APP Privacy Policy

I. [Definitions]:

For purposes of this Privacy Policy, the capitalised terms, such as Application, Account etc., shall have the meaning determined in the Regulations available HERE, unless specifically defined otherwise below:

Personal data: Personal data, in respect of which the Controller meets the information obligation, through an uninterrupted provision of information included in the Privacy Policy.

You: You, i.e. a natural person, whose data are processed by us as the Controller, in connection with the use of the Service by You.

We or the Controller: an entity providing the Service for the Users: Tedee Spółka z ograniczoną odpowiedzialnością seated in Warsaw (02-386), at 2 Altowa Street, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw, XII Economic Division of the National Court Register under KRS number: 0000712451, NIP: 7010795542, REGON: 369188621, initial capital PLN 2,400,000, paid in full. The Controller is a creator and a distributor of Tedee Application.

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

 

II. [Contact regarding the Data]:

Any requests or questions connected with the exercise of Your rights can be sent to the email address:

[email protected]

 

III. [Scope of the Data]:

Only the Data necessary for the implementation of a Private Contract (“Contract”) and other ones necessary for the implementation of the contract, such as:

  1. contact, registration and verification information, such as, login and email address, necessary in order to identify You and prevent access of unauthorised persons to Your account;
  2. Your IP address identifying Your mobile device used by You to use the Services;
  3. data on Your device, such as a manufacturer, device model, operating system, language;
  4. general data on the location (collected only in order to properly use the Services – such data can include, e.g. country);
  5. detailed data on the location of Your mobile device, as well as the Lock (GPS only with Your consent);
  6. access to the apparatus of Your mobile device only in order to scan QR codes made available by the Controller necessary for using properly the Services;
  7. data collected by means of cookies and similar technologies;
  8. data to combat fraud and required by legal provisions against money laundering;
  9. data for marketing and analytical purposes so the Services can match better Your needs; and/or
  10. other data which you choose to provide to us.

IV. [Purposes and legal grounds for processing]:

Purposes:  

Legal grounds:

Performance of a contract, including proper use of Services, conclusion and execution of Transactions, and security, in particular – prevention of hacker attacks. Article 6(1)(b) GDPR (processing for the performance of a contract)
Statistical measurements and analytical data processing in order to ensure proper application operation. Article 6(1)(b) GDPR (processing for the performance of a contract) or in case when the measurements are not necessary for the performance of a contract, Article 6(1)(f) GDPR (legitimate interests of the Controller)
Own marketing, including internet marketing, in particular, retargeting, statistics and marketing analytics. Article 6(1)(f) GDPR (legitimate interests of the Controller)
Newsletters Article 6(1)(a) GDPR (consent of the data subject)
Tax, accounting purposes and other purposes resulting from the Controller’s legal obligations Article 6(1)(c) GDPR (processing necessary for compliance with a legal obligation to which the controller is subject)
Telemetric Data taken, inter alia, by means of Microsoft AppCenter, Firebase and iOS Article 6(1)(b) GDPR and (processing for the performance of a contract with the data subject) and Article 6(1)(a) (consent of the data subject)
Maintaining relations and informing former and present customers about services Article 6(1)(f) GDPR (legitimate interest of the Controller)

 

V. [Retention period]:

We process Your data in encrypted format and for not longer than is necessary. After the implementation of the purpose the Data will be deleted in line with our retention policy, unless legal provisions impose on us an obligation to retain them. Depending on the legal ground for the processing, the data can be processed for the following time:

  • if the data are necessary for the performance of a contract – not longer than the limitation period for claims connected with it (the Controller can decide on the earlier anonymisation or deletion of the Data);
  • when the legal ground for the processing of the Personal Data is the legitimate interest of the Controller – until an effective objection is raised (the Controller can decide on the earlier anonymisation or deletion of the Data);
  • when the legal ground for the processing of Your Personal Data is the consent granted by You – until it is withdrawn (the Controller can decide on the earlier anonymisation or deletion of the Data);
  • if the data are processed for tax, accounting purposes and purposes connected with the prevention of money laundering – to the extent and for a period compliant with applicable legal provisions.

 

VI. [Voluntary provision of the Data]:

Provision of the Data is voluntary, however, it can be necessary for the implementation of the Contract and the proper use of the Products.

 

VII.        [Recipients]:

Your Data, only in specific cases, are transferred to the following categories of recipients: (a) appropriately authorised entities which are contracted by us (processors) and which provide services to us, e.g. related to IT systems or marketing operations, (b) other controllers which independently decide on the processing purposes and measures of Your Data, e.g. state or local government bodies. Each transfer of the Data to the recipient takes place only based on a valid and applicable legal ground. The Data made available to the processors are only made available only to such an extent which results from services outsourced to them.

 

VIII.         [Your rights]:

Any time you have the right, free of charge, to:

  1. have access to the Data, including to obtain their copy;
  2. request corrections of Your Data;
  3. delete Your Data (in cases foreseen in GDPR) which will result in deleting all the Data, including the Data in the Controller’s cloud, subject to the Data with regard to which the Controller has the right or obligation to process them pursuant to the applicable law;
  4. limit the processing of Your Data;
  5. withdraw the consent – to the extent Your Data are processed under this consent. Remember that the withdrawal of consent shall not affect the lawfulness of processing based on the consent before its withdrawal;
  6. transfer the Data, i.e. to receive from the controller the Data in a structured, commonly used, machine-readable format which can be transmitted to another data controller, however, only when these Data are processed on the bases of Your consent or in order to implement the Contract.

If you have any reservation about the processing of Your Data by us you may lodge a complaint with the President of the Personal Data Protection Office (www.uodo.gov.pl).

 

IX. [Transfer of the data to the third countries (outside the EEA)]:

Our partners are located first of all in the countries of the European Economic Area (EEA). We do not assume the transfer of the Data to the third countries, i.e. which are located outside the EEA  (European Economic Area). However, if this were to take place we would verify whether the partners ensure a high level of Personal Data protection and whether all requirements resulting from applicable legal regulations are met. If the data are transferred to an entity located in the third party not ensuring an adequate protection level, we use protection measures, such as e.g. standard contractual clauses approved by the European Commission. You have the right to require from us to provide a copy of the standard contractual clauses to You.

 

X. [No automated decision-making]:

As part of own marketing operations we can share advertisements of Our products or services with You outside the application area. In addition to the marketing operations we also undertake operations connected with improvement of our services – we analyse the data in the IT systems by means of various filters and tools.

These operations are performed on the basis of our legitimate interest (legal ground: Article 6(1)(f) GDPR), consisting in searching and grouping categories of persons in order to determine what advertising messages can be interested, as well as in order to improve our services. We do not profile or identify our users, as well as we do not make decisions in respect of You automatically on the basis of the results of afore-described operations.

 

XI. [Information on “Cookies”]:

 

In order to ensure a proper function of our Services, we may sometimes place small files with information data, so-called cookies, on Your computer or mobile device. Cookies are text files which are stored by the server on the computer or mobile device. On the server which created the cookies has access to them. The text which constitutes the content of the cookies often includes identifiers, website names as well as digits and characters. The cookies are unique for used browsers or mobile applications and allow the websites to store various data, including Your preferences. The session (temporary) cookies are removed after each visit, and the permanent cookies – remain for many visits. We can use the cookie files and similar technologies in order to: (a) provide applications and services online; (b) adjust these applications and services to the User’s preferences and their optimisation; e.g. cookie files allow in particular detection of a device using the services online and display of an application in a version tailored to his/her individual needs; (c) create statistics allowing an understanding of the way the Users use our services what allows improvement of their structure and content; (d) maintain the User’s session after logging in, therefore the User has not to enter the login and password on each subsite; (e) display advertising presentations, including in a way taking the User’s preferences into consideration.

 

XII.         [Change/update of information]:

Since the privacy policy is the current information about the processing of the Data, its content may change so it is line with the actual processing of Your Data. The current privacy policy along with information about the last update will be always available and we recommend consulting it regularly.

 

Creation date: 01/03/2020

Date of modification: 15/11/2020

Previous version: App privacy policy 01/03/2020