Due to the protection of your personal data, you have the right to:

a) access your personal data and receive their copies (art. 15 of GDPR);
b) rectify your personal data and supplement them if necessary (art. 16 of GDPR);
c) erase your personal data or restrict their processing (art. 17-18 of GDPR);
d) object to the processing of your personal data (art. 21 of GDPR);
e) transfer your personal data (art. 20 of GDPR);
f) lodge a complaint with a competent supervisory authority (art. 77 of GDPR).

ADDITIONALLY:

8. Your personal data are not profiled by us, and are not subject to any other form of automated processing, resulting in making decisions that cause legal effects to you or have a similar effect on you.
9. All correspondence regarding matters related to the processing of your personal data should be sent to our address indicated in par. 1 above with the postscript “Personal data” or to our e-mail address: security@niftydesignlabs.com.

INFORMATION NOTE FOR CLIENTS AND THEIR REPRESENTATIVES | GDPR

Dear Sir/Madam,

According to the General Data Protection Regulation (GDPR) in force since 25th of May 2018, we want you to know:

WHO WE ARE:

1. The controller of your personal data is Mr. Aaron Peters, conducting business as “Aaron Peters” with his registered office at Brouwersweg 143, in Maastricht, Netherlands, holder of VAT-EU number: NL339091022B01 (hereinafter referred to as “Nifty Design Labs”).

WHERE DO WE HAVE YOUR DATA FROM:

2. We have gathered your personal data from publicly available sources.

WHAT SORT OF YOUR PERSONAL DATA IS PROCESSED BY US:

3. We only process your identification data (first name, surname, image), employment data (job position, place of employment), and contact data (contact address, e-mail address, and phone number).

WHY DO WE PROCESS YOUR DATA:

4. We only process your personal data in order to establish business contacts with you or your employer – based on art. 6 par. 1 pt. f) of GDPR which is the legitimate interest of the controller understood as the endeavor to create a contact network in relation to the controller’s business activity – for the period necessary to achieve the controller’s legitimate interest, but no longer than until you effectively place an objection to the processing of your personal data. Your personal data may be processed longer if we obtain another legal basis to do so (such as conclusion and execution of the contract or defending against possible claims resulting from its execution), which we will inform you about promptly after we obtain a new legal basis for the processing of your personal data.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

5. Your personal data may be disclosed by us only to our hosting providers and electronic mail providers.

6. Your personal data may be transferred outside the European Economic Area, due to the fact that Google Ireland Ltd. company incorporated in Ireland together with Google LLC company incorporated in the USA and its subsidiaries also incorporated in the USA provide us with hosting services (regarding both electronic mail and cloud computing services). The legal basis for the transfer of your personal data to Google LLC and its subsidiaries and the legal mechanism protecting this transfer is the Standard Contractual Closes enacted by the European Commission.

WHAT ARE YOUR RIGHTS

7. Due to the protection of your personal data, you have the right to:

a) access your personal data and receive their copies (art. 15 of GDPR);
b) rectify your personal data and supplement them if necessary (art. 16 of GDPR);
c) erase your personal data or restrict their processing (art. 17-18 of GDPR);
d) object to the processing of your personal data (art. 21 of GDPR);
e) transfer your personal data (art. 20 of GDPR);
f) lodge a complaint with a competent supervisory authority (art. 77 of GDPR).

ADDITIONALLY:

8. Your personal data are not profiled by us, and are not subject to any other form of automated processing, resulting in making decisions that cause legal effects to you or have a similar effect on you.
9. All correspondence regarding matters related to the processing of your personal data should be sent to our address indicated in par. 1 above with the postscript “Personal data” or to our e-mail address: security@niftydesignlabs.com.

INFORMATION NOTE FOR SERVICE PROVIDERS AND THEIR REPRESENTATIVES | GDPR

Dear Sir/Madam,

According to the General Data Protection Regulation (GDPR) in force since 25th of May 2018, we want you to know:

WHO WE ARE:

  1. The controller of your personal data is Mr. Aaron Peters, conducting business as “Aaron Peters” with his registered office at Brouwersweg 143, in Maastricht, Netherlands, holder of VAT-EU number: NL339091022B01 (hereinafter referred to as “Nifty Design Labs”).

WHY DO WE PROCESS YOUR DATA:

2. We may process your personal data:

a) in order to conclude the contract – based on art. 6 par. 1 pt. f) of GDPR which is the legitimate interest of the controller understood as the endeavor to conclude the contract with the service provider – until the end of the negotiation process regarding the conclusion of the contract.
b) in order to execute the contract – based on art. 6 par. 1 pt. b) of GDPR, alternatively (in relation to representatives of our suppliers) art. 6 par. 1 pt. f) of GDPR which is the legitimate interest of the controller understood as the execution of the contract – until the fulfillment of the contract, its termination or cessation.
c) in order to perform our tax responsibilities – based on art. 6 par. 1 pt. c) of GDPR in relation to the Accounting Act and art. 86 of the Tax Ordinance Act – until the cessation of 5 year period accounted from the end of the tax year during which the controller’s tax obligation related to our cooperation appeared.
d) in order to pursue our possible claims or defend against your possible claims which may arise in connection with our cooperation – based on art. 6 par. 1 pt. f) of GDPR which is the legitimate interest of the controller – until the cessation of the termination period of the last from our mutually available claims or until the finalization of the legal proceedings regarding our mutually available claims.

DO YOU HAVE TO DISCLOSE YOUR DATA TO US:

3. Providing personal data by you is:

a) in relation to you data mentioned in par. 2 pt. a), b) and d) above – required to conclude our agreement – otherwise we will not be able to conclude and perform the contract between us;
b) in relation to your data mentioned in par. 2 pt. c) above – mandatory (as a legal obligation resulting from the Accounting Act and the Tax Ordinance Act) – otherwise we will not be able to conclude and perform the contract between us.

4. Due to the fact that negotiations or consultations related to the conclusion or performance of the contract may take place at our headquarters, we would also like to inform you that video monitoring system operates within our company’s premises. The purpose of monitoring is to ensure the safety of people and property within our premises and its legal basis is art. 6 par. 1 pt. f) of GDPR – the legitimate interest of the controller understood as implementation of the above-mentioned purpose. Materials obtained from monitoring will be stored for a period of 30 days, after which they will be destroyed in a way that prevents their reproduction. Exceptionally, in the case in which the recordings are evidence in legal proceedings or the controller has learned that they may constitute evidence in such proceedings, the time limit specified in the preceding sentence is extended until the end of the relevant proceedings.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

5. Your personal data may be disclosed by us to:

a) hosting providers (including providers of cloud computing services);
b) electronic mail service providers;
c) accountancy service providers;
d) legal service providers;
e) mail service providers;
f) IT service providers;
g) our subcontractors.

6. Your personal data may be transferred outside the European Economic Area, due to the fact that Google Ireland Ltd. company incorporated in Ireland together with Google LLC company incorporated in USA and its subsidiaries also incorporated in USA provide us with hosting services (regarding both electronic mail and cloud computing services). The legal basis for transfer of your personal data to Google LLC and its subsidiaries and the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission.

WHAT ARE YOUR RIGHTS:

7. Due to the protection of your personal data, you have the right to:

a) access your personal data and receive their copies (art. 15 of GDPR);
b) rectify your personal data and supplement them if necessary (art. 16 of GDPR);
c) erase your personal data or restrict their processing (art. 17-18 of GDPR);
d) object to the processing of your personal data (art. 21 of GDPR);
e) transfer your personal data (art. 20 of GDPR);
f) lodge a complaint with a competent supervisory authority (art. 77 of GDPR).

ADDITIONALLY:

8. Your personal data are not profiled by us, and are not subject to any other form of automated processing, resulting in making decisions that cause legal effects to you or have a similar effect on you.
9. All correspondence regarding matters related to the processing of your personal data should be sent to our address indicated in par. 1 above with the postscript “Personal data” or to our e-mail address: security@niftydesignlabs.com.

INFORMATION NOTE FOR NIFTY DESIGN LABS NEWSLETTER SUBSCRIBERS | GDPR

Dear Subscriber,

According to the General Data Protection Regulation (GDPR) in force since 25th of May 2018, we want you to know:

WHO WE ARE:

  1. The controller of your personal data is Mr. Aaron Peters, conducting business as “Aaron Peters” with his registered office at Brouwersweg 143, in Maastricht, Netherlands, holder of VAT-EU number: NL339091022B01 (hereinafter referred to as “Nifty Design Labs”).

WHY DO WE PROCESS YOUR DATA:

2. We process your personal data in order to deliver our Nifty Design Labs newsletter to you – based on art. 6 par. 1 pt. a) of GDPR which is your consent, given by you as you checked the appropriate checkbox containing your consent statement – such data will be processed by us as long as we have your consent until you revoke it.

DO YOU HAVE TO DISCLOSE YOUR DATA TO US:

3. Providing personal data by you is voluntary, but required to receive our newsletter – ceasing to process your personal data will prevent this purpose.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

4. Your personal data may be disclosed by us to our hosting provider, electronic mail provider and provider of the newsletter dispatch service.

5. Your personal data may be transferred outside the European Economic Area – due to the fact that The Rocket Science Group LLC company incorporated in USA is our provider of the newsletter dispatch service, while Google Ireland Ltd. company incorporated in Ireland together with Google LLC company incorporated in USA and its subsidiaries also incorporated in USA provide us with hosting services (regarding both electronic mail and cloud computing services). The legal basis for transfer of your personal data to The Rocket Science Group LLC and Google LLC and their subsidiaries and the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission.

WHAT ARE YOUR RIGHTS:

6. Due to the protection of your personal data, you have the right to access your personal data and receive their copies (art. 15 of GDPR);

6.1. access your personal data and receive their copies (art. 15 of GDPR);
6.2. rectify your personal data and supplement them if necessary (art. 16 of GDPR);
6.3. erase your personal data or restrict their processing (art. 17-18 of GDPR);
6.4. object to the processing of your personal data (art. 21 of GDPR);
6.5. transfer your personal data (art. 20 of GDPR);
6.6. lodge a complaint with a competent supervisory authority (art. 77 of GDPR).

7. You also have the right to withdraw, at any time, your consent to the processing of your personal data referred to in par. 2 above, however, the withdrawal of your consent will not affect the lawfulness of the processing of your personal data within the period of validity of your consent and after the withdrawal of your consent, we will still store your data necessary to document the fact and date of giving us your consent and revoking it.

ADDITIONALLY:

8. Your personal data are not profiled by us, and are not subject to any other form of automated processing, resulting in making decisions that cause legal effects to you or have a similar effect on you.
9. All correspondence regarding matters related to the processing of your personal data should be sent to our address indicated in par. 1 above with the postscript “Personal data” or to our e-mail address: security@niftydesignlabs.com.

INFORMATION NOTE FOR NIFTY DESIGN LABS BLOG USERS | GDPR

Dear User,

According to the General Data Protection Regulation (GDPR) in force since 25th of May 2018, we want you to know:

WHO WE ARE:

  1. The controller of your personal data is Mr. Aaron Peters, conducting business as “Aaron Peters” with his registered office at Brouwersweg 143, in Maastricht, Netherlands, holder of VAT-EU number: NL339091022B01 (hereinafter referred to as “Nifty Design Labs”).

WHY DO WE PROCESS YOUR DATA:

2. We process your personal data in order to write and manage our Nifty Design Labs blog (under following address: https://niftydesignlabs.com/blog/) – based on art. 6 par. 1 pt. a) of GDPR which is your consent, given by you as you post your entry under our post – such data will be processed by us as long as we have your consent until you revoke it – in particular by self-deleting your entry or by requesting that we delete entries posted by you within our blog

DO YOU HAVE TO DISCLOSE YOUR DATA TO US:

3. Providing personal data by you is voluntary, but required to achieve the purpose referred to in par. 2 above – ceasing to process your personal data will prevent this purpose.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

4. Your personal data may be transferred outside the European Economic Area – due to the fact that:
a) Google Ireland Ltd. company incorporated in Ireland together with Google LLC company incorporated in USA and its subsidiaries also incorporated in USA provide us with hosting services (regarding both electronic mail and cloud computing services). The legal basis for transfer of your personal data to Google LLC and its subsidiaries and the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission.
b) While using our blog you may post your comments through a plugin used by us in our blog.

WHAT ARE YOUR RIGHTS:

5. Due to the protection of your personal data, you have the right to:

5.1. access your personal data and receive their copies (art. 15 of GDPR);
5.2. rectify your personal data and supplement them if necessary (art. 16 of GDPR);
5.3. erase your personal data or restrict their processing (art. 17-18 of GDPR);
5.4. object to the processing of your personal data (art. 21 of GDPR);
5.5. transfer your personal data (art. 20 of GDPR);
5.6. lodge a complaint with a competent supervisory authority (art. 77 of GDPR).

6. You also have the right to withdraw, at any time, your consent to the processing of your personal data referred to in par. 2 above, however, the withdrawal of your consent will not affect the lawfulness of the processing of your personal data within the period of validity of your consent and after the withdrawal of your consent, we will still store your data necessary to document the fact and date of giving us your consent and revoking it.

ADDITIONALLY:

7. Your personal data are not profiled by us, and are not subject to any other form of automated processing, resulting in making decisions that cause legal effects to you or have a similar effect on you.
8. All correspondence regarding matters related to the processing of your personal data should be sent to our address indicated in par. 1 above with the postscript “Personal data” or to our e-mail address: security@niftydesignlabs.com.

INFORMATION NOTE FOR PARTICIPANTS OF EDUCATIONAL EVENTS | GDPR

Dear Participant,

According to the General Data Protection Regulation (GDPR) in force since 25th of May 2018, we want you to know:

WHO WE ARE:

  1. The controller of your personal data is Mr. Aaron Peters, conducting business as “Aaron Peters” with his registered office at Brouwersweg 143, in Maastricht, Netherlands, holder of VAT-EU number: NL339091022B01 (hereinafter referred to as “Nifty Design Labs”).

WHY DO WE PROCESS YOUR DATA:

2. We may process your personal data:

a) in order to organize and perform the training, workshops, conference or other similar events (hereinafter referred to as “the event”) – based on art. 6 par. 1 pt. b) of GDPR, – until the end of the event.
b) in order to control the number of participants and ensure safety throughout the event – based on art. 6 par. 1 pt. f) of GDPR which is the legitimate interest of the controller – until the end of the event.
c) in order to promote the events organized by us – based on art. 6 par. 1 pt. f) of GDPR which is the legitimate interest of the controller understood as promotion of its services – until you object to it – to the extent in which we record and process your image in materials in which this image is a part of a larger whole (concerns materials not focused on you – for example when you are one of the people included in the wider picture).
d) in order to select the participants who are most interested in participation in the event and have knowledge adequate to the topics discussed in the course of the event – based on art. 6 pat. 1 pt. f) of GDPR which is the legitimate interest of the controller understood as the optimal selection of event participants in terms of their knowledge and motivation to participate in the event – until the end of the event.
e) in order to adjust the content presented during the event in which you participate – based on art. 6 par. 1 pt. f) of GDPR which is the legitimate interest of the controller understood as organization of workshops, trainings and other similar events adjusted to knowledge and skills of participants of such events – until the end of the event.
f) in order to promote the events organized by us – based on art. 6 par. 1 pt. a) of GDPR which is your consent – until you withdraw your consent – to the extent in which we record and process your image in materials in which this image is not a part of a larger whole (concerns materials focused on you, not including you as one of many people – for example an interview with you or an individual photography).

DO YOU HAVE TO DISCLOSE YOUR DATA TO US:

3. Providing personal data by you is voluntary, but (apart from the data mentioned in par. 2 pt. f above) required for your participation in events organized by Nifty Design Labs – ceasing to process your personal data will prevent implementation of this purpose).

4. We would also like to inform you that a video monitoring system including 4 cameras operates within our company’s premises so when the events (in particular training or workshops) take place within our premises your image will be recorded. The purpose of monitoring is to ensure the safety of people and property within our premises and its legal basis is art. 6 par. 1 pt. f) of GDPR – the legitimate interest of the controller which is to implement the above-mentioned purpose. Materials obtained from monitoring will be stored for a period of 30 days, after which they will be destroyed in a way that prevents their reproduction. Exceptionally, in the case in which the recordings are evidence in legal proceedings or the controller has learned that they may constitute evidence in such proceedings, the time limit specified in the preceding sentence is extended until the end of the relevant proceedings.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

5. Your personal data may be disclosed by us to:

a) hosting providers (including providers of cloud computing services);
b) electronic mail service providers;
c) event registration service providers;
d) social media providers (Facebook, Twitter, YouTube, LinkedIn, Instagram);
e) mail service providers;
f) our subcontractors.

6. Your personal data may be transferred outside the European Economic Area – due to the fact that:

a) Google Ireland Ltd. company incorporated in Ireland together with Google LLC company incorporated in USA and its subsidiaries also incorporated in USA provide us with hosting services (regarding both electronic mail and cloud computing services). The legal basis for transfer of your personal data to Google LLC and its subsidiaries and the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission;
b) photos from trainings and workshops as well as other promotional materials may be published by us in social media, which may lead in consequence to disclosure of your personal data to providers of following social media portals: Facebook (Facebook, Inc.), Instagram (Facebook, Inc.), LinkedIn (LinkedIn Corporation), Twitter (Twitter, Inc.) and YouTube (Google LLC), all incorporated in USA. Your personal data processed within the aforementioned social media portals is generally controlled by the following companies incorporated in Ireland: Facebook Ireland ltd. (Facebook and Instagram), LinkedIn Ireland Unlimited Company (LinkedIn), Twitter International Company (Twitter) and Google Ireland ltd. (YouTube). In some cases however, a certain amount of your personal data (such as basic identification data revealed by you while registering your account) may be transferred by the aforementioned Irish companies to their related US companies. In such case, the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission.

WHAT ARE YOUR RIGHTS:

7. Due to the protection of your personal data, you have the right to:

a) access your personal data and receive their copies (art. 15 of GDPR);
b) rectify your personal data and supplement them if necessary (art. 16 of GDPR);
c) erase your personal data or restrict their processing (art. 17-18 of GDPR);
d) object to the processing of your personal data (art. 21 of GDPR);
e) transfer your personal data (art. 20 of GDPR);
f) lodge a complaint with a competent supervisory authority (art. 77 of GDPR).

8. You also have the right to withdraw, at any time, your consent to processing of your personal data referred to in par. 2 pt. e) above, however, the withdrawal of your consent will not affect the lawfulness of processing of your personal data within the period of validity of your consent and after withdrawal of your consent we will still store your data necessary to document the fact and date of giving us your consent and revoking it.

ADDITIONALLY:

9. Your personal data are not profiled by us, and are not subject to any other form of automated processing, resulting in making decisions that cause legal effects to you or have a similar effect on you.
10. All correspondence regarding matters related to the processing of your personal data should be sent to our address indicated in par. 1 above with the postscript “Personal data” or to our e-mail address: security@niftydesignlabs.com.

INFORMATION NOTE FOR WHO IS INTERESTED IN A CAREER IN NIFTY DESIGN LABS | GDPR

Hello,

According to the General Data Protection Regulation (GDPR) in force since 25th of May 2018, we want you to know:

WHO WE ARE:

  1. The controller of your personal data is Mr. Aaron Peters, conducting business as “Aaron Peters” with his registered office at Brouwersweg 143, in Maastricht, Netherlands, holder of VAT-EU number: NL339091022B01 (hereinafter referred to as “Nifty Design Labs”).

WHY DO WE PROCESS YOUR DATA:

2. We may process your personal data in order to arrange your visit with us which may help you get to know us a little more and help you make a decision if it is worth considering cooperation with us in the future – hence based on art. 6 par. 1 pt. a) of GDPR which is your consent – for a period of one month since the arranged date of your last visit with us, unless you withdraw earlier your consent on processing your personal data disclosed by you – in such case these data will be processed until withdrawal of your consent or unless you will inform us about cancelling your visit – then we will stop processing your personal data without delay.

DO YOU HAVE TO DISCLOSE YOUR DATA TO US:

3. Providing personal data by you is voluntary, however required for arranging your visit with us.

4. Due to the fact that the your visit may take place at our office, we would also like to inform you that video monitoring system operates within our office. The purpose of monitoring is to ensure the safety of people and property within our premises and its legal basis is art. 6 par. 1 pt. f) of GDPR – the legitimate interest of the controller understood as implementation of the above-mentioned purpose. Recordings obtained from monitoring will be stored for a period of 30 days, after which they will be destroyed in a way that prevents their reproduction. Exceptionally, in the case in which the recordings are evidence in legal proceedings or we learn that they may constitute evidence in such proceedings, the time limit specified in the preceding sentence is extended until the end of the relevant proceedings.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

5. our personal data may be disclosed by us to:

a) hosting providers (including providers of cloud computing services);
b) electronic mail service providers.

6. Your personal data may be transferred outside the European Economic Area, due to the fact that Google Ireland Ltd. company incorporated in Ireland together with Google LLC company incorporated in USA and its subsidiaries also incorporated in USA provide us with hosting services (regarding both electronic mail and cloud computing services). The legal basis for transfer of your personal data to Google LLC and its subsidiaries and the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission.

WHAT ARE YOUR RIGHTS:

7. Due to the protection of your personal data, you have the right to access your personal data and receive their copies (art. 15 of GDPR);

a) access your personal data and receive their copies (art. 15 of GDPR);
b) rectify your personal data and supplement them if necessary (art. 16 of GDPR);
c) erase your personal data or restrict their processing (art. 17-18 of GDPR);
d) object to the processing of your personal data (art. 21 of GDPR);
e) transfer your personal data (art. 20 of GDPR);
f) lodge a complaint with a competent supervisory authority (art. 77 of GDPR);
g) withdraw, at any time, your consent to the processing of your personal data referred to in par. 2 above, however, the withdrawal of your consent will not affect the lawfulness of the processing of your personal data within the period of validity of your consent and after withdrawal of your consent, we will still store your data necessary to document the fact and date of giving us your consent and revoking it.

ADDITIONALLY:

8. Your personal data are not profiled by us, and are not subject to any other form of automated processing, resulting in making decisions that cause legal effects to you or have a similar effect on you.
9. All correspondence regarding matters related to the processing of your personal data should be sent to our address indicated in par. 1 above with the postscript “Personal data” or to our e-mail address: security@niftydesignlabs.com.

INFORMATION NOTE FOR FACEBOOK USERS | GDPR

Dear Guest,

According to the General Data Protection Regulation (GDPR) in force since 25th of May 2018, in relation to the fact, that we run a fanpage on Facebook social media, which enables your interaction with us (reactions to our posts, tagging places and users, etc.) and our website includes a social media plugin which redirects to Facebook portal enabling fast interaction with us, we want you to know:

WHO WE ARE:

  1. The controller of your personal data is Mr. Aaron Peters, conducting business as “Aaron Peters” with his registered office at Brouwersweg 143, in Maastricht, Netherlands, holder of VAT-EU number: NL339091022B01 (hereinafter referred to as “Nifty Design Labs”).

2. The joint controller of your personal data – based on appropriate arrangements – is Facebook Ireland Limited company with its registered headquarters at 4 Grand Canal Square, Grand Cana Harbour, Dublin 2, Ireland. The essential content of the arrangements between the joint controllers is available on the webpage of the Facebook portal under the following link: https://www.facebook.com/legal/controller_addendum (information regarding terms and conditions for processing of personal data can also be found under following address: https://www.facebook.com/legal/terms/page_controller_addendum). We also want you to know:

a) responsibility for the performance of information obligation resulting from art. 13-14 of GDPR towards you rests on us;
b) Facebook Ireland Limited is responsible for ensuring the execution of your rights listed in art. 15-20 of GDPR in relation to personal data stored by Facebook Ireland Limited company during their collaborative processing by us and Facebook Limited Company.

WHY DO WE PROCESS YOUR DATA:

3. We may process your personal data:

a) for purpose of running our fanpage on Facebook portal effectively and enabling your interaction with us through this fanpage by presenting you with information regarding initiatives undertaken by us and our other activity and also with information related to promotion of various events, services and products, based on art. 6 par. 1 pt. f) of GDPR, which is a legitimate interest of the controller resting in promotion of our mark and enhancement of our services, until you lodge a well-founded objection to processing of your personal data;
b) for purpose of promoting our webpage in social media services to which social media plugins installed on our webpage redirect to, based on art. 6 par. 1 pt. f) of GDPR, which is a legitimate interest of the controller resting in promotion of our mark, until you lodge a well-founded objection to processing of your personal data;
c) for purpose of statistics and analytics, based on art. 6 par. 1 pt. f) of GDPR, which is a legitimate interest of the controller resting in promotion of our mark and enhancement of our services, until you lodge a well-founded objection to processing of your personal data;
d) for purpose of pursuing our potential claims or defending against your potential claims which may arise in connection with our interaction – based on art. 6 par. 1 pt. f) of GDPR which is a legitimate interest of the controller resting in securing his rights – until cessation of the termination period of the last from our mutually available claims or until the finalization of the legal proceedings regarding them;

DO YOU HAVE TO DISCLOSE YOUR DATA TO US:

4. Providing personal data by you for purposes indicated in par. 3 pt. a) – c) is entirely voluntary and may result only from your initiative, while we may process your personal data for purpose indicated in par. 3 pt. d) as effect of providing us with your data for other purposes and only if a dispute or reasonable risk of dispute between us occurs.

5. Your personal data may be disclosed by us to:

a) owner of Facebook social media portal;
b) providers of hosting services, including cloud computing services;
c) providers of legal services – if justified in a particular situation;
d) if justified in a particular situation, also to police, attorney’s office, courts and other authorized public authorities.

6. Your personal data may be transferred outside the European Economic Area – due to the fact that:

a) Facebook Ireland Limited company with its registered seat in Ireland is a joint controller of your personal data and in justified circumstances it may transfer your personal data to its related companies with their registered headquarters in USA (in particular to Facebook Inc.). In such case the legal basis for transfer of your personal data to such entities and the mechanism securing your personal data are the Standard Contractual Clauses enacted by the European Commission;
b) Google Ireland Ltd. company incorporated in Ireland together with Google LLC company incorporated in USA and its subsidiaries also incorporated in USA provide us with hosting services (regarding both electronic mail and cloud computing services). The legal basis for transfer of your personal data to Google LLC and its subsidiaries and the legal mechanism securing this transfer are the Standard Contractual Closes enacted by the European Commission.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

5. our personal data may be disclosed by us to:

a) hosting providers (including providers of cloud computing services);
b) electronic mail service providers;
c) mail service providers;
d) legal service providers.

6. Your personal data may be transferred outside the European Economic Area – due to the fact that Google Ireland Ltd. company incorporated in Ireland together with its subcontractor – Google LLC company incorporated in the USA provide us with hosting services (regarding both electronic mail and cloud computing). However, Google LLC participates in the Privacy Shield program which ensures an adequate level of protection of personal data. The list of the entities participating in the Privacy Shield program can be found under the following address: https://www.privacyshield.gov/participant_search, while the main assumptions of this program can be found under the following address: https://www.privacyshield.gov/Program-Overview.

WHAT ARE YOUR RIGHTS:

7. Due to protection of your personal data you have the right to:

a) access your personal data and receive their copies (art. 15 of GDPR);
b) rectify your personal data and supplement them if necessary (art. 16 of GDPR);
c) erase your personal data or restrict their processing (art. 17-18 of GDPR);
d) object to processing of your personal data (art. 21 of GDPR);
e) transfer your personal data (art. 20 of GDPR);
f) lodge a complaint with a competent supervisory authority (art. 77 of GDPR).

ADDITIONALLY:

8. Your personal data are not profiled by us, and are not subject to any other form of automated processing, resulting in making decisions that cause legal effects to you or have a similar effect on you. Details regarding processing of your personal data by provider of Facebook portal may be found under following link: https://www.facebook.com/about/privacy – information provided therein result in the conclusion that provider of the Facebook portal may process your personal data in an automated manner, which may have effect, inter alia, on extent of content displayed to you on Facebook portal.
9. All correspondence regarding matters related to the processing of your personal data should be sent to our address indicated in par. 1 above with the postscript “Personal data” or to our e-mail address: security@niftydesignlabs.com.

INFORMATION NOTE FOR DATA SUBJECTS WHO REQUESTED FROM US EXECUTION OF THEIR RIGHTS AVAILABLE UNDER ARTICLES 15 – 22 OF GDPR:

Dear Petitioner,

According to the General Data Protection Regulation (GDPR) in force since 25th of May 2018, we want you to know:

WHO WE ARE:

  1. The controller of your personal data is Mr. Aaron Peters, conducting business as “Aaron Peters” with his registered office at Brouwersweg 143, in Maastricht, Netherlands, holder of VAT-EU number: NL339091022B01 (hereinafter referred to as “Nifty Design Labs”).

WHY DO WE PROCESS YOUR DATA:

2. We may process your personal data:

a) in order to analyze and process the requests filed by you under the articles 15-22 of GDPR – based on art. 6 par. 1 pt. c) of GDPR in conjunction with articles 15-22 of GDPR which is our legal obligation – for period required to analyze and process requests filed by you (basically no longer than 3 months from receipt of the requests filed by you);
b) in order to pursuit our potential claims or defend against your potential claims which may arise in connection with requests filed by you – based on art. 6 par. 1 pt. f) of GDPR which is a legitimate interest of the data controller – until cessation of the termination period of the last from our mutually available claims or until the finalization of the legal proceedings regarding them (basically no longer than 6 years from receipt of the requests filed by you).

WHAT CATEGORIES OF YOUR PERSONAL DATA DO WE PROCESS:

3.We process following categories of your personal data:
3.1. first name and last name;
3.2. contact data provided by you (which may include: e-mail address, phone number, home address, address for service and other contact data provided by you);
3.3 any other potential data provided by you – for example in order to verify your identity (which may include your birth date).

HOW DO WE ACQUIRED YOUR PERSONAL DATA:

4. We acquired your personal data from you.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

5. Disclosure of your personal data referred to in this information note is voluntary, however required for analysis and processing of your requests. Refusing to disclose the aforementioned personal data, as well as any other potential data which my by required by us in order to verify your identity, will prevent processing of your requests.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

6. Your personal data may be disclosed by us to:

a) hosting providers (including providers of cloud computing services);
b) electronic mail service providers;
c) mail service providers;
d) legal service providers.
e) in justified cases also to police, attorney office, courts and other authorized public authorities.

7. Your personal data may be transferred outside the European Economic Area, due to the fact that Google Ireland Ltd. company incorporated in Ireland together with Google LLC company incorporated in USA and its subsidiaries also incorporated in USA provide us with hosting services (regarding both electronic mail and cloud computing services). The legal basis for transfer of your personal data to Google LLC and its subsidiaries and the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission

WHAT ARE YOUR RIGHTS:

8. Due to protection of your personal data you have the right to:

a) access your personal data and receive their copies (art. 15 of GDPR);
b) rectify your personal data and supplement them if necessary (art. 16 of GDPR);
c) erase your personal data or restrict their processing (art. 17-18 of GDPR);
d) object to processing of your personal data (art. 21 of GDPR);
e) lodge a complaint with a competent supervisory authority (art. 77 of GDPR).

ADDITIONALLY:

9. Your personal data are not profiled by us, and are not subject to any other form of automated processing, resulting in making decisions that cause legal effects to you or have a similar effect on you.
10. All correspondence regarding matters related to the processing of your personal data should be sent to our address indicated in par. 1 above with the postscript “Personal data” or to our e-mail address: security@niftydesignlabs.com.

INFORMATION NOTE FOR PARTICIPANTS OF CONTESTS ORGANIZED BY NIFTY DESIGN LABS GDPR:

Dear Participant,

According to the General Data Protection Regulation (GDPR) in force since 25th of May 2018, we want you to know:

WHO WE ARE:

  1. The controller of your personal data is Mr. Aaron Peters, conducting business as “Aaron Peters” with his registered office at Brouwersweg 143, in Maastricht, Netherlands, holder of VAT-EU number: NL339091022B01 (hereinafter referred to as “Nifty Design Labs”).

WHY DO WE PROCESS YOUR DATA:

2. We may process your personal data:
a) in order to organize and perform the contest in which you participate based on our agreement (terms and conditions of the contest) – based on art. 6 par. 1 pt. b) of GDPR, – until the end of the contest;
b) in order to promote the contests organized by us – based on art. 6 par. 1 pt. f) of GDPR which is the legitimate interest of the controller understood as promotion of its services – until you object to it – to the extent in which we record and process your image in materials in which this image is a part of a larger whole (concerns materials not focused on you – for example when you are one of the people included in the wider picture);
c) in order to promote the contests organized by us – based on art. 6 par. 1 pt. a) of GDPR which is your consent – until you withdraw your consent – to the extent in which we record and process your image in materials in which this image is not a part of a larger whole (concerns materials focused on you, not including you as one of many people – for example an interview with you or an individual photography);
d) in order to perform our tax duties resting on us as the payers of the income tax – based on art. 6 par. 1 pt. c) of GDPR in relation to provisions of the Tax Ordinance and Act on Personal Income Tax (in particular art. 30 sub. 1 pt. 2 and art. 41 and 42 of the Act on Personal Income Tax dated 26 July 1991) – for period of 5 years from the end of the fiscal year in which our tax obligation occurred;
e) in order to perform our accounting duties – based on art. 6 par. 1 pt. c) of GDPR in relation to  provisions of the Tax Ordinance and Act on Personal Income Tax (in particular art. 86 of the Tax Ordinance) – for period of 5 years from the end of the fiscal year in which the particular tax event occurred;
f) for the purpose of potential execution of claims and defending against the claims which may be mutually available to us in relation to your participation in the contest organized by us – based on art. 6 par. 1 pt. f) of GDPR, which is our legitimate interest – until cessation of the limitation period of the last of the mutually available claims or until the final conclusion of the judicial proceedings related to our mutually available claims;
g) in order to enable your participation in the survey performed in relation to the contest organized by us, as well as to inform you about correctness of of the answers given to the questions constituting the contest assignment – based on art. 6 par. 1 pt. a) of GDPR, which is your consent – until you revoke such consent.

DO WE HAVE TO DISCLOSE YOUR DATA TO US:

3. Providing personal data for purposes indicated in:
a) sub. 2 pt. a) – b) above is voluntary, however necessary for your participation in the contest organized by us – otherwise your participation in the contest will not be possible;
b) sub. 2 pt. d) – e) above is mandatory (as a legal obligation resulting from the legal provisions indicated there) and you are required to disclose such data – otherwise you will not be able to participate in our contest and collect the reward;
c) sub. 2 pt. f) is required for your participation in the contest and cessation of their processing for these purposes will prevent achieving them, as well as your participation in the contest;
d) sub. 2 pt. c) and g) is absolutely voluntary.

4. We would also like to inform you that a video monitoring system including 4 cameras operates within our company’s premises so when the contest takes place within our premises your image will be recorded. The purpose of monitoring is to ensure the safety of people and property within our premises and its legal basis is art. 6 par. 1 pt. f) of GDPR – our legitimate interest which is to implement the above-mentioned purpose. Materials obtained from monitoring will be stored for a period of 30 days, after which they will be destroyed in a way that prevents their reproduction. Exceptionally, in the case in which the recordings are evidence in legal proceedings or we have learned that they may constitute evidence in such proceedings, the time limit specified in the preceding sentence is extended until the end of the relevant proceedings.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

5. Your personal data may be disclosed by us to:

a) hosting providers (including providers of cloud computing services);
b) electronic mail service providers;
c) social media providers (Facebook, Twitter, YouTube, LinkedIn, Instagram);
d) mail and courier service providers;
e) photographic services providers;
f) our subcontractors;
g) accountancy services providers;
h) legal services providers;
i) National Revenue Administration;
j) in certain situations also to Police, Attorney Office, judicial courts, as well as other authorized bodies and institutions of public authority.

6. Your personal data may be transferred outside the European Economic Area – due to the fact that:
a) Google Ireland Ltd. company incorporated in Ireland together with Google LLC company incorporated in USA and its subsidiaries also incorporated in USA provide us with hosting services (regarding both electronic mail and cloud computing services). The legal basis for transfer of your personal data to Google LLC and its subsidiaries and the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission;
b) photos from trainings and workshops as well as other promotional materials may be published by us in social media, which may lead in consequence to disclosure of your personal data to providers of following social media portals: Facebook (Facebook, Inc.), Instagram (Facebook, Inc.), LinkedIn (LinkedIn Corporation), Twitter (Twitter, Inc.) and YouTube (Google LLC), all incorporated in USA. Your personal data processed within the aforementioned social media portals is generally controlled by the following companies incorporated in Ireland: Facebook Ireland ltd. (Facebook and Instagram), LinkedIn Ireland Unlimited Company (LinkedIn), Twitter International Company (Twitter) and Google Ireland ltd. (YouTube). In some cases however, a certain amount of your personal data (such as basic identification data revealed by you while registering your account) may be transferred by the aforementioned Irish companies to their related US companies. In such case, the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission.

WHAT ARE YOUR RIGHTS:

7. Due to protection of your personal data you have the right to:

a) access your personal data and receive their copies (art. 15 of GDPR);
b) rectify your personal data and supplement them if necessary (art. 16 of GDPR);
c) erase your personal data or restrict their processing (art. 17-18 of GDPR);
d) object to processing of your personal data (art. 21 of GDPR);
e) transfer your personal data (art. 20 of GDPR);
f) lodge a complaint with a competent supervisory authority (art. 77 of GDPR).

8. You also have the right to withdraw, at any time, your consent to processing of your personal data referred to in par. 2 pt. e) above, however, the withdrawal of your consent will not affect the lawfulness of processing of your personal data within the period of validity of your consent and after withdrawal of your consent we will still store your data necessary to document the fact and date of giving us your consent and revoking it.

ADDITIONALLY:

9. Your personal data are not profiled by us, and are not subject to any other form of automated processing, resulting in making decisions that cause legal effects to you or have a similar effect on you.
10. All correspondence regarding matters related to the processing of your personal data should be sent to our address indicated in par. 1 above with the postscript “Personal data” or to our e-mail address: security@niftydesignlabs.com.

INFORMATION NOTE FOR PARTICIPANTS OF WORKSHOPS, TRAININGS, AND OTHER SIMILAR EVENTS ORGANIZED BY NIFTY DESIGN LABS | GDPR:

 

Dear Participant,
According to the General Data Protection Regulation (GDPR) in force since 25th of May 2018, we want you to know:

WHO WE ARE:

  1. The controller of your personal data is Mr. Aaron Peters, conducting business as “Aaron Peters” with his registered office at Brouwersweg 143, in Maastricht, Netherlands, holder of VAT-EU number: NL339091022B01 (hereinafter referred to as “Nifty Design Labs”).

WHY DO WE PROCESS YOUR DATA:

2. We may process your personal data:

a) in order to organize and perform the training, workshops, conference or other similar events (hereinafter referred to as “the event”) – based on art. 6 par. 1 pt. b) of GDPR, – until the end of the event;
b) in order to promote the events organized by us as well as inform and remind you about the method, time and place of their taking place – based on art. 6 par. 1 pt. f) of GDPR which is the legitimate interest of the controller understood as promotion of its services – until you object to it.

DO YOU HAVE TO DISCLOSE YOUR DATA TO US:

3. Providing personal data by you is voluntary, but required for your participation in events organized by Nifty Design Labs – ceasing to process your personal data will prevent implementation of this purpose.

FOR WHOM MAY WE DISCLOSE YOUR DATA:

4. Your personal data may be disclosed by us to:

a) hosting providers (including providers of cloud computing services);
b) electronic mail service providers;
c) event registration service providers;
d) social media providers (Facebook, Twitter, YouTube, LinkedIn, Instagram);
e) mail service providers;
f) our subcontractors.

5. Your personal data may be transferred outside the European Economic Area – due to the fact that:

a) Google Ireland Ltd. company incorporated in Ireland together with Google LLC company incorporated in USA and its subsidiaries also incorporated in USA provide us with hosting services (regarding both electronic mail and cloud computing services). The legal basis for transfer of your personal data to Google LLC and its subsidiaries and the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission;
b) content of (online) trainings and workshops and promotional materials may be published by us in social media, which may lead in consequence to disclosure of your personal data to providers of following social media portals: Facebook (Facebook, Inc.), Instagram (Facebook, Inc.), LinkedIn (LinkedIn Corporation), Twitter (Twitter, Inc.) and YouTube (Google LLC), all incorporated in USA. Your personal data processed within the aforementioned social media portals is generally controlled by the following companies incorporated in Ireland: Facebook Ireland ltd. (Facebook and Instagram), LinkedIn Ireland Unlimited Company (LinkedIn), Twitter International Company (Twitter) and Google Ireland ltd. (YouTube). In some cases however, a certain amount of your personal data (such as basic identification data revealed by you while registering your account) may be transferred by the aforementioned Irish companies to their related US companies. In such case, the legal mechanism protecting this transfer are the Standard Contractual Closes enacted by the European Commission.

WHAT ARE YOUR RIGHTS:

6. Due to protection of your personal data you have the right to:

a) access your personal data and receive their copies (art. 15 of GDPR);
b) rectify your personal data and supplement them if necessary (art. 16 of GDPR);
c) erase your personal data or restrict their processing (art. 17-18 of GDPR);
d) object to processing of your personal data (art. 21 of GDPR);
e) transfer your personal data (art. 20 of GDPR);
f) lodge a complaint with a competent supervisory authority – the President of Personal Data
Protection Office (art. 77 of GDPR).

ADDITIONALY:

7. Your personal data are not profiled by us, and are not subject to any other form of automated processing, resulting in making decisions that cause legal effects to you or have a similar effect on you.
8. All correspondence regarding matters related to the processing of your personal data should be sent to our address indicated in par. 1 above with the postscript “Personal data” or to our e-mail address: security@niftydesignlabs.com.