If you are reading this document it means that the safety of your personal data is important to
you. Please pay attention that running a business under name: Bug Bounty Reports Explained
Grzegorz Niedziela. We do care about proper processing of your data. Our goal is to inform
you properly about issues related to personal data processing, in particular referred to data
protection regulations, including the Regulation of the European Parliament and of the Council
Regulation (EU) 2016/679 of 27.04.2016 on the protection of natural persons with regard to
the processing of personal data and on the free data movement and repeal of the Directive
about legal basis for personal data processing, methods of collection and use thereof, as well
as your rights related to the processing.
bugbountyexplained.com and all its subdomains we are obliged to inform about the aforementioned files, which the Internet service uses.
whether we process personal data collected directly from you, or where your personal data
have been collected from other sources.
We are transparent about the ways and legal grounds of processing personal data as well as
the purposes for which we process personal data. We make all effort to indicate the necessary
information in this respect. In order to make explanation of these issues as clear as possible,
we present the following list of personal data processing operations in connection with the
At the same time, we point out that whenever we process personal data on the basis of the
legitimate interest (article 6 item 1 letter f of GDPR), we try to analyse and balance our interest
and the potential impact on your data (positive and negative) as well as your rights under the
provisions on personal data protection.
A. Personal data processing of a visitors of the website
In connection with your use of the website, we process following personal data sent by your
browser to the server: IP address, date and time of session start, time zone information, source
page information, access status/http access code, page address, browser type, operating
system and its interface, software language and version of the browser.
The processing of this personal data is necessary for the proper functioning of website and to
ensure the stability and safety. The processing is carried out on the basis of article 6 item 1
letter f of GDPR.
B. Personal data processing within the newsletter
Subscribing yourself on our newsletter list, you forward to us through the newsletter form your
data as follows: email and name. During the registration, IP address, location, and date are
also collected. Proving us with your data is voluntary, however necessary to subscribe to our
newsletter. The legal ground for processing above-mentioned data constitute article 6 item 1
letter a of GDPR.
In any moment you may withdraw given consent.
The full scope of your rights and obligations in relation to the processing of personal data (in
accordance with article 13 of GDPR) has been included in the information clause in point 2.5.
C. Social Media
On the website you will find links to social networking sites, where information about us and
our activities are posted. The data controller within social networking sites are we as the owner
of the social networking account and on the other hand the owner of social networking site.
The length of time we may process personal data depends on the legal basis of processing.
We inform you that:
a) in the case if we process personal data on the basis of the consent, the processing
period lasts until the intended purpose is achieved or until consent withdrawal;
b) in case if we process personal data on the basis of agreement performance purpose
or to perform actions before agreement performance (order performance), for time of
order realization and after its cessation for period of claims prescription and accounting
documentation archiving (5 years), according to binding legal provisions;
c) in case if we process personal data on the basis of justified interest, the processing
period lasts until the above-mentioned interest ceases (e.g. period of prescription of
civil law claims) or until objection to such processing - in situations where such objection
is legally possible;
d) in case if we process personal data because it is necessary due to the applicable legal
regulations, the period of data processing for this purpose is determined by these
We only transfer personal data to others if it is permitted to do so by law. In such a case, we
provide for data protection provisions and security features in the relevant agreement with a
third party in order to protect your personal data and to maintain standards in the scope of data
protection, confidentiality and security.
If we transfer personal data, of which we are the data controller, to other entities for the
performance of certain activities on our behalf, we conclude a special agreement with such an
entity. Such agreements are called personal data processing agreement (article 28 of GDPR),
thanks to it, we have control over how and to what extent the entity, to which we entrusted the
processing of certain categories of personal data, process them.
List of entities to which your personal data may be transferred:
You possess certain rights concerning your personal data and we, as the data controller, are
responsible for the exercise of these rights in accordance with applicable laws. If you have any
questions or requests concerning the scope and exercise of your rights, please contact us at
the following email:
We will exercise the following rights after positive verification of your identity.
A. Access to personal data
You have the right to access the data that we store as a data controller. This right may be
exercised by contacting us on contact data.
B. Modification, rectification or erasure of personal data
Modifications, including updating, rectification or erasure of personal data which are processed
by us may be carried out by contacting us on contact data.
The right to erasure data may be exercised e.g. when personal data will no longer be
necessary for the purposes for which they were collected by us or when you withdraw consent
for data processing.
C. Withdrawal of the consent
In the event of personal data processing on the basis of a consent, you may withdraw this
consent at any time. We will inform about this right at any time during the collection of consents
and allow you to withdraw your consent as easily as it was given. For withdrawal of the consent,
please contact us on contact data.
D. Right to the restriction of processing or object to the processing of personal data
You have the right to restrict or object to the processing of your personal data at any time, on
the basis of particular situation, unless processing is required by law.
You may object to the processing of personal data, if:
- the processing of personal data is based on the legitimate interest or for statistical purposes
and the objection is justified by the particular situation;
- personal data are processed for the purposes of direct marketing, including profiling for this
In relation to the request to restrict the processing of personal data, we inform you that it is
- you argue against the correctness of the personal data - for a period allowing us to check the
correctness of the data;
- the processing is unlawful and you object to the erasure of personal data and demand the
restriction on their use;
- we no longer need personal data for the purposes of processing, but they are needed by you
for determination, assertion or defence of claims;
- you have objected under article 21 item 1 of GDPR to the processing of personal data by us,
until it is determined whether our legitimate grounds are superior over your grounds for
E. Right to data transfer
You have the right to forward your personal data to another data controller through ourselves,
- the processing is carried out on the basis of the consent in accordance with article 6 item 1
letter a of GDPR or article 9 item 2 letter a of GDPR; or
- the processing is carried out under the agreement within the meaning of article 6 item 1 letter
b of GDPR; and
- the processing takes place in an automated manner.
In exercising the right of personal data transfer, you may demand that it is sent by us directly
to another data controller, as far as it is technically possible.
The right of data transfer shall not adversely affect the rights and freedoms of others.
If you wish to exercise these rights, please contact us on contact data.
F. Further questions, concerns and complaints
the way in which we process personal data, as well as complaints concerning these issues,
please contact us on contact data. All complaints we receive will be considered and answered.
You have the right to lodge a complaint to the supervisory authority, which is the President of
the Office for Personal Data Protection, at Stawki 2 street, 00-193 Warszawa.
As it was explained in point 2.2.A cookies are used as part of this website. That is why, we
inform you about the most important elements of cookies so that your use of our website is
clear and understandable to you.
Cookies are small files that are stored on your electronic device by the websites that you visit.
Cookies contain different information that is often necessary for the website to function
properly. Cookies are encrypted in such a way that unauthorized persons do not have access
to them. Information collected on the basis of cookies may be read only by us as well as - due
to technical reasons - trusted partners whose services are used. What is more important,
cookies cannot run programs or transfer viruses to electronic devices.
Basic cookies - installed if you have given the consent by means of software settings installed
on your electronic device. These cookies include technical and analytical cookies.
Technical cookies - are necessary for the website to function properly.
Cookies are used in order to:
Analytical cookies - are necessary to settle with business partners or to measure the effectiveness of marketing activities without identifying personal data and to improve the functioning of a website. They may be used to:
Session cookies - remain on your device until you leave the website or turn off the software
(browser). They are mostly technical cookies.
Permanent cookies - remain on your device for the time specified in the file parameters or until
they are manually deleted by you.
You can always change your browser settings and reject requests for cookies. However, before
you decide to change your settings, please note that cookies serve your convenience in using
the website. Disabling cookies may result improper website displaying.
You can delete cookies from your browser at any time and block their reinstallation.
Depending on the browser you use, the option to delete or withdraw your consent to the
installation of cookies may vary. In this case, please refer to the user's manual available from
the browser on your electronic device.
by which we process personal data, as well as in the event of a change in the ways, purposes
or legal basis for processing personal data or due to new law regulations, new guidelines of
supervisory bodies over personal data protection.
In order to ensure the best possible contact in relation to the protection of personal data, we
also enable direct contact through following contact data:
Bug Bounty Reports Explained Grzegorz Niedziela
NIP [Taxpayer’s Identification Number] No. 6751745962
REGON [National Official Business Register] No. 388270925
The business is registered in Poland, in CENTRAL REGISTRATION
AND INFORMATION ON BUSINESS (CEIDG)
Contact email: firstname.lastname@example.org