FLM system logo

Menu

Privacy Policy

This Privacy Policy (hereinafter: the "Policy") contains information on the processing of your personal data in connection with the use of flmsystem.com websites or subpages created on the basis thereof (hereinafter collectively: the "Website") and the services provided by the Controller.

Personal data Controller

The Controller of your personal data is FINGOWEB SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ SPÓŁKA KOMANDYTOWA with its registered office in Krakow (registered office address: 1C/B14 Ostatnia Street, 31-444 Krakow), entered into the register of entrepreneurs of the National Court Register kept by the District Court for Krakow-Śródmieście in Krakow, XI Commercial Division of the National Court Register under the number KRS 748728, having NIP: 9452221968, REGON number: 381300050 (hereinafter: "Controller").

Contact with the Controller

In all matters related to the processing of personal data, you can contact the Controller electronically, by sending an e-mail to contact@flmsystem.com.

Team registration on league sites

In the case of personal data provided via the team registration form made available on a given League Organizer's site (subdomain) – i.e. the data of the registering person (the Manager) relating to their participation in the league and the data of the team's players – the controller of such data is the League Organizer operating the given league, not Fingoweb. The controller's identity and contact details are presented at the team registration form. Fingoweb processes such data solely as a processor, on behalf of the League Organizer, under the terms of the data processing agreement. To that extent, this Policy – in the part indicating Fingoweb as the controller – does not apply. Other data processed in connection with the use of the site (subdomain), in particular technical data, cookies and analytics data, is processed by Fingoweb as the controller on the terms set out in the remainder of this Policy.

Personal data protection measures

The Controller applies modern organizational and technical safeguards to ensure the best possible protection of your personal data and guarantees that it processes them in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter:"GDPR"), the Act of 10 May 2018 on the protection of personal data and other provisions on the protection of personal data.

Information about the personal data processed

The use of the Website and the services provided by the Controller requires the processing of your personal data. Below you will find detailed information on the purposes and legal basis of the processing, as well as the period of processing and the obligation or voluntariness of providing them.

Purpose of processing: Conclusion and performance of a contract for the provision of services, as well as taking actions aimed at concluding it (including preparation of a valuation/offer)

Personal data processed:

  • Name and surname
  • Company
  • Subdomain name
  • E-mail address
  • phone number.

Legal basis:

  • Article 6(1)(b) of the GDPR
  • (the processing is necessary for the performance of a contract concluded with the data subject or to take steps to conclude it)

Providing the aforementioned personal data is a condition for the conclusion and performance of the service provision agreement (their provision is voluntary, but the consequence of failing to provide them will be the inability to conclude and perform the aforementioned agreement).

The Controller will process the aforementioned personal data until the statute of limitations for claims arising from the service provision agreement expires.

Purpose of processing: Maintaining the Controller's profiles on Facebook, Instagram and YouTube (hereinafter collectively: the "Services")

Personal data processed:

  • Your profile name
  • data that you have placed on your profile as "public"
  • Your image (if it appears as "public" in the photos available on your profile)
  • personal data placed by you in the comments under the content published on the Controller's profile or sent in a private message to the Controller's profile
  • statistical and advertising data collected by the social network.

Legal basis:

  • Article 6(1)(f) of the GDPR
  • (processing is necessary in order to pursue the legitimate interest of the Controller, in this case maintaining profiles on the Services)

Providing the aforementioned personal data is voluntary, but necessary for you to use the Controller's profile on a given Service (the consequence of not providing them will be the inability to use the Controller's profile). The Controller will process the aforementioned personal data until an effective objection is raised or the purpose of the processing is achieved.

The Controller informs that in terms of statistical and advertising data, the joint controller of personal data is the entity responsible for running the given Service, i.e.:

  1. Meta Platforms Ireland Limited – in respect of Facebook and Instagram;
  2. Google LLC – within the scope of YouTube.

Detailed information regarding the mutual arrangements between the Controller and the aforementioned entities, as well as the processing of personal data by the aforementioned entities, can be found in the privacy policies and other documents published on the Services.

Any questions and claims arising from your use of the Services should be directed directly to the aforementioned entities.

Purpose of processing: Organizing the event, including the FLM System Demo (in stationary or online form) and allowing you to participate in it

Personal data processed:

  • name and surname
  • Email address
  • optionally – other contact details
  • optionally – data of the organization to which you belong
  • optionally – answers to the questions contained in the registration form.

Legal basis:

  • Article 6(1)(b) of the GDPR
  • (processing is necessary for the performance of an event agreement concluded with the data subject or to take steps to conclude it)

Providing the aforementioned personal data is a condition for the conclusion and performance of the contract regarding participation in the event (their provision is voluntary, but the consequence of failing to provide them will be the inability to participate in the event).

The Controller will process the aforementioned personal data until the statute of limitations for claims arising from the contract regarding participation in the event expires.

Purpose of processing: Conducting a complaint procedure

Personal data processed:

  • Name and surname
  • E-mail address

Legal basis:

  • Article 6(1)(c) of the GDPR
  • (processing is necessary to comply with a legal obligation incumbent on the Controller, in this case the obligations of:
  • responding to a complaint – Article 7a of the Act on Consumer Rights
  • exercising the Client's rights resulting from the provisions on the Controller's liability in the event of non-compliance of the Subject of Digital Supply with the Agreement relating thereto)

Providing the aforementioned personal data is a condition to receive a response to the complaint or to realize the Client's rights resulting from the provisions on the Controller's liability in the event of non-conformity of the Subject of Digital Supply with the Agreement concerning it (their provision is voluntary, but the consequence of failing to provide them will be the inability to receive a response to the complaint and the realization of the aforementioned rights).

The Controller will process the aforementioned personal data for the duration of the complaint procedure, and in the case of the realization of the aforementioned Client's rights – until their statute of limitations expires.

Purpose of processing: Establishing, pursuing or defending against claims

Personal data processed:

  • name/company
  • Email address
  • address of residence/registered office
  • PESEL/KRS number
  • NIP number.

Legal basis:

  • Article 6(1)(f) of the GDPR
  • (processing is necessary in order to pursue the legitimate interest of the Controller, in this case to establish, pursue or defend against claims that may arise in connection with the provision of services or the use of the Website)

Providing the aforementioned personal data is voluntary, but necessary for the Controller to establish, pursue or defend against claims that may arise in connection with the provision of services or the use of the Website (the consequence of not providing them will be the Controller's inability to undertake the aforementioned actions).

The Controller will process the aforementioned personal data until the statute of limitations for claims expires.

Purpose of processing: Analysis of your activity on the Website

Personal data processed:

  • date and time of visit
  • Device IP number
  • the type of operating system of the device
  • approximate location
  • the type of web browser
  • time spent on the Website
  • visited subpages and other activities undertaken within the Website.

Legal basis:

  • Article 6(1)(f) of the GDPR
  • (processing is necessary in order to pursue the legitimate interest of the Controller, in this case to obtain information about your activity on the Website)

Providing the aforementioned personal data is voluntary, but necessary for the Controller to obtain information about your activity on the Website (the consequence of not providing them will be the Controller's inability to obtain the aforementioned information).

The Controller will process the aforementioned personal data until an effective objection is raised or the purpose of the processing is achieved.

Purpose of processing: Website administration

Personal data processed:

  • IP address
  • server date and time
  • information about the web browser
  • operating system information. The above data is automatically saved in the so-called server logs, each time you use the Website (administering them without the use of server logs and automatic recording would not be possible).

Legal basis:

  • Article 6(1)(f) of the GDPR
  • (processing is necessary in order to pursue the legitimate interest of the Controller, in this case to ensure the proper functioning of the Website)

Providing the aforementioned personal data is voluntary, but necessary to ensure the proper operation of the Website (the consequence of not providing them will be the inability of the Website to operate properly).

The Controller will process the aforementioned personal data until an effective objection is raised or the purpose of the processing is achieved.

Profiling

In order to create your profile for marketing purposes and direct marketing (e.g. ads on the Facebook social network) tailored to your preferences, the Controller will process your personal data in an automated manner, including profiling them – however, this will not produce any legal effects concerning you, or similarly significantly affect your situation.

The scope of profiled personal data corresponds to the scope indicated above in relation to the analysis of your activity on the Website.

The legal basis for the processing of personal data for the above purpose is Article 6(1)(f) of the GDPR, according to which the Controller may process personal data in order to pursue its legitimate interest, in this case, conducting marketing activities tailored to the preferences of the recipients. Providing the aforementioned personal data is voluntary, but necessary to achieve the aforementioned purpose (the consequence of not providing them will be the Controller's inability to conduct marketing activities tailored to the preferences of the recipients).

The Controller will process personal data for the purpose of profiling them until an effective objection is lodged or the purpose of processing is achieved.

You may disable the Facebook Pixel tool in the cookie management panel at the bottom of the Website.

Recipients of personal data

The recipients of personal data will be the following external entities cooperating with the Controller:

  • Internet domain provider.
  • Newsletter service provider.
  • Online payment service provider.
  • Data hosting service provider.
  • Companies providing tools for analysing activity on the Website and conducting direct marketing toward people using it (including Google LLC, Meta Platforms Ireland Limited).
  • Microsoft Ireland Operations Ltd. – provider of the Microsoft Clarity user behaviour analytics tool (independent data controller).
  • A company providing accounting services.

In addition, personal data may also be transferred to public or private entities if such an obligation arises from generally applicable provisions of law or a final decision.

Transfer of personal data to a third country

In connection with the Controller's use of tools such as Clarity, Google Analytics, or Facebook Pixel, your personal data may be transferred to the following third countries: United Kingdom, Canada, USA, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia, and Australia. The basis for the transfer of data to the above-mentioned third countries are:

  • in the case of the United Kingdom, Canada, Israel, Japan and South Korea – decisions of the European Commission declaring an adequate level of protection of personal data in each of the above-mentioned third countries.
  • for the US, Commission Implementing Decision (EU) 2023/1795 of 10 July 2023 on the basis of Regulation (EU) 2016/679 of the European Parliament and of the Council, stating the adequacy of the level of protection of personal data ensured by the EU-US data protection framework.
  • for the USA, Chile, Brazil, Saudi Arabia, Qatar, India, China, Singapore, Taiwan (Republic of China), Indonesia and Australia – contractual clauses ensuring an adequate level of protection, compliant with the standard contractual clauses set out in Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for transfers of personal data to third countries pursuant to Regulation (EU) of the European Parliament and of the Council 2016/679.

You can obtain from the Controller a copy of the data transferred to a third country.

Rights

In connection with the processing of personal data, you have the following rights:

  • Right of access to data (Art. 15 GDPR) – the right to be informed about what personal data concerning you are processed by the Controller and to receive a copy of this data. The issuance of the first copy of the data is free of charge; for subsequent ones, the Controller may charge a fee.
  • Right to rectification (Art. 16 GDPR) – if the processed data becomes outdated or incomplete (or otherwise incorrect), you have the right to request their rectification.
  • Right to erasure (Art. 17 GDPR) – in certain situations, you can request the Controller to delete your personal data, e.g., when: the data are no longer needed by the Controller for the purposes of which you were informed; you have effectively withdrawn your consent to data processing – provided that the Controller has no right to process the data on another legal basis; the processing is unlawful; the necessity to delete the data arises from a legal obligation incumbent on the Controller.
  • Right to data portability (Art. 20 GDPR) – in the case where personal data are processed by the Controller on the basis of granted consent to processing or in order to perform an Agreement concluded with them, you have the right to transfer your data to another controller.
  • Right to withdraw consent (Art. 7(3) GDPR) – in the case where personal data are processed by the Controller on the basis of consent to processing granted by you, you have the right to withdraw this consent at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent prior to its withdrawal.
  • Right to restriction of processing (Art. 18 GDPR) – if you consider that the processed personal data are incorrect, their processing is unlawful, or the Controller no longer needs specific data, you can request that for a specific, needed period (e.g., to verify the correctness of data or to pursue claims), the Controller does not perform any operations on the data, but only stores them.
  • Right to object (Art. 21 GDPR) – you have the right to express an objection to the processing of personal data, the basis of which is the legitimate interest of the Controller. In the event of an effective objection, the Controller will cease to process personal data for the aforementioned purpose.
  • Right to lodge a complaint (Art. 77 GDPR) – you have the right to lodge a complaint with the President of the Personal Data Protection Office if you consider that the processing of personal data violates the provisions of the GDPR.

Cookies

The Controller informs that the Website uses "cookies", installed on your Access Device. These are small text files that can be read by the Controller's system, as well as by systems belonging to other entities whose services the Controller utilizes (e.g., Facebook, Google).

The Controller uses cookies for the following purposes:

  • Ensuring the proper operation of the Website – thanks to cookies, it is possible for the Website to operate smoothly, utilize the functions available on it, and comfortably navigate between individual subpages.
  • Ensuring security – cookies are used to authenticate users and prevent unauthorized use of the client's account. Therefore, they serve to protect the user's personal data against access by unauthorized persons.
  • Increasing the comfort of browsing the Website – thanks to cookies, it is possible to detect errors on certain subpages and continuously improve them.
  • Maintaining the session state after logging into the account – thanks to cookies, it is not required to provide authentication data on every viewed subpage, which promotes the comfort of using the Website.
  • Creating statistics – cookies are used to analyze how users utilize the Website (e.g., how many users visit it, how long they stay on it, which content arouses the most interest). Thanks to this, it is possible to continuously improve the Website and adjust its operation to the users' preferences.
  • Conducting marketing activities – thanks to cookies, the Controller can direct advertisements tailored to users' preferences.

The Controller can place both permanent and temporary files on your device. Temporary files are usually deleted when you close the browser, but closing the browser does not delete the permanent files.

Information about cookies used by the Controller is displayed in the panel located at the bottom of the Website. Depending on your decision, you can enable or disable cookies of individual categories (except for strictly necessary cookies) and change these settings at any time. Data collected via cookies do not allow the Controller to identify you.

The Controller uses the following tools using cookies:

  • Strictly necessary cookies of the Website – these files enable the proper and secure functioning of the Website (they are used, among others, to adjust the website layout to the device screen), therefore their disabling is not possible (the operation of these files is a condition for using the Website). Strictly necessary cookies remain on your Access Device for a period of 1 year.
  • Google Analytics – this tool (using cookies provided by Google LLC) allows collecting statistical data about the way users use the website, including the number of visits, duration of visits, the search engine used, and location. The collected data help to improve the Website and make it more user-friendly. Cookies used by Google Analytics remain on your Access Device for a period of up to 2 years.
  • Google Ads – this tool (using cookies provided by Google LLC) allows collecting data about your preferences (including visited subpages, viewed content) and enables directing advertisements to you displayed on other websites you visit. Cookies used by Google Ads remain on your Access Device for a period of up to 18 months.
  • Facebook Pixel – this tool (using cookies provided by Meta Platforms Ireland Limited) allows determining that you have visited the Website, as well as directing advertisements to you displayed on the social networking services Facebook and Instagram, and measuring their effectiveness. Cookies used by Facebook Pixel remain on your Access Device for a period of up to 90 days.
  • Microsoft Clarity – this tool (provided by Microsoft Corporation) is used to analyse user behaviour on the Website by recording sessions and generating heat maps. Cookies used by Microsoft Clarity remain on your Access Device for a period of up to 1 year.
  • Google Tag Manager – this tool (provided by Google LLC) is used to manage analytical and marketing scripts on the Website. Google Tag Manager itself does not collect personal data – it is used solely to run other tools listed in this Policy.

Through most commonly used browsers, you can check whether cookies have been installed on your device, as well as delete installed cookies and block them from being installed in the future by the Website or other websites. However, disabling or limiting the use of cookies may cause quite serious difficulties in using the Website, e.g. in the form of the need to log in to each subpage, a longer loading period of the website, limitations in the use of functionalities.

Final provisions

To the extent not regulated by this Policy, generally applicable regulations on the protection of personal data shall apply.

The policy is effective from 10 June 2026.

Privacy Policy | FLM System