See how you reflect in
a mirror of public opinions

Pricing Help Center Blog Contact
Pricing Help Center Blog Contact

PRIVACY POLICY
PUBLIC MIRROR SP. Z O.O.

VERSION 24.02.2022

Public Mirror Sp. z o.o. attaches great importance to the confidentiality of personal data and ensuring the protection of privacy. We make every effort to enable you to obtain information about the processing of personal data by us, as well as on how to exercise the rights related to this processing.

This Privacy Policy applies to the rules for the processing of personal data in connection with the use of the https://publicmirror.com/ website, offering products and providing services by Public Mirror Sp. z o.o., including the website and contacting Public Mirror Sp. z o.o. via email and the contact form available on the website, as well as by post. Personal data are processed only in accordance with this Privacy Policy.

The Privacy Policy contains, in particular, information about the controller of personal data, the definition of personal data, scope, purpose, basis and period of personal data processing, whom the personal data is made available to, the voluntary provision of personal data, the method of personal data processing as well as the measures to protect data applied by Public Mirror Sp. z o.o., about the rights related to the processing of personal data and how to exercise them, about the data protection officer at Public Mirror Sp. z o.o. and how to contact them, as well as purposes, scope and the usage of Cookies on the website.

1. CONTROLLER OF PERSONAL DATA

The controller of personal data, i.e., the entity responsible for the processing of personal data, is Public Mirror Spółka z ograniczoną odpowiedzialnością with its registered office in Wrocław, Poland, ul. A. Ostrowskiego nr 7 office 167, 53-238 Wrocław, Poland, KRS No.: 0000855054, email address: [email protected] (hereinafter: "Public Mirror" or "Controller").

2. DEFINITIONS

  • personal data; means any information relating to an identified or identifiable natural person (“data subject’”),

  • Visitor; means a person browsing the Website without the need to register or log in, including the User,

  • Unidentified Person; means a third party in relation to whom the Controller has no data enabling identification and does not make attempts to establish identity,

  • GDPR: means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation),

  • Website; means the https://publicmirror.com/ website,

  • Act; means the Polish Act of May 10, 2018 on the protection of personal data (consolidated text, Journal of Laws of 2019, item 1781, as amended),

  • User; means a registered user with an active user’s account on the Website.

3. SCOPE, PURPOSE, BASIS, AND PERIOD OF PROCESSING OF PERSONAL DATA

Public Mirror processes:

  1. data of Unidentified Persons, i.e., vectors of images (face vectors automatically created by web crawlers from photos containing the image of natural persons - biometric data - publicly available on the Internet) along with links to websites on which the photos were placed and links to these photos

This data is processed in order to create indexes on the basis of a public source, which is the Internet, which allows the provision of services to Users. Public Mirror, like any internet search engine, uses its data indexes when providing services to Users. Data for indexes is collected from publicly available websites, access to which does not require meeting additional conditions, including creating an account or logging in. Information portals are the main source of data downloaded from the Internet. The Controller does not download data from social networks. Indexes are created automatically by web crawlers. Public Mirror, at the stage of creating indexes, does not know the identity of people whose data are included in the index and does not determine it. Public Mirror does not collect this data to uniquely identify a natural person, but only to create an index of vectors. Public Mirror's activities are limited only, after obtaining the User's explicit consent, to the processing of their biometric data, for the comparison (verification) of the vector created from the User's photo sent by the User and photos of the User taken real-time via a webcam with the vectors created from photos publicly available on the Internet, in order to find other photos of this User. The Controller has introduced an "opt-out" form, which allows the data subject to submit a request to have image vectors similar to the image vector of that person and related links to websites and links to photos removed from the index.

The legal basis for processing is Art. 6 (1) (f) of the GDPR, i.e., the processing is necessary for the purposes of the legitimate interests pursued by the Controller, which is the provision of services to Users.

Processing period:

This data is processed as part of data indexes, with the entire data indexes deleted every two years after the first indexation, i.e., saving of the first image vector, within a given index.

  1. User’s data
  • the image of the User's face (photos of the User taken real-time and photos sent by the User)

Purposes and basis for processing:

The purpose of processing is to verify the User, i.e., to act at their request before the service is provided (Article 6 (1) (b) of the GDPR).

Processing period:

This data is processed for the period of maintaining the User's account.

  • image vectors created on the basis of the User's face photos, which constitute biometric data

Purposes and basis for processing:

The purpose of the processing is to carry out a search, i.e., to provide the requested service. The search is carried out using specific technical processing regarding the physical characteristics (processing of biometric data), based on the explicit consent to the processing of data given by the User before using the service (Article 9 (2) (a) of the GDPR).

Processing period:

This data is processed for the period of maintaining the User's account, but no longer than until the consent is withdrawn.

  • name and surname, User’s email, IP address

This data is processed for the following purposes:

  • taking steps prior to performing the service, creating, and maintaining the User's account and providing the service to the User (the basis for processing: Article 6 (1) (b) of the GDPR, i.e., processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract),

  • communication in matters related to the implementation of the service (the basis for processing: Article 6 (1) (f) of the GDPR i.e., processing is necessary for the purposes of the legitimate interests pursued by the controller),

  • to fulfill legal obligations (the basis for processing: Article 6 (1) (c) of the GDPR, i.e., for billing purposes resulting from legal provisions),

  • for marketing purposes (the basis for processing: Article 6 (1) (a) of the GDPR, i.e., the data subject has given consent to the processing of his or her personal data),

  • for the purposes of the legitimate interests pursued by the Controller such as establishing, defending, or pursuing claims (the basis for processing: Article 6 (1) (f) of the GDPR).

Processing period:

Personal data will be processed for the duration of the service and after its completion - for the period necessary for establishing, defending, or pursuing claims and fulfilling legal obligations incumbent on the Controller (e.g., billing obligations) - in accordance with the law, but not less than for the period of maintaining the User’s account.

  • User's data enabling payment for the service, including name and surname, email, postal code and other payment information (obtained by the Controller from the entity providing payment services)

Purposes and basis for processing:

In order to provide Users with safe online payments, Public Mirror uses the services of Transaction Cloud Inc. with its registered seat in Delaware, USA - an authorized external entity that is responsible for carrying out the sale of Public Mirror products and services as the so-called merchant of records (detailed information on payment methods for services can be found in the Regulations available on the Website and in the relevant Transaction Cloud Regulations). Transaction Cloud Inc. is the controller of Users' personal data processed in order to implement the payment process. From Transaction Cloud Inc. Public Mirror receives information about the payment status, i.e., whether the payment made by the User using the given email address was successful or not, as well as information about the postal code from which the payment was made. Public Mirror processes this data in order to register the payment for the service and, as a result - in order to perform the service (Article 6 (1) (b) of the GDPR, i.e., processing is necessary for the performance of the contract to which the data subject is party).

Personal data shared with Public Mirror by Transaction Cloud Inc. may also be processed by Public Mirror for purposes arising from legitimate interests pursued by the Controller, such as establishing, defending, or pursuing claims (Article 6 (1) (f) of the GDPR) and for billing purposes resulting from legal provisions (Article 6 (1) ( c ) of the GDPR).

Processing period:

Personal data will be processed for the duration of the service and after its completion - for the period necessary for establishing, defending, or pursuing claims and fulfilling legal obligations incumbent on the Controller (e.g., billing obligations) - in accordance with the law, but not less than for the period of maintaining the User’s account.

  1. data of persons who would like to use the "opt-out" procedure, i.e., name and surname, email, IP address, facial image of the data subject (photos sent by the data subject and photos taken real-time via a webcam) along with the image vectors created on its basis, which constitute biometric data

Purposes and basis for processing:

  • in order to exercise the right to "opt-out" (Article 6 (1) (c) of the GDPR, i.e., processing is necessary for compliance with a legal obligation to which the Controller is subject and Article 9 (2) (a) of the GDPR, i.e., the data subject has given explicit consent to the processing of those personal data for one or more specified purposes), including,

  • to determine the identity of the person submitting the “opt-out” request (Article 12 (6) of the GDPR in conjunction with Article 11 (2), second sentence of the GDPR),

  • in order to perform a search for the purposes of exercising the "opt-out" right (Article 9 (2) (a) of the GDPR),

  • in order to exercise the right to erasure of personal data (Article 17 of the GDPR).

Processing period:

This data is processed for the period necessary to fulfill the request, i.e., to search for and erase the data of a natural person to whom the data relates from the index.

  1. data of business clients and/or contractors (who are natural persons), and data of potential clients and contractors, as well as employees and persons representing these entities, including basic identification data, contact details, as well as data related to the conducted business, including in particular, name and surname, company name, NIP No., REGON No., telephone number, email, bank account number

Purposes and basis for processing:

  • performance of a contract or taking steps prior to entering into a contract (Article 6 (1) (b) of the GDPR),

  • compliance with a legal obligation (Article 6 (1) (c) of the GDPR), in particular for keeping tax records, issuing, and storing invoices,

  • for the purposes of the legitimate interests pursued by the Controller (Article 6 (1) (f) of the GDPR), such as establishing, defending, or pursuing claims,

  • in the case of employees of clients and/or contractors - processing is necessary for the purposes of legitimate interests (Article 6 (1) (f) of the GDPR):

  1. in order to conclude and perform a contract with a contractor,

  2. for contacting purposes related to the performance of the contract.

Processing period:

This data is processed for the period necessary for legal, tax or accounting reasons, the period necessary to protect against claims or to pursue claims arising from the concluded contract, but not shorter than for the duration of the contract.

  1. data of senders of correspondence addressed to the Controller, i.e., in relation to the contact form available on the Website: email, name and surname, in relation to other correspondence: basic identification data, contact details, other data provided by a natural person in the purpose of processing its application

This data is processed for the purpose of exchanging correspondence, including replying to received applications. The basis for the processing of this data is Article 6 (1) (f) of the GDPR, i.e., processing is necessary for the purposes of the legitimate interests pursued by the controller.

Processing period:

This data is processed for the period necessary to exchange correspondence, in particular to answer the inquiry, and for the period necessary to protect against claims or to pursue claims related to the correspondence.

  1. Data of the Website Visitors collected when entering the Website and using its specific functionalities, i.e., the name and type of browser, device type, connection time, language, operating system and use of the Internet service provider, Visitor's geolocation, information on using the Website and other similar information.

Detailed information on the processing of this data can be found in the Cookies Policy below.

4. DATA RECIPIENTS

Public Mirror, as a rule, does not share personal data with anyone. Public Mirror, by way of a data processing agreement, in accordance with art. 28 of the GDPR, entrusts the processing of the personal data to IT service providers, including in particular server room service providers, accounting offices and subcontractors.

Public Mirror does not directly transfer personal data outside the European Economic Area or to international organizations. Public Mirror subcontractors, in order to perform their services, may transfer personal data outside the European Economic Area, in accordance with the provisions of the GDPR, by a way of data processing agreement. If Public Mirror allows its subcontractors to use the services of further processors (subprocessors) to process personal data outside the EEA (most often this applies to IT infrastructure providers), except when the processing takes place in a Country Providing an Appropriate Level of Protection (in accordance with the current guidelines of the European Commission), Public Mirror previously ensures the implementation of a legal mechanism providing appropriate safeguards, such as standard contractual clauses adopted by the European Commission, in accordance with applicable regulations. Detailed information on the transfer of personal data to third countries, applied safeguards, as well as a copy of such safeguards can be obtained by contacting Public Mirror using the contact details provided in this Privacy Policy.

5. VOLUNTARY PROVISION OF PERSONAL DATA

Providing personal data is voluntary, but refusal to provide them may result in the inability to conclude and perform the contract/use of the products and/or services and/or other functionalities available on the Website provided by Public Mirror, or the inability to answer the query.

6. PROCESSING METHOD AND MEASURES ENSURING THE SECURITY OF PROCESSING OF PERSONAL DATA

Public Mirror has implemented appropriate technical and organizational measures to ensure the security of personal data against accidental or unlawful destruction, accidental loss or modification, unauthorized disclosure or access and other forms of illegal processing.

The Controller does not share personal data with third parties for marketing purposes.

Personal data will not be processed for the purpose of automated decision making (profiling).

The Website uses Cookies. Detailed information can be found in the Cookies Policy below.

7. RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA

Public Mirror fully respects and implements the rights related to the processing of personal data. These rights result from the applicable provisions on the protection of personal data, i.e., the GDPR and the Act. In addition, Public Mirror allows you to use the "opt-out" right with regard to data that the Controller downloads from a public source, which is the Internet.

The following rights are related to the processing of personal data by Public Mirror:

  1. right to withdraw consent to the processing of personal data

Public Mirror processes personal data based on the specified grounds for processing and for the purposes described in section III of this Privacy Policy. If Public Mirror wants to use the data for other purposes, for which the basis for processing resulting from applicable law shall not apply, Public Mirror must ask for consent. Granting consent is always voluntary, and if it is granted, personal data will be processed only for the purpose specified in the consent. The consent may be withdrawn at any time, without affecting the lawfulness of the processing carried out on its basis prior to the withdrawal.

  1. right of access to personal data (in the cases specified in Article 15 of the GDPR)

A natural person has the right to receive from the Controller confirmation as to whether, and if so, how the Controller processes personal data.

  1. right to request the rectification of personal data (in the cases specified in Article 16 of the GDPR)

You can exercise this right in the event that Public Mirror processes personal data that is out of date, incomplete or inaccurate.

  1. right to object to the processing of personal data (in the cases specified in Article 21 of the GDPR)

The person whose personal data is processed by Public Mirror has the right to object to the processing of personal data when: a) there are reasons related to their particular situation, and b) the data processing is based on the need to implement the legitimate interests pursued by the Controller.

Where personal data is processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.

  1. right to be forgotten, i.e., the right to request the erasure of personal data (in the cases specified in Article 17 of the GDPR)

This right can be exercised when the personal data is no longer necessary in relation to the purposes for which they were collected by Public Mirror, in the event of withdrawal of consent to the processing of personal data and no other basis for processing, submission of objections to processing, when personal data is processed unlawfully or should be erased for compliance with the obligation resulting from a legal provision.

  1. right to request restriction of personal data processing (in the cases specified in Article 18 of the GDPR)

This right can be exercised when: - personal data is incorrect (for a period allowing Public Mirror to check the correctness of the data being processed), - when the data is processed unlawfully, but there is no will of a natural person to erase this data, - when the data is no longer needed by Public Mirror, but may be needed by a natural person to defend or pursue claims, - when a natural person has objected to the processing of personal data until it is determined whether the legitimate grounds on the part of the Controller override the grounds of objection.

  1. right to request the data portability (in the cases specified in Article 20 of the GDPR)

This is the right to receive a copy of the personal data that a natural person has made available to the Controller, if the processing is carried out on the basis of the consent received or on the basis of a contract.

  1. right to lodge a complaint with a supervisory authority (Article 77 of the GDPR)

A person whose personal data is processed by Public Mirror has the right to lodge a complaint with a supervisory authority, if he or she consider that the processing of personal data violates the provisions of the GDPR.

  1. special reservations regarding the data of Unidentified Persons and the "opt-out" right

In the event of a request to Public Mirror regarding the data of Unidentified Persons (image vectors downloaded from photos publicly available on the Internet, as well as links to websites with photos or links to photos), the Controller will not be able to fulfill such a request. Public Mirror is not able to link an image vector available in the Public Mirror index with the data of a given person, such as name and surname, identification number, etc. Regardless of the above, the Controller allows individuals to submit an “opt-out” request, i.e., a request to remove image vectors similar to the image vector of that person and related links to websites and links to photos.

8. SUBMISSION OF REQUESTS CONCERNING THE PROCESSING OF PERSONAL DATA AND CONTACT WITH PUBLIC MIRROR

Request to exercise the right to withdraw consent to the processing of personal data, the right of access to personal data, the right to request rectification of personal data, the right to object to the processing of personal data, the right to be forgotten (data erasure), the right to request restriction of personal data processing, the right to request the data portability, as well as all inquiries regarding the rights related to the processing and the method of processing of personal data by Public Mirror, may be submitted by sending correspondence to the following email address: [email protected] or by post to the following address: Public Mirror Sp. . z o.o., ul. A. Ostrowskiego nr 7 biuro 167, 53-238 Wrocław, Poland.

If you wish to submit an "opt-out" request, i.e., a request to remove image vectors similar to the image vector of a given natural person and related links to websites and links to photos collected in indexes, such a request should be submitted via the following form available on the Public Mirror Website https://publicmirror.com/en/opt-out.

9. DATA PROTECTION OFFICER

In order to properly secure personal data, Public Mirror has appointed a Data protection officer. The data protection officer can be contacted by sending correspondence to the following e-mail address: [email protected].

10. COOKIES POLICY

The publicmirror.com Website may use "Cookies". Cookies are small text files sent by the server and saved on the device, e.g., on a laptop or phone on which they are viewed by the Visitor. These files allow to remember information sent between the Website and the browser as well as to remember data about the pages and subpages visited by Visitors and their activity on the Website. The Website uses Cookies technology for various purposes, including to obtain non-personal information from Visitors and to provide Users with the most comfortable and personalized use of the Website.

  1. Types of Cookies

The Website uses the following types of Cookies:

  • temporary information necessary for some applications or functionalities to work properly, which are stored in the browser's memory until logging out, leaving the Website or turning off the web browser (session Cookies),

  • information that remains in the browser's memory for a longer period, depending on the Visitor's browser settings and is transferred to the server each time the Website is visited (permanent Cookies).

  1. Purposes of using Cookies

The Website uses Cookies for:

  • optimizing the operation of the Website, adapting the Website to the User's preferences, and maintaining the User's session on the Website (technical Cookies),

  • creating statistical data on the use of the Website to improve the structure and content of the Website (analytical Cookies),

  • in order to adjust the content and forms of information displayed on the Website (marketing Cookies).

  1. How we use Cookies
  • non-personal identification information

Public Mirror may collect non-personal information each time the Visitor accesses the Website or uses its functionality. Non-personal identifying information may include browser name and type, device type, connection time, language, operating system, and internet service provider that is used, Visitor's geolocation, information on how the Website is used, and other similar information. This information is collected in order to update and improve the Website.

The Controller may share general, aggregated demographic information not related to any personal data about Visitors with its business partners, trusted affiliates, and advertisers for the above-mentioned purposes.

  • using Cookies to personalize the User's history

Using Cookies allows the Controller to adjust the content to the needs of Visitors, more intuitive ordering of products and services by Users and comfortable use of other functionalities of the Website. Cookies are used by Public Mirror to remember and process orders. In such cases, the Controller is entitled to associate the processed personal data with Cookies.

  1. Cookies settings management

The possibility to use Cookies by web browsers is usually turned on by default. The Visitor may adjust the Cookies settings in his browser, including changing its settings, so that the automatic handling of Cookies is blocked, or the Visitor is informed each time that Cookies are placed on his device. Blocking the possibility of saving or reading Cookies may prevent the use of some functionalities of the Website.

  1. Advertising

Advertisements displayed on the Website may be delivered to Visitors by advertising partners, who may set Cookies. These Cookies allow the ad server to recognize the computer each time an online advertisement is sent to compile non-personal information identifying the Visitor or other persons using the Visitor's computer. This information enables the advertising partner to, among other things, deliver targeted advertising that it believes will be of most interest to a particular Visitor. This Privacy Policy does not cover the use of Cookies by any advertisers.

  1. Google AdSense

Some ads may be displayed by Google. The use of Cookies by Google makes it possible to display advertisements to Visitors based on their visit to the Website and other websites on the Internet. Google uses "non-personal information" and does not track Visitors' personal information. More information about Google AdSense can be found in the Google Privacy and Terms https://policies.google.com/technologies/cookies?hl=en

11. ACCEPTANCE OF TERMS

By using the Website, the Visitor agrees to the content of this Privacy Policy, as well as any changes to it, upon its publication. In the event that you do not agree with these rules, do not use the Website.

12. FINAL PROVISIONS

  1. This Privacy Policy shall enter into force on the date of its publication on the Website.

  2. Public Mirror has the right to amend and update this Privacy Policy at any time by posting the changed content on the Website, and the update date is always visible to the Website Visitor.

© Public Mirror 2021 - 2023