I. GENERAL INFORMATION
II. PERSONAL DATA CONTROLLER
The Controller of personal data is Litteract sp. z o. o. with its registered office in Wrocław, Grawerska 111 street, 51-180 Wrocław (Poland) entered in the Register of Entrepreneurs of the National Court Register, whose files are kept by the District Court in Wrocław, VI Commercial Department of the National Court Register, under KRS number: 0000814454, NIP: 8952211978, REGON: 384907372, share capital in in the amount of PLN 5,100.00, hereinafter referred to as the “Controller”.
The Controller attaches great importance to the protection of the privacy and confidentiality of the personal data of the App and the Website users (“Users”), and also selects and applies appropriate technical and organizational measures to ensure the protection of personal data processed with due care exercised. The Controller protects personal data against disclosure to unauthorized persons, as well as against their processing in violation of applicable law.
The Controller processes information about the User in accordance with the provisions of law, in particular with EU General Data Protection Regulation of 27 April 2016 (hereinafter: GDPR).
The Controller is entitled to process personal data belonging to third-party data sets that have been made available to the Controller solely on the basis of a data processing agreement.
III. SCOPE, PURPOSES AND LEGAL BASIS FOR PROCESSED PERSONAL DATA
Registration and login
The use of the App requires registration by the User. The registration requires the following personal data to be provided:
- date of birth;
- email address;
The User is also obliged to setting a password.
Notwithstanding the foregoing, the User may register in the App by Facebook account login data (Facebook Connect service) – in this case the Controller shall obtain only the e-mail address and possibly the Facebook username (full name) to contact. The User may also log in to the service using a Google Account (Google Access) – in this case, no User data will be transferred to the Google service operator during the registration and logging, and the Administrator only receives the full name and email address entered in the Google service.
The above data will be processed to enable User to use the App and login authentication each time. The legal basis for processing in this regard is Art. 6 clause 1 lit. b) GDPR.
Using the app
As part of using the App, we may process data entered by you into the App through its specific functionality. This may be data such as your image (set as an Avatar), full name, e-mail address, IP address, and if you agree to the App access to this data on your mobile device – location data, photos, contacts, content of files entered into the App, content imported by you to the App from other Apps. In this regard, the basis for the lawfulness of data processing is the necessity of data processing for the performance of the contract (art. 6 para. 1 point b) GDPR) or in case that the processing takes place on the effect of your prior consent – your voluntary consent, which you can withdraw at any time without affecting the processing activities carried out before its withdrawal (art. 6 para.1 point a) GDPR).
User’s activity data
We also process data about your activity in the App and the Website, such as the number of interactions with individual functions, the amount of time spent in the App or on the Website, the date and time of using the App or the Website, technical information about the device in which you use the App or the Website, the device ID, and its location. These data are processed for statistical purposes and to improve the quality of services and functionalities available as part of the App or the Website, which is the legitimate interest of the Controller (art. 6 para. 1 point f) GDPR).
Your personal data (first name, e-mail address) can also be processed for the purpose of sending the newsletter, if you have agreed to this through the App. In this regard, the basis for the lawfulness of data processing is your voluntary consent, which you can withdraw at any time without affecting the processing activities carried out before its withdrawal (art. 6 para. 1 point a) GDPR)
Defense against claims and pursuing legal claims
Your data may be processed by the Controller to defend against potential legal claims or to enable the Controller to pursue its potential legal claims related to your use of the App or the Website – in this case, the legal basis for data processing is the Controller’s legitimate interest, consisting of the possibility of defense against claims or the possibility pursuing claims (art. 6 para. 1 point f) GDPR).
Processing in connection with the query
Your data that you provide to the Controller for this purpose may be processed in order to answer a question or solve a problem related to the use of the App or the Website – in this case the legal basis for data processing is the legitimate interest of the Controller, consisting in the need to answer your question (art. 6 para. 1 point f) GDPR).
Processing to comply with a legal obligation imposed on the Controller
In some cases, we will have to process your data, because a legal provisions imposes such an obligation on us. This will apply, for example, when we will be obliged to bill paid services or in the event that we will consider your complaint regarding the services available as part of the App. In such cases, the basis for processing will be (art. 6 para. 1 point c) GDPR)
IV. THE PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED
Your data processed for the purpose of registration, logging in and using the functionality of the App will be stored until the account is deleted. After deleting the account, for 3 years, we will store only data that may be necessary to defend against any claims or to pursue claims related to your use of the App.
Personal data processed to respond to your inquiry will be processed for the period necessary to complete the inquiry. If specific messages may constitute or constitute evidence in any proceeding before a court or other authority, they will be kept until the end of the limitation period for any claims or until the final termination of the proceeding, if initiated, whichever is the later.
Data that will be processed in order to perform the obligation imposed on the Controller under the law, will be stored until the fulfillment of this obligation, unless the law requires further storage of this data.
Data processed for the purposes of the legitimate interests pursued by the Controller or by a third party, in particular statistical and analytical data, will be processed until the User expresses effective objection to their processing.
Data processed for the purpose of sending the newsletter will be stored until consent to data processing for this purpose will be withdrawn.
The data will also be deleted when it is no longer necessary for the purposes for which it was collected. However, the information necessary to prove that the User has consented to the processing of data for a specific purpose will be processed for a period of 3 years from the date of termination of processing of such data.
V. SHARING DATA TO OTHER ENTITIES. DATA RECIPIENTS.
In order to protect your personal data against accidental or unlawful disclosure to unauthorized persons, removal by unauthorized persons, destruction, loss, damage or modification as well as processing contrary to the provisions of law, the Controller uses technical and organizational security measures to protect data.
Please be advised that the Controller has access to the user account and any data collected there. All personal data processed by the Controller are accessible only to authorized employees or associates of the Controller and external entities providing individual services to the Controller, which are related to the service of the App or the Website, who were entrusted with these data and who were obliged to keep confidential any Users personal data to which they have access. Your data which you made available to the public may be visible to other Users.
Personal data of App users may be made available to entities authorized to receive them under applicable law, including relevant state authorities.
VI. USER’S RIGHTS
The User who provided personal data has the following rights:
- access to the content of his data,
- correcting the data,
- modification of the data.
- limitation of data processing,
- deleting data,
- transferring data processed in an automated manner on the basis of the User’s voluntary consent or processed in an automated manner if their processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract.
The User also has the right to object, at any time, to the processing of personal data by the Controller when:
a) processing is carried out for the purpose of direct marketing – if the User exercises this right, we will immediately stop processing his personal data for this purpose,
b) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party – if the User exercises this right, we will immediately stop processing his personal data, unless we can prove that there are valid legitimate grounds for further data processing, superior to the interests, rights or freedoms indicated by the User.
If the User exercises one of the above rights, the Controller will immediately take actions to eliminate the incompatibility in the processing of personal data.
In addition, when the processing of personal data is based on consent, the User is entitled to withdraw consent to the processing of personal data. Consent may be withdrawn at any time, without affect to any processing operations carried out prior to the withdrawal of consent.
In order to exercise the rights referred to above, you can contact the Controller by e-mail email@example.com, or by correspondence to the following address:
Litteract sp. z o.o
ul. Grawerska 111
51-180 Wroclaw, Poland
The User also has the right to lodge a complaint with the supervisory authority, if he considers that the processing of data by the Controller violates the provisions of applicable law, in particular the provisions of GDPR.
When you use the Website, we may store some data on your device in the form of so-called “cookies”. “Cookies” will help us in a variety of ways, e.g. they will allow us to better tailor the content of the Website to your interests. “Cookies” are not harmful to the device, but are only intended to facilitate the work of both us and you. To enable the use of “cookies”, Users are entitled to consent before using the Website. You have no obligation to accept “cookies”, however, acceptance of “cookies” will allow you to fully use the Website.
The data contained in cookies will be stored for the period of the life cycle of these files on the User’s device.
VIII. SAFETY OF USER AND CHILDREN’S DATA
The Controller undertakes that he will apply adequate technical measures to achieve the highest level of security of User’s personal data, trying to prevent unauthorized access to data.
The Controller undertakes to protect data against accidental or unlawful disclosure to unauthorized persons, destruction, loss, damage, alteration and processing in violation of applicable law.
The Controller declares that he will not knowingly collect and process personal data from persons under 16 years of age, without first obtaining permission from their parents or other legal representatives.
In the event that the Controller receives information that he has unknowingly obtained the personal data of persons under 16 years of age, the Controller undertakes to immediately take measures to stop data processing and delete them.
IX. FINAL REMARKS
In case of any doubts as to the content of this Policy, explanations can be obtained by contacting by e-mail to the address: firstname.lastname@example.org or by correspondence to the following address:
Litteract sp.z o.o.
ul. Grawerska 111
51-180 Wroclaw, Poland