Dear User (hereinafter: “The User”/”You”/”Your”),

from May 25, 2018, all entities processing personal data in UE are required to apply Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals about the processing of personal data and the free movement such data and repealing Directive 95/46/EC (hereinafter "GDPR"). The same provisions also apply in the territory of the United Kingdom, where the Data Protection Act 2018 adapts the GDPR for the UK context.

In connection with the above, the administrator of this website https://www.dutchman.io/  (hereinafter " Website"), which is ICEO LAB LTD with its registered office at 1 Chapel Street, Warwick, United Kingdom, CV34 4HL, a company incorporated and operating under the law of the United Kingdom, entered an the Companies House under the number: 11384164  (hereinafter "ICEO"/”WE”/”US”/”OUR”), to meet the information obligation set out in Art. 13 and 14 of the GDPR inform that the provisions of this Privacy Policy (hereinafter "Privacy Policy") apply to the personal data of the Website Users.

In this Privacy Policy, We would like to provide you with information about Us and the nature, scope, and purposes of data processing, and thus familiarize you with the processing of Your data on the Website.

ICEO respects the User’s right to privacy and declares that it makes every effort not to collect any data except those necessary for the proper functioning of the Website or those whose collection is aimed at increasing the usefulness of the Website.

The Website uses cookies. Information on what they are and how cookies are used can be found in the "Cookie Policy" tab here: https://www.dutchman.io/cookie-policy .

I. Privacy Policy

In the interests of the security of Your data, We have implemented procedures to prevent a breach of their security and are by applicable law, in particular with:

1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals about the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC;
2. The Personal Data Protection Act of May 10, 2018 (Polish Journal of Laws of 2019, item 1781, as amended);
3. Act on the provision of electronic services on July 18, 2002 (Polish Journal of Laws of 2020, item 344, as amended);
4. Data Protection Act 2018 (UK 2018 CHAPTER 12).

The administrator attaches the utmost importance to the protection of the privacy and confidentiality of Your data and with the utmost care selects and applies technical and organizational measures to ensure their proper protection. ICEO protects Your data against disclosure to unauthorized persons, loss, destruction, or unauthorized modification, as well as against their processing in violation of applicable law.

II. On what basis do We process Your data

By using the Website, You acknowledge and accept the collection, storage, disclosure, and another form of use of Your data by ICEO under the conditions provided for in this Privacy Policy. The processing of Your data is necessary to contact You and, in the case of entering into a contract with You, to perform Our contractual obligations towards You and provide You with Our services, as well as for Our business needs.

Thus, We process Your data for the following purposes and on the following grounds:

1. By concluding a contract with us on Our behalf - We process Your data to the extent necessary to conclude and perform this contract. Without it, We would not be able to provide you with the service, and You would not be able to use it. Failure to provide such data will prevent Us from concluding and performing the contract (legal basis: Article 6 sec. 1 (b) of the GDPR);
2. By concluding a contract with Us on behalf of and for the benefit of a legal person or organizational unit without the legal personality that You represent (hereinafter: "Organization") - We process Your data based on a legitimate interest within the meaning of Article 6 sec. 1 (f) of the GDPR, which is the implementation of Our rights and obligations under this contract. Without this, We would not be able to provide the Organization you represent, and the Organization would not be able to use it;
3. By providing Your data to make contact with Us - We process Your data based on a legitimate interest within the meaning of Article 6 sec. 1 (f) of the GDPR, which is the implementation of Our rights and obligations under this contract, including contacting You that You requested;
4. Legitimate interests under Article 6 sec. 1 (f) of the GDPR. Such legitimate interests are in particular:some text
   1. establishing the contact requested by You,
   2. ensuring the security of the service,
   3. making statistical measurements, improving Our services, and adjusting them to the needs and convenience of users (e.g. personalizing content in services),
   4. conducting direct marketing or promoting Our services, for marketing purposes and to adjust the content of Our websites, We can also analyze the content that has been launched or displayed on the pages You have visited and the method of launching or displaying them,
   5. pursuing or securing claims or defending against them.
5. Processing is necessary to comply with legal obligations (legal basis: Article 6 sec. 1 (c) of the GDPR).
6. Consent (legal basis: Article 6 sec. 1 (a) of the GDPR) - conducting direct marketing or promoting Our services, for marketing purposes and to adjust the content of Our websites, We can also analyze the content that has been launched or displayed on the pages You have visited and the method of launching or displaying them.

III. What data do We collect and process

To be able to conclude and perform the contract with You or the Organization You represent, and thus provide services by Us, We require You to provide the following personal data:

• Identifying information - name and surname - if they are a part of your e-mail address that You use to contact Us. We use them to contact You for a variety of reasons depending on the purpose.
• Contact details - Your e-mail address, and other communication channels that You use to contact Us for further information. We use them to contact You for a variety of reasons depending on the purpose.

ICEO can also collect the following categories of data:

1. Device information - including information about Your devices or browsers that indicate Your behavior on the Internet or the way You use devices. Information about Your devices is collected by the ICEO, and information about Your browsers is collected by Our cookies, tags, and pixels. This is often required for network security reasons. This includes, i.a., IP address, date and time of entering Our Website, time of stay, amount of data transferred, referring URL (in the case of switching to Our Website from another Website or via an advertisement), pages visited on Our Website, type of Your browser (language and software version), browser add-ons, device identifier, and features, device type and version, operating system.

IV. How We collect Your data

By concluding a contract with Us on Your behalf or behalf of Your Organization - We receive Your data directly from You during the conclusion of the contract. The contract is considered to have been concluded when You start using Our website.

By providing Your data to make contact with Us - We receive Your data directly from You when You provide it in the contact form on Our Website or by sending us an e-mail or using Our Website.

V. Recipients of personal data

ICEO might engage third-party service providers to perform functions on Our behalf, such as user management, data analysis, marketing, and customer support. These service providers shall have the access to Your personal data only to the extent necessary to perform their services, and they shall be contractually obligated to maintain the confidentiality and security of Your data.

The recipients of Your data may be:

1. entities providing services that ensure appropriate technical and organizational solutions for the Administrator (e.g. IT service providers, entities providing maintenance services);
2. entities providing legal services, in the event of the need to pursue due claims (including courts or enforcement authorities) or financial services (e.g. banks);
3. entities authorized based on generally applicable legal provisions;
4. entities authorized to carry out inspections, supervision, or audits, including the Administrator's bodies or certifying entities.

As We deem appropriate, We will attempt to notify You of legitimate requests to disclose Your data, unless prohibited by law or a court decision, or if the request is urgent. We may contest such requests if We believe they are too broad, inaccurate, or illegal.

VI. How long do We keep the data

Data storage period

If You decide to withdraw Your consent to the processing of Your data by us or request their removal, all Your data held by ICEO will be deleted, except for the data needed for ICEO to fulfill its legal obligations under the law and to comply with statutory limitation periods. They will not be removed, but only minimized to the necessary extent.

These data will be stored for the period specified by tax regulations and financial reporting regulations, and in the scope of investigation or security against claims, no longer than until the end of the calendar year in which the longest possible period of limitation of potential claims under civil law contractual liability expires under the applicable provisions of law or tort related to cooperation with ICEO.

VII. Your rights

Withdrawal of consent. For future data processing, You can withdraw Your consent at any time - in cases requiring consent to the processing. However, this does not affect the lawfulness of data processing based on the consent granted before its withdrawal. In some cases, We may continue to process Your data after You withdraw Your consent, if We have a different legal basis or if Your withdrawal was limited to certain processing activities.

Right of access. You have the right to obtain (i) confirmation as to whether We process Your data, and if so, (ii) more detailed information about this data. More detailed data include the purposes of the processing, categories of data, potential recipients, or the storage period.

Right to rectification. You have the right to rectify incorrect data concerning You. If the data processed by Us is not correct, We will correct it without undue delay and notify You of the correction.

Right to erasure. You have the right to delete the data We store about you. Removal of data may limit or prevent the use of the Website.

Right to data portability. You have the right to (i) receive a copy of Your data in a structured, commonly used and machine-readable format, and (ii) send this data to another data Administrator without obstruction on Our part.

Right to object. You have the right to object at any time to the processing of data, the legal basis of which is Our legitimate interest. This also applies to profiling based on these provisions. You also have the right to object to the processing of data for marketing purposes.

Right to restriction of the processing. In the following cases, You have the right to limit the processing of Your data by Us:

1. You think that the processing of Your data is unlawful, but You do not want to delete it;
2. You still need the data to establish or pursue legal claims or defend against such claims; or
3. You have objected to the processing.

Exercising Your rights. To exercise the rights, as well as in the event of questions regarding the privacy rules and the processing of personal data, the Administrator should contact the following way:

1. at the email address: iod@iceo.co
2. in writing by sending correspondence to the following address: ICEO LAB LTD, 1 Chapel Street, Warwick, United Kingdom, CV34 4HL.

However, We reserve that any such request, motion, or objection will be verified by Us in advance by the applicable provisions on the protection of personal data. These rights are not absolute, the provisions provide for exceptions to their application.

Right to complain. You also have the right to complain with the relevant authorities if You believe that the processing of Your data violates the provisions of the GDPR. The action should be brought, in particular, in the Member State of the person's habitual residence, place of work, or place of the alleged infringement. In the case of the territory of Poland, it will be the President of the Office for Personal Data Protection. For the UK it will be the Information Commissioner's Office.

VIII. Transferring Your data to countries outside the European Economic Area

Your data may be transferred outside the European Economic Area (EEA) to entities that meet an adequate level of protection, through:

1. cooperation with entities processing personal data in countries for which a relevant decision of the European Commission has been issued.
2. use of standard contractual clauses issued by the European Commission.

IX. Processing of data in an automated manner

Your data will be processed in an automated manner (including in the form of profiling), however, it will not cause any legal effects to You or similarly significantly affect Your situation.

X. Changes to the Privacy Policy

We periodically review and update the Privacy Policy to keep it up to date with changes resulting from Our ongoing business activities. You can always check the date of the privacy notice to find out when We last made changes. We will notify You when We make significant changes that you should be aware of. Version 1.0 is valid from 1.12.2024.

‍