2. The owner of the Mobile Application and data administrator is AZZARDO Sp. z o.o. with its registered seat in Poznań (61-302), ul. Klenowska 7, NIP (Tax ID. No.): 9291857507, REGON (National Business Registry No.): 081176240, entered in the Register of Entrepreneurs kept by the District Court for the Sąd Rejonowy Poznań - Nowe Miasto i Wilda w Poznaniu, VIII Commercial Division of the National Court Register under the KRS number 0000487708, with share capital in the amount of 5.000 PLN; e-mail: email@example.com, further referred to as: AZZARDO.
3. Personal data collected by AZZARDO through the Mobile Application is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also referred to as GDPR.
4. AZZARDO shall use its best efforts to respect the privacy of Users of the Mobile Application.
§ 2 Type of processed data, objectives and legal ground
1. AZZARDO collects information concerning physical persons carrying out a legal action which is not directly related to their activity, physical persons carrying out commercial or professional activities on their own behalf and physical persons representing legal persons or organizational units which are not legal persons which are granted legal capacity, carrying out commercial or professional activity on their own behalf, further referred to jointly as Users.
2. Personal data of Customers are collected in case of:
a) during account registration with the Mobile Application, in order to establish and manage an individual account. Legal basis: necessary for the performance of the contract of the provision of Account services (art. 6 para. 1 letter b GDPR);
b) during the use of the ‘Add members’ service, in order to perform the contract provided electronically. Legal basis – necessary for the performance of the contract of the provision of the ‘Add members’ service (art. 6 para. 1 letter b GDPR) with regards to the User providing his personal data, and necessary for the purposes arising from legally justified interests performed by the administrator or a third party (art. 6 para. 1 letter f GDPR) with regards to the added member;
c) use of the publish opinion service for the purpose of the performance of a contract on a service executed by electronic means. Legal grounds- processing is necessary for the performance of a contract on the publish opinion service (article 6 sec. 1 letter b of GDPR);
d) during the use of the ‘Device Control’ service with the voice control option, in order to perform the contract, the subject of which is the service provided electronically. Legal basis – consent to the processing of biometric data concerning voice in order to confirm a person’s identity and perform the service (art. 6 para. 1 letter a GDPR in relation to art. 9, para. 2, letter a GDPR).
3. In case of Mobile Application account registration, the User provides:
a) e-mail address;
b) country (state).
4. During the Mobile Application account registration, the User independently creates an individual password to his account. The User may change the password later under the rules specified in §5.
5. In case of using the ‘Add members’ service, the User provides the e- mail address of the added member and the country.
6. In case of using the ‘Post an opinion’ service, the User provides his e- mail address or a telephone number.
7. In case of using the ‘Device Control’ service with voice control option, the User provides biometric data in the form of a voice.
8. When using the Mobile Application, additional information may be collected, especially: IP address assigned to the User’s mobile device or the Internet provider’s external IP address, domain name, access time and type of operating system.
9. Navigation data may also be collected from Users, including information about links and hyperlinks they decide to click on and other actions undertaken in the Mobile Application. Legal basis – legally justified interest (art. 6 para. 1 letter f GDPR), which comprises facilitation of usage of the services provided electronically and improvement of such services’ functionalities.
10. In order to determine, pursue and enforce claims, some of the personal data provided by the Users as part of their use of functionalities in the Mobile Application may be processed such as: e- mail address, data concerning the use of services. If the claims arise from the method in which the User uses the services, other data necessary to prove the existence of a claim, including the scope of damage. Legal basis - legally justified interest (art. 6 para. 1 letter f GDPR), which comprises determination, pursuance and enforcement of claims and protection against claims in proceedings before courts and other state authorities.
11. Providing personal data to AZZARDO is voluntary, in relation to the provision of services via the Mobile Application, however with a reservation that failure to provide the data specified in the forms makes it impossible to use the services provided electronically.
§ 3 To whom are data disclosed or provided and how long are they stored?
1. The User’s personal data is forwarded to the suppliers of services used by AZZARDO in running the Mobile Application. The suppliers of services which receive the personal data, depending on contractual arrangements and circumstances, are either subjected to AZZARDO’s requests with regards to the aims and methods of processing such data (processing entities) or they determine the aims and methods of processing such data independently (administrators).
a) Processors. AZZARDO uses services of providers processing data on AZZARDO’s request only. They include for instance hosting providers, accounting services, providers of marketing systems, systems of traffic analysis in the Online Store, systems for analysis of marketing campaign efficiency;
b) Controllers. AZZARDO uses services of providers that do not act on request only, but they define the objectives and manners of use of Customers’ personal data. They render electronic payment and banking services.
2. Location. Providers of services have their registered offices mainly in Poland and other countries of the European Economic Area (EEA).
3. Customers’ personal data are stored:
a) If Customer’s personal data are processed on the basis of a consent, they shall be processed by AZZARDO until the consent is not cancelled, and after cancellation of the consent – for a period of time corresponding to the period of limitation of claims that may be raised by or against AZZARDO. If it is not provided otherwise in a specific provision, period of limitation amounts to six years, and in case of claims concerning periodical services or claims related to business activity – three years;
b) If personal data are processed on the basis of execution of the contract, then the Customers’ personal data shall be processed by AZZARDO as long, as it is necessary for execution of the contract, and afterwards – for a period of time corresponding to the period of limitation of claims. If it is not provided otherwise in a specific provision, period of limitation amounts to six years, and in case of claims concerning periodical services or claims related to business activity – three years.
4. The navigation data may be used in order to provide a better service for the Users, analysis of statistical data and adjustment of the Mobile Application to the Users’ preferences, as well as to administering the Mobile Application.
5. In case of a respective request, AZZARDO discloses personal data to authorized state authorities, in particular to organizational units of the prosecutor’s office, the Police, the Chairperson of the Personal Data Protection Office, the Chairperson of the Office of Competition and Consumer Protection or the Chairperson of the Office of Electronic Communications.
§ 4 Cookie files, IP address
1. The Mobile Application uses small files called cookies. They are saved by AZZARDO on the end device of the person using the Mobile Application, providing it is allowed by the Internet browser. A cookie file usually contains the name of the domain it originates from, its ‘expiry time’ and an individual, randomly selected number which identifies this file. Information collected via files of this type makes it possible to formulate general statistics concerning one’s visits to the Internet Application.
2. AZZARDO uses two types of cookie files:
a) Session cookies: once a particular browse session has ended or the mobile device switched off, the saved information is removed from the device’s memory. The mechanism of session cookies does not allow collection of any personal data or confidential information from the Users’ mobile devices;
b) Permanent cookies: they are saved in the memory of the User’s end device and remain there until they are removed or expired. The mechanism of permanent cookies does not allow collection of any personal data or confidential information from the Users’ mobile devices.
3. AZZARDO uses own cookies for the purpose of:
a) authenticate the User in the Mobile Application and ensure the User’s session in the Mobile Application (following log in), thanks to which the User does not have to enter login and password details on every subpage of the Mobile Application;
b) carry out analyses and research and viewing audits, especially to create anonymous statistics which help us understand how the Users use the Mobile Application which facilitates improvement of its structure and content.
4. AZZARDO uses external cookies for the purpose of:
a) Presentation of Reliable Regulation Certificate via website rzetelnyregulamin.pl (external cookie controller: Rzetelna Grupa sp. z o.o. with registered office in Warsaw).
5. The cookies mechanism is safe for mobile devices of the Users of the Mobile Application. In particular, in this way it is not possible for any viruses or other software or malicious software to transfer into the Users’ mobile devices. Nevertheless, the Users have the possibility to limit or switch off access of cookie files in their browsers. In case of using this option, using the Mobile Application shall be possible, except for the functions which require cookie files by nature.
6. Below we present how to change setting of popular internet browsers in respect to cookie files:
a) Internet Explorer browser;
b) Microsoft EDGE browser;
c) Mozilla Firefox browser;
d) Chrome browser;
e) Safari browser;
f) Opera browser.
7. AZZARDO may collect Users’ IP addresses. An IP address is a number assigned to the mobile device of the User using the Mobile Application via the supplier of Internet services. IP address allows Internet access. In most cases, it is assigned to a mobile device, i.e. it changes with every connection to the Internet. IP address is used by AZZARDO in diagnosis of technical problems with the server, creation of statistical analyses (e.g. determination of the regions from which we have the highest number of visits), as information which is useful in administering and improving the Mobile Application, as well as for the reasons of security and possible identification of unwanted automatic software for the use of Mobile Application which overload the server.
8. The Mobile Application contains links and hyperlinks to other websites. AZZARDO takes no responsibility for the rules of protection of privacy which are in place on these websites.
§ 5 Rights of data subjects
1. The right to withdraw consent – legal ground: article 7 sec. 3 of GDPR.
a) The Customer has a right to withdraw consent granted to AZZARDO.
b) Withdrawal of consent shall be effective as the time of withdrawal.
c) Withdrawal of consent shall not affect the lawfulness of processing before its withdrawal.
d) Withdrawal of consent shall not entail any negative consequences for the Customer, but may prevent them from
further use of services of functionalities, which may be lawfully provided by AZZARDO only upon consent of the Customer.
2. Right to object to personal data processing - legal ground: article 21 of GDPR.
a) The Customer shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them, including profiling, if AZZARDO processes their data on the basis of a legitimate interest, such e.g. marketing of AZZARDO’s products and services, statistic concerning use of individual functionalities of the Online Store and facilitation of use of the Online Store, and Customer satisfaction surveys;
b) An e-mail resignation from marketing communications on products or services will mean the Customer’s objection to processing of their personal data, including profiling for those purposes;
c) If the Customer’s objection is reasonable and AZZARDO has no other legal grounds to process personal data, the Customer’s personal data, whose processing has been objected by the Customer, will be deleted.
3. Right to erasure (“right to be forgotten”) - legal ground: article 17 of GDPR.
a) The Customer has the right to demand erasure of all or some personal data;
b) The Customer has the right to demand the erasure of some personal data, if:
1. the personal data are no longer necessary in relation to the purposes for which they were collected or processed;
2. the Customer has withdrawn consent in the scope in which personal data have been processed on the basis of their consent;
3. the Customer has objected to use of their data for marketing purposes;
4. the personal data are unlawfully processed;
5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which AZZARDO is subject;
6. the personal data have been collected in relation to the offer of information society services.
c) Despite of demand of erasure of personal data in relation to an objection or withdrawal of consent, AZZARDO may retain some full personal data in the scope, in which processing is necessary for determination, claiming or defence against claims, and for fulfilment of the legal obligation requiring data processing under the legislation of the European Union or a Member State to which AZZARDO is subject. It refers in particular to: name, surname, e- mail address, which are retained for the purpose of examination of complaints and claims related to use of AZZARDO services, or additionally an address of residence/ correspondences, order number, which are retained for the purpose of examination of complaints and claims related to concluded sales agreements or service agreements.
4. Right to restriction of processing- legal ground: article 18 of GDPR.
a) The Customer shall have the right to obtain from the controller restriction of their personal data processing. Submission of such demand, until its examination, prevents the use of specified functionalities or services, the use of which would be related with processing of personal data subject to such demand. Moreover, AZZARDO will not send any message, including marking communications.;
b) The Customer shall have the right to demand restriction of their personal data processing in the following cases:
1. When they contest the accuracy of their personal data; then AZZARDO shall restrict their use for a period enabling verification of the accuracy of the personal data, but no longer than for 7 days;
2. When data processing is unlawful and the Customer demands restriction of their use instead of their erasure;
3. When personal data are no longer necessary for the purposes of their collection or use, but they are needed by the Customer in order to determine, exercise or defend claims;
4. When the Customer objected to proceeding of their data- then the restriction is introduced for a period necessary to consider whether, due to exceptional circumstances – protection of the Customer’s interests, rights and freedoms prevails over the interests, which are exercise by the Controller when proceeding Customer’s personal data.
5. Right of access to data - legal ground: article 15 of GDPR.
a) The Customer shall have the right to obtain a confirmation from the Controller, whether or not it processes personal data, and if yes, the Customer shall have the right to:
1. obtain access to their personal data;
2. obtain information on the purposes of the processing, the
3. categories of processes personal data, the recipients or categories of recipients of such data, the envisaged period for which the personal data will be stored or the criteria used to determine that period (if determination of the planned period of data processing is not possible), on Customer’s rights under the GDPR and the right to lodge a complaint with a supervisory authority, on the source of such data, automated decision-making, including profiling and security devices applied due to the transfer of such data outside the European Union;
4. obtain copies of their personal data.
6. Right to rectification - legal ground: article 16 of GDPR
7. Right to data portability- legal ground: article 20 of GDPR.
a) The Customer shall have the right to obtain their personal data, which were provided to the Controller, and then to send them to another data controller selected by the Customer. The Customer shall have the right to demand that such personal data are sent directly by us to another data controller, if this is technically feasible. In such case the Controller shall sent the Customer’s personal data in a csv file, which is a commonly used machine- readable format, allowing transfer of processed data to another data controller.
8. If the Customer wishes to exercise any of the foregoing rights, AZZARDO fulfils a request or refuses to fulfil it promptly, but no later than within a month of its receipt. If, however, due to a complex nature of a demand or a number of demands AZZARDO is not able to fulfil demand within one month, it shall fulfil it during the following two months, notifying the Customer earlier within a month from receipt of the demand on the intended prolongation of the period and about own activities.
9. The Customer may file complaints, questions or requests concerning processing of their personal data and execution of this rights.
11. The Customer shall have the right to file a complaint to the Chairperson of the Office of Personal Data Protection in respect to violation of their rights for personal data processing or other rights granted under the GDPR.
§ 6 Security management – the password
1. AZZARDO ensures safe and encrypted connection during the transfer of personal data and during the User Account login in the Mobile Application. AZZARDO uses the SSL certificate issued by one of the world’s leading companies in security and encryption of data transferred through the Internet.
2. In case where the User with an account in the Mobile Application has lost his access password in any way, the Mobile Application allows generating a new password. AZZARDO does not send a password reminder. The password is stored in an encrypted form which makes it impossible to read it. In order to generate a new password, an e- mail address needs to be provided in the form accessible under the ‘Forgotten password’ link, provided with the Mobile Application login form. To the e-mail address provided during the registration process or saved during the last account profile change, the User shall receive an electronic message containing a redirection to the dedicated form, where the User shall have the possibility to specify a new password.
3. AZZARDO does not send any correspondence, including electronic correspondence with a request for provision of logging data, in particular the password to the Customer’s Account.
3. Date of the last modification: 20.12.2018