1). THE CONTROLLER
The Controller of your personal data is XOPERO SOFTWARE S.A. with headquarters in Gorzów Wlkp., 3 Franciszka Walczaka Street, 66-400 Gorzów Wlkp., Registered in the Register of Entrepreneurs of the National Court Register under KRS number: 0000684240, NIP: 599-306-66-03, REGON: 080285693.
Contact e-mail: [email protected]
Telephone +48 95 740 20 40
2). DATA PROTECTION OFFICER
Our Data Protection Officer is:
Tadeusz Koper e-mail address: [email protected]
3). PRIVACY POLICY
This document contains the most important information about the rules for the processing of your personal data - in accordance with the requirements of art. 13 and 14 GDPR.
The full rules, procedures, and practices can be found in the XOPERO Privacy Policy, which is available at: https://xopero.com/data-protection-policy/
4). PURPOSES OF PERSONAL DATA PROCESSING
We use your personal data obtained when creating a user account or entering into a contract, as well as during the term of the contract, for the following purposes
a) conclusion and performance of the contract, including ensuring the quality of services (including troubleshooting and verifying the correctness of services) – legal basis: Article 6(1)(b) of the GDPR, hereinafter referred to as: “performance of the contract”;
data retention period: the duration of the contract and settlements following its termination;
b) fulfilling our legal obligations, in particular:
i. issuing and storing invoices and accounting documents;
ii. responding to complaints within the time limits and in the manner prescribed by law;
iii. storing HR and payroll documentation within the time limits and in the form prescribed by law;
- legal basis: Article 6(1)(c) of the GDPR; hereinafter referred to as: “legal obligation”)
data retention period: the time required to fulfill obligations, e.g., issuing an invoice, or the period during which regulations require us to retain data, e.g., tax-related data, or the period during which we may face legal consequences for failing to fulfill an obligation, e.g., receiving a financial penalty from government authorities
c) establishing, defending, and pursuing claims – legal basis: Article 6(1)(f) of the GDPR; hereinafter referred to as: “legitimate interest”;
data retention period: the duration of the contract, followed by the period after which claims arising from the contract become time-barred, and in the event that we pursue claims or notify the competent authorities—for the duration of such proceedings;
d) detection and prevention of fraud – legal basis: performance of the contract, legitimate interest;
data retention period: the period after which claims arising from the contract become time-barred;
e) marketing – legal basis: legitimate interest;
data retention period: the duration of the contract;
f) creating reports, analyses, and statistics for our internal needs; this includes, in particular, reporting, marketing research, planning the development of services or networks, development work on IT systems, and creating statistical models – legal basis: legitimate interest;
data retention period: the duration of the contract, and thereafter no longer than the period after which claims arising from the contract become time-barred;
g) customer support, including notifications of outages, and tailoring of service based on, among other things, data regarding the offer you use or complaints filed to date – legal basis : our legitimate interest;
data retention period: duration of the contract.
For the purposes indicated above (in addition to the purpose of “concluding and performing the contract” and “compliance with legal obligations”), we will perform profiling, i.e., automated analysis of your data and the development of predictions regarding your preferences or future behavior (e.g., in the case of marketing profiling, we will determine which offer you may be most interested in).
If you pay through, for example, a bank or payment institution, we will obtain information about which account and which institution you used to make the payment. We will process this data to verify that you have made the payment correctly, and if necessary, to process refunds (legal basis: performance of the contract), to establish, pursue, and defend claims, and for the purposes of creating statistics and analyses (legal basis: legitimate interest).
If you consent to the use of your data, the content of this consent will determine the purpose for which we will process this data.
5). CONSENT
If our use of your data is not necessary for the performance of a contract, compliance with a legal obligation, or based on a legitimate interest, we may ask for your consent to specific uses of your data.
You may withdraw your consent at any time (this will not affect the lawfulness of our use of your data prior to the withdrawal of such consent).
6). REQUIRED DATA
To enter into a contract, we require you to provide your data on the user account registration form or the contract form. If you do not provide this information, we will not create a user account for you or enter into a contract.
Additionally, we may ask for optional data that does not affect the conclusion of the contract (if we do not receive it, we will not be able to, for example, contact you via email).
During the term of the agreement, while providing services, we collect other data about you, including information regarding your use of our services, devices, or website. The collection of this data is a consequence of the technical operation of the services you use.
7). DATA TRANSFER
We transfer your data to:
a) entities that process data on our behalf and assist in the performance of our activities
i. agents, advertising agencies, and other intermediaries involved in the sale of services or the organization of marketing campaigns;
ii. entities operating ICT systems or providing ICT tools;
iii. subcontractors supporting the provision of services,
iv. entities operating and maintaining our telecommunications network;
v. entities providing us with advisory, consulting, auditing, legal, tax, and accounting services, as well as research agencies acting on our behalf;
b) other data controllers processing data on their own behalf:
i. entities providing postal or courier services;
ii. entities conducting payment activities (banks, payment institutions);
iii. entities cooperating with us in handling accounting, tax, and legal matters - to the extent that they become data controllers;
8). AUTOMATED DECISION-MAKING
We make automated decisions that have a significant impact on you in the following situations:
a) when creating an account – we automatically decide to create a user account;
b) when concluding a contract via the form on our website – we make automated decisions regarding the conclusion of the contract or the terms of its conclusion, renewal, or extension
c) as part of the contractual terms, we may specify that reaching or exceeding thresholds or limits indicated by us (e.g., data transfer) may result in specific consequences (e.g., suspension of the service or its operation under different terms). If our IT systems detect that these thresholds or limits have been reached, we will automatically apply the specified solution;
d) In order to detect and respond to misuse of our services, we make automated decisions to classify certain unusual user activity as inconsistent with the nature of the service and the terms of the agreement.
e) If you are behind on payments, we may automatically decide to restrict or prevent your use of our services.
9). TRANSMISSION AND LOCATION
When you use our services provided over the Internet, we process your transmission data (regarding connections) and location data (regarding the device’s location).
After they have been completely anonymized, we may process transmission and location data for the purposes of statistics, performance analysis, and the expansion of our services.
10). RIGHTS
You may submit a request to us (regarding personal data) for:
a) correction (rectification) of data;
b) the deletion of data processed without legal basis or posted on our websites;
c) restriction of processing (suspension of data operations or non-deletion of data—in accordance with the submitted request);
d) access to data (information about the data we process and a copy of the data);
e) transfer of data to another data controller or to you (within the scope specified in Article 20 of the GDPR).
You may exercise these rights by submitting a written request in person at our office, by mail (address provided at the beginning), or through our Data Protection Officer (contact details provided at the beginning).
To ensure that you are authorized to submit a request, we may ask you to provide additional information to help us verify your identity.
The scope of each of these rights and the situations in which they may be exercised are governed by law. Which rights you may exercise will depend, for example, on the legal basis for our use of your data and the purpose of its processing.
11). RIGHT TO OBJECT
Regardless of the rights listed above, you may object at any time to the processing of your data (including profiling) for direct marketing purposes. Upon receiving such a request, we are obligated to cease processing your data for this purpose.
In specific situations, you may object at any time to our processing of your personal data (including profiling) if the basis for the use of the data is our legitimate interest. In such a situation, after reviewing your request, we will no longer be able to process the personal data covered by the objection on this basis, unless we demonstrate that there are: 1) compelling legitimate grounds for the processing of the data which, under the law, are considered to override your interests, rights, and freedoms, or 2) grounds for the establishment, exercise, or defense of legal claims.
12). COMPLAINT
You have the right to file a complaint with the President of the Personal Data Protection Office if you believe that the processing of your personal data violates the law.