PRIVACY POLICY

This Privacy Policy concerns the processing of personal data on the acta.bio platform (“the Platform”).

The Policy is for information purposes and serves satisfaction of the information obligations imposed on the data controller under the GDPR, i.e. Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

  1. PERSONAL DATA CONTROLLER
  1. The controller of the personal data of the Users and other persons visiting the Platform (also referred to as “you,” “your”) is CrowdWise Inc. (“Service Provider,” “we,” “us,” “our”).

  1. SERVICE PROVIDER’S REPRESENTATIVES IN THE UK, EU AND SWITZERLAND
  1. Being a personal data controller that is not established within the European Union, United Kingdom, or Switzerland, we have appointed a representative as prescribed in Article 27 of the GDPR, The Data Protection Act 2018 in the UK and FADP in Switzerland. This representative is DataRep (datarep.com).
  2. You may contact our representative - DataRep by e-mail at: datarequest@datarep.com quoting CrowdWise Inc. in the subject line, via online webform at www.datarep.com/data-request, and by post at the most convenient of the listed addresses. Make sure to mark letters for DataRep, not CrowdWise Inc. Refer to CrowdWise Inc. inside of your correspondence. You may be asked to provide identification to ensure your data is not provided to anyone else.

Country

Address

Austria

DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria

Belgium

DataRep, Rue des Colonies 11, Brussels, 1000

Bulgaria

DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria

Croatia

DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia

Cyprus

DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus

Czech Republic

DataRep, Platan Office, 28. Října 205/45, Floor 3&4, Ostrava, 70200, Czech Republic

Denmark

DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark

Estonia

DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia

Finland

DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland

France

DataRep, 72 rue de Lessard, Rouen, 76100, France

Germany

DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany

Greece

DataRep, Ippodamias Sq. 8, 4th floor, Piraeus, Attica, Greece

Hungary

DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary

Iceland

DataRep, Kalkofnsvegur 2, 3rd Floor, 101 Reykjavík, Iceland

Ireland

DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland

Italy

DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy

Latvia

DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia

Liechtenstein

DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria

Lithuania

DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania

Luxembourg

DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg

Malta

DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta

Netherlands

DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands

Norway

DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway

Poland

DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland

Portugal

DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal

Romania

DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania

Slovakia

DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia

Slovenia

DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia

Spain

DataRep, Calle de Manzanares 4, Madrid, 28005, Spain

Sweden

DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE - 211 46, Sweden

Switzerland

DataRep, Leutschenbachstrasse 95, ZURICH, 8050, Switzerland

United Kingdom

DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom

  1. Our representatives are duly authorised by us – they may handle both data subjects and supervisory authorities with respect to all matters relating to compliance with the GDPR, UK Data Protection Act or Swiss FADP.
  2. Contacting our representative is your right and not an obligation. You can contact us directly – you will find the contact details in clause 3 below.  

  1. CONTACT WITH THE DATA CONTROLLER. DATA PROTECTION OFFICER
  1. You can contact us at the e-mail address: legal@crowdwise.bio. However, we recommend that you contact our representative (see clause 2 above) or our Data Protection Officer.
  2. Having in view the personal data processing carried out by us, in accordance with Article 37 of the GDPR, we have appointed a Data Protection Officer. This is Bartłomiej Serafinowicz, and you can contact him at the phone number: +48 664 272 989 and by e-mail at dpo@crowdwise.bio. 

  1. DATA PROCESSING METHOD
  1. The scope, purposes, and legal grounds for the processing of your personal data are presented in the table below.

Purpose

Scope of data

Legal ground

Processing period

providing access to the Platform

IP address

Article 6(1)(b) of the GDPR – processing is necessary for the performance of the Agreement or undertaking actions upon request of the data subject prior to concluding the Agreement

until lapse of the period of limitation applicable to claims connected with access to the Platform and the User’s actions within the Platform, counted from the time of the User’s last visit on the Platform

enabling access to my.acta.bio, community.acta.bio and market.acta.bio platforms

IP address

Article 6(1)(f) of the GDPR – legitimate interest of the controller that consists in allowing users to access the other platforms owned by the controller

until gaining access to the platform selected by the User

contact with the Users, responding to queries

first name, e-mail address, order ID, Meta Messenger data, other data voluntarily provided by the relevant person as part of communicating with us

Article 6(1)(f) of the GDPR – legitimate interest of the controller that consists in responding to queries and correspondence provided directly by the data subjects

until correspondence ends or the User objects

analysing traffic on the Platform

IP address, Cookies:

- analytics cookies,

- session cookies,

- secure cookies,

- temporary cookies,

persistent cookies

Article 6(1)(a) of the GDPR – consent given by the User

until the data cease to be useful or the User withdraws the consent

sending information content related to the Platform and the Service Provider

e-mail address

Article 6(1)(f) of the GDPR – legitimate interest of the controller that consists in informing about the Platform, its functionalities, and content published thereon

article 6(1)(a) of the GDPR – consent given by the data subject

until data cease to be useful, the Account is deleted, or the User objects

where processing is carried out based on the consent, until the data subject withdraws the consent or the data cease to be useful

protection against claims, raising claims

e-mail address, first and last name, other data voluntarily provided by the User onto the Platform

Article 6(1)(f) of the GDPR – legitimate interest of the controller that consists in protecting against claims and raising claims

until lapse of the period of limitation applicable to claims connected with access to the Platform and the User’s actions within the Platform, counted from the time of the User’s last visit on the Platform

  1. If we are advised that you use the Platform in violation of applicable provisions of law, then we may process your personal data to the extent required for establishing the scope of your liability.
  2. The provision of personal data as part of the Platform is voluntary. As a result of failure to provide them, however, you will not be able to use of other services we offer.
  3. You will not be subject to automated decision-making, within the Platform.
  4. Please remember that we may be subject to the investigatory and enforcement powers of the Federal Trade Commision (FTC).

  1. RECIPIENTS OF DATA
  1. We may entrust the processing of personal data to third parties for the purpose of servicing the Users. In this case, the recipients of your data may include: hosting provider, e-mail operator, law firms), providers of traffic analysis solutions within the Platform), IT service providers (including in particular London-based Biokami Ltd.  
  2. Each entity to which we transfer personal data for processing on the basis of a personal data transfer agreement (“Transfer Agreement”) guarantees an adequate level of security and confidentiality of the processing of personal data. The entity processing your personal data on the basis of the Transfer Agreement may process such personal data through another entity only upon our prior consent.
  3. Personal data collected by us may also be disclosed to: competent state authorities upon their request on the basis of relevant provisions of law or other persons and entities – in the cases prescribed in the provisions of law, including to meet national security or law enforcement requirements.

  1. TRANSFERRING PERSONAL DATA BEYOND EEA
  1. The Users’ personal data may be transferred to third countries, due to the purpose of the Platform.  Also, we, as a company incorporated under the laws of the State of Delaware, may transfer the Users’ personal data to third countries, namely, in particular to the United States of America and to the United Kingdom.
  2. The transfer of personal data to third countries will occur as part of our internal processes as the Service Provider.
  3. As a rule, transferring personal data to third countries will only take place to the countries for which the European Commission has issued a decision confirming that the third country ensures an adequate level of protection or if the data recipient provides for adequate safeguards, e.g. in the form of standard contractual clauses and ensuring the effective exercise of the rights of the data subject, and the existence of effective legal remedies in the recipient’s country.
  4. For more information regarding personal data transfers to the United States of America please see sec. 11 of this Privacy Policy.
  5. We are fully responsible in case of data transfers in a manner inconsistent with the above provisions.

  1. RIGHTS OF THE DATA SUBJECT
  1. You have the right to: (i) delete the personal data referring to you collected within the Platform, (ii) restrict the processing of data, (iii) portability of your personal data, in this to receive them in a structured form, (iv) request us to enable you access to your personal data and to rectify them, (v) object to processing, (vi) withdraw the consent at any time without affecting the legality of processing carried out on the basis of the consent before it is withdrawn (including sharing your data before the consent is withdrawn as prescribed in clause 5.4. of the Privacy Policy); (vii) lodge a complaint about us to the supervisory authority.
  2. To exercise your rights, contact us or our representative. You will find the relevant contact details in clauses 2 and 3 of the Privacy Policy.
  3. If you address complaints about our personal data processing activities, including those related to our participation in the Data Privacy Framework Program, such complaints should be addressed to the supervisory authority with jurisdiction over your location.

  1. OTHER DATA
  1. We may store http enquiries, therefore the files containing web server logs may store certain data, including the IP address of the computer sending the enquiry, the name of the station – identification through http protocol, if possible, date and system time of registration on the Platform and receipt of the enquiry, number of bytes sent by the server, the URL address of the site visited by the User before if the User has entered the service through a link, information concerning your browser, information concerning errors that occurred during the http transaction. Web server logs may be collected for the purpose of proper administration of the Platform. Only persons authorised to administer the IT system have access to data. Files containing web server logs may be analysed for the purposes of preparing statistics concerning traffic and occurring errors. Summary of such details does not identify a specific person, and hence they are not personal data.

  1. SECURITY
  1. We apply technological and organisational means in order to provide for protection of the processed personal data corresponding to the threats and category of data to be secured, in particular, through technical and organisational means we secure data against being published to unauthorised persons, taken over by an unauthorised person, processed in violation of the law, and changed, lost, damaged, or destroyed; among others we apply the SSL certificates. The set of collected Users’ personal data is stored on a secured server. Data are also secured by our internal procedures related to the processing of personal data and information security policy.
  2. We have also implemented appropriate technical and organisational means, such as pseudonymisation, designed to effectively enforce the data protection principles, such as data minimisation, and for the purpose of providing the processing with necessary safeguards, so as to meet the GDPR requirements and protect the rights of data subjects.
  3. Please remember that using the Internet and services provided by electronic means may pose a threat of malware breaking into your ICT system and device, as well as any other unauthorised access to your data, including personal data, by third parties. In order to minimise such threats, you should use appropriate technical safeguards, e.g. use updated antivirus programs or programs securing the identification in the Internet. In order to obtain detailed and professional information related to security in the Internet, we recommend taking advice from entities specialising in such IT services.

  1. COOKIES
  1. In order to ensure correct operation of the Platform, we use Cookie support technology. Cookies are packages of information stored on your device through us, usually containing information corresponding to the intended use of a particular file, by means of which you use the Platform – these are usually: address of the website, date of publishing, lifetime of a cookie, unique number, and additional information corresponding to the intended use of a particular file.
  2. We use two types of Cookies: (a) session cookies, which are permanently deleted upon closing the session of the browser; (b) permanent cookies, which remain on the device after closing the session until they are deleted.
  3. It is not possible to identify you on the basis of Cookie files, whether session or permanent. The Cookie mechanism prevents collection of any personal data.
  4. The Cookies used by us are safe for your device, in particular they prevent viruses or other software from breaking into to the device.
  5. Files generated directly by us may not be read by other websites. Third-party cookies (i.e. Cookies provided by entities co-operating with us) may be read by an external server.
  6. You may individually change the Cookie settings at any time, stating the conditions of their storage, through the Internet browser settings or configuration of the service, as well as by means of the functionalities of the website.
  7. First of all, you may disable storing Cookies on your device in accordance with the instructions of the browser producer, but this may disable certain parts of or the entire operation of our Platform.
  8. You may also individually remove Cookies stored on your device at any time in accordance with the instructions of the browser producer.
  9. We use own Cookies for the following purposes: authentication of the User and maintaining the User’s session; configuration of the website and adjustment of the page content to the preferences or conduct of the User; analysis and research of views, click number, and path taken on the website to improve the appearance and organisation of the content, time spent on the Platform, number and frequency of visits on our Platform.
  10. We use Third-party Cookies for the following purposes: preparing statistics (anonymous) for the purposes of optimising the functionality of the Platform by means of analytic tools.
  11. The scope of Cookies used by us depends on the consents given by the relevant person by means of the functionalities provided within the Platform.
  12. Detailed information concerning Cookie support is available in your browser settings.

  1. DATA PRIVACY FRAMEWORK
  1. Crowdwise Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Crowdwise Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  Crowdise Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data privacy framework website.
  2. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Crowdwise Inc. commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
  3. In the context of any onward transfer of personal data, Crowdwise Inc. is responsible for the processing of personal information it receives under the Data Privacy Framework and subsequently transfers to any third party acting as an agent on its behalf. Crowdwise Inc. shall remain liable under the Data Privacy Framework Principles if its agent processes such personal information in a manner inconsistent with the Data Privacy Framework Principles, unless Crowdwise Inc. proves it is not responsible for the event giving rise to the damage.
  4. In case of doubts regarding our participation in Data Privacy Framework please contact us via channels indicated in sec. 3 of this Privacy Policy.
  5. Any individual may bring complaints relating to Crowdwise Inc. use of the personal data, or any other matter arising under this Privacy Policy, directly to the Crowdwise Inc. by sending notice of the complaint to the data privacy officer at dpo@crowdwise.bio. Crowdwise Inc. shall respond in a reasonable time not to extend beyond 45 days. 
  6. Under certain conditions (more fully described on the Data Privacy Framework website at https://www.dataprivacyframework.gov/framework-article/G%E2%80%93Arbitration-Procedures), you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
  7. To learn more about the Data Privacy Framework Principles, and to view our certification page, please visit https://www.dataprivacyframework.gov/.  
  8. All data received from: i) EEA countries; ii) United Kingdom; iii) Switzerland will be processed in accordance with Data Privacy Framework Principles (or relevant parts of it) and are subject to those principles.  

  1. FINAL PROVISIONS
  1. This Privacy Policy comes into effect on 12/22/25