The controller of your personal data is ViralTalk sp. z o.o., with its registered seat in Toruń,
14 Astrowa street, 87-100 Toruń, Poland, NIP tax ID no.: 521-391-23-93, KRS registry no.:
0000869027, share capital PLN 10,150.00.
If you have any questions, concerns or requests related to the processing of your data, please
contact us at: firstname.lastname@example.org.
We process your personal data for the following purposes:
to provide website functionality and facilitate the use of our websites (viraltalk.app) and any
other connected or otherwise related digital media (including the mobile site or mobile app)
and server logs at the end of this document,
to perform contracts entered with, or to take action prior to entering into such a contract at
request of a data subject (Article 6 section (1) letters (b) and (f) GDPR),
where applicable, to carry out billing, accounting and financial reporting activities (Article 6
section (1) letters (c) and (f) GDPR),
to carry out obligations under the law, in particular telecommunications law and the law on
provision of electronic services (Article 6 section (1) letter (c) GDPR),
to realize the controller's legitimate interest in marketing products and services (Article 6
(1) letter (f) GDPR),
for the purposes indicated in the contents for the processing of personal data - where such
specific consents were given (Article 6 section (1) letter (a) GDPR).
We also process personal data in connection with the realization of the controller's other
interests, based on Article 6 section (1) letter (f) GDPR: to establish, assert and defend claims,
for statistical purposes related to improving work efficiency and service quality and to adapting
to recipients, as well as to handle correspondence and commercial inquiries.
As a rule, we process the data you provide voluntarily. If you did not provide us with your data,
the source of your data is the entity that had your consent to provide it to the controller, or
another valid legal basis.
Personal data obtained in this way includes data necessary to carry out activities justified by
the purpose of the processing and its legal basis indicated above, including marketing
activities (typically this includes name, surname, e-mail address, telephone number or
mailing address, business information, including relevant identification numbers,
information about the use of our resources, etc.).
An example of us processing your data is us using the e-mail address you’ve provided to
contact you and communicate with you in matters regarding our service and performance of
contracts. For such activities no additional consent from you is required. However, by
granting such additional consent (on an opt-in basis), you may accordingly enable us to use
that address for further activities, such as: sending you additional notifications or
approaching you in matters exceeding the above-mentioned scope, including marketing
A special case of data collection is the acquisition by us of your data directly from the TikTok
website on your instructions: verifying your user account, linking it to your business account
on the TikTok website and accessing the data associated with that business account, to the
extent necessary for the proper provision of services to you and performance of the
agreement concluded between us (in the basic scope: the identifier of your business account
on the TikTok website and the data assigned to that account, including authorization data
and transmission data for transactions).
Your personal data may be transferred outside the European Economic Area (hereinafter: EEA).
Considering the services provided by the controller's contractors in carrying out support for ICT
services and IT infrastructure, the controller may outsource certain activities or tasks to
reputable contractors operating outside the EEA. This may result in the transfer of your data
outside the EEA. The controller shall ensure that such transfers are limited to countries which, in
accordance with the decision of the European Commission, provide an adequate level of
protection, or to cases in which the Controller has provided adequate safeguards - e.g. in the
form of implementing standard contractual clauses adopted by the European Commission by
way of agreement with data recipients (Article 46 section (2) letter (c) GDPR). By doing so, the
controller ensures that your data is secured in accordance with the principles provided for in
Chapter V of the GDPR. You may request further information about the safeguards in place in
this regard, obtain a copy of these safeguards and information on where they can be accessed
by approaching the contact point provided above.
Recipients of your personal data may be:
Suppliers and contractors of the controller.
Sales platforms and payment operators.
Entities conducting marketing activities.
Entities that provide IT services or IT solutions.
Entities that archive and destroy documents (in the case of paper documents related to the
fulfilment of processing purposes).
Entities providing courier and postal services (in the case of correspondence related to the
fulfilment of processing purposes).
The data shall be stored for no longer than the longest permissible retention period, subject to
Data processed for the purpose of entering into and performing a contract shall be kept no
longer than until the necessity of their storage for entering into and performing such a
contract ceases to exist.
Data processed on the basis of consent obtained shall be kept no longer than until the
necessity of their storage for the purpose covered by that consent ceases to exist, and in any
event - no longer than until the effective withdrawal of the consent granted.
Data processed on the basis of realizing legitimate interests shall be kept no longer than
until the necessity of their storage for realizing the particular purpose justifying their
processing ceases to exist, and in each case - no longer than until an objection to such
processing is raised and made effective. In the area of establishing, asserting and defending
claims, that period is generally based on the provisions of generally applicable law (limitation
periods for claims). In other areas, the period will be based on considerations determining the
necessity of such processing (in the field of IT analytics and security: typically for a period
of one year), but not excluding indefinite retention periods if the purpose of processing
remains indefinitely valid.
Data processed for the purpose of fulfilling legal obligations are kept for no longer than
periods instrumental for the proper discharge of those obligations. Such periods typically
arise directly from the relevant legal regulations (e.g., the statute of limitations for tax
debts), including regulations governing the periods of mandatory record retention and the
admissibility of inspections by the competent authorities.
In particular, you are entitled to the following rights:
The data subject has the right to request from the controller access to, rectification, erasure
or restriction of processing of personal data concerning the data subject, as well as the right
to data portability.
The data subject also has the right to lodge a complaint with a supervisory authority. The
competent supervisory authority in the Republic of Poland is the President of the Office for
Personal Data Protection.
Withdrawal of consent: if the processing is based on a person's consent, that person has the
right to withdraw that consent at any time without affecting the legality of the processing
carried out on the basis of that consent before its withdrawal.
Right to object: the data subject has the right to object at any time - on grounds relating to
the data subject’s particular situation - to the processing of personal data based on Article 6
section (1) letter (f) GDPR (including any profiling). The controller shall no longer be allowed
to process such personal data unless the controller demonstrates the existence of
compelling legitimate grounds for the processing which override the interests, rights and
freedoms of the data subject, or grounds for establishing, asserting or defending claims. If
personal data are processed for the purposes of direct marketing, the data subject shall have
the right to object at any time to the processing of personal data concerning him or her for
such marketing, including profiling, to the extent that the processing is related to such direct
marketing. If the data subject raises an objection to processing for direct marketing
purposes, the personal data may no longer be processed for such purposes.
The provision of personal data processed for the purposes described above is neither a statutory
requirement, nor a contractual requirement, nor a condition for entering into a contract (with a
provision for the necessity of providing us with data necessary for the proper conclusion and
settlement of contracts concluded, and the instruction to provide us with data from the TikTok
service necessary for the conclusion and performance of contracts for certain services). The data
subject is not obliged to provide any such data. However, the possible consequence of a failure
to provide it - depending on the circumstances, including the contract being concluded, e.g.
while making an order - may be, among other things, the inability to conclude or perform a
Your data will not be subject to automated decision-making resulting in significant legal effects
or similarly significant impact.
This service collects in an automatic manner information contained in cookie files only. The operator
of this service informs that cookie files (so-called "cookies") are IT data, in particular text files, which
are stored in the user's terminal device. Cookies usually contain the name of the website they come
from, the time they are to be stored on the terminal device and a unique number. Cookies are used
adapting the content of the service's websites to the user's preferences and optimizing the
use of the websites; in particular, these files allow for recognition of the service user's device
and appropriate display of the website, adjusted to individual preferences of the user;
creating statistics that help to understand how the users of the service use its websites,
which allows to improve their structure and content;
maintaining the user session for the service;
The service uses the following types of cookies:
"necessary" cookies to enable the use of available services, such as authentication cookies
used for services that require authentication, or security cookies, such as those used to
detect authentication abuse regarding the service.
"performance" or "statistical" cookies, which enable the collection of information about the
use of the service’s pages.
"marketing" cookies, allowing to provide users with advertising content more tailored to
their interests. These are files that record a unique user identifier to identify the device
returning to the site. The ID is used to deliver profiled ads.
Web browsers (the service user’s software) by default allow the storage of cookies on the end
service user’s terminal device may also be used by advertisers and partners cooperating with the
service operator. The operator of the service informs that the entity responsible for placing cookies
on the service user's terminal device and at the same time having access to them is their controller.
settings (web browser). More information about cookies is available in the "help" section of the
store the information referred to above, in accordance with Article 173 section 2 of the Act of July
the 16 th 2004, Telecommunications Law (Journal of Laws of 2017, item 1907, as amended).
Instructions for changing settings are available at:
Use of the site involves sending requests to the server on which the site is stored.
Every request made to the server is recorded in the server logs. The logs include, among
other things, the user's IP address, the timestamp of the server, information about the
Internet browser and the operating system of the user.
Logs are saved and stored on the server.
Data recorded in server logs are not associated with specific individuals using the site and
are not used by the controller to identify a user.
Server logs are only auxiliary material for the administration of the site, and their contents
are not disclosed to anyone except those authorized to administer the server.
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited
use of this site is usually sent to a Google server in the US and stored there. However, due to the
activation of IP anonymization on these pages, your IP address will be truncated in advance by
Google in member states of the European Union or other countries party to the Agreement on the
European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server
in the USA and shortened there. On behalf of the operator of this website, Google will use this
information to evaluate your use of the website, to compile reports on website activity and to
provide other services related to website traffic and Internet usage to the website operator. The IP
address provided by Google Analytics will not be merged with other data held by Google.
The purpose of data processing is to evaluate website usage and compile reports on website
activities. Based on website and Internet usage, other related services will be provided. The
processing is based on the legitimate interest of the website operator.
Google Analytics collects data on IP addresses, network location, date of visit, operating system,
browser type. You can prevent cookies from being stored by using the appropriate setting on your
browser software; however, please note that if you do so, you may not be able to use all the
features of this site to the fullest extent possible.
In addition, you can prevent Google from collecting data generated by cookies and data related to
your use of the website (including your IP address), as well as the processing of such data by Google,
by downloading and installing the browser plug-in available at the following link: Browser Add On to
disable Google Analytics. In addition or as an alternative to the browser add-on, you can prevent
tracking by Google Analytics on our sites by clicking this link. An opt-out cookie will be
your device. This will prevent Google Analytics from collecting this site and this browser in the
future, as long as the cookie remains installed on your browser.