ipGO 4 MOBILE APP PRIVACY POLICY

I.               DEFINITIONS

1.              Personal data - any information relating an identified or identifiable natural person, as defined in Article 4 (1) GDPR.

2.              AAT or the Company - AAT SYSTEMY BEZPIECZEŃSTWA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered seat in Warsaw (02-801), Puławska 431, entered into the National Court Register kept by the District Court for Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register no. 0000838329, with share capital of PLN 17,005,000 PLN, Tax Identification Number: 9512500868, Business Registry Number (REGON): 385953687.

3.              Application or ipGO 4 - mobile application (software) which is a Work under the Act of February 4, 1994 on Copyright and Related Rights (Journal of Laws of 1994, item 83, as amended), developed by AAT or which AAT owns copyrights to, which the User may use in accordance with its purpose and instructions. The Application is downloadable by the User and installable on their device ("Device").

4.              GDPR - Regulation of the European Parliament and the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

5.              Policy - this privacy policy.

6.              User - an adult natural person, a legal person or an organizational unit that is not a legal person, which is granted legal capacity by the Act, who downloads, installs or uses the Application.

 

II.             SUBJECT OF THE POLICY

1.              This Privacy Policy governs the processing of personal data obtained through the Application.

2.              The data controller is AAT. A Data Protection Officer has been appointed at AAT. The Officer can be contacted on all matters relating to the processing of personal data and the exercise of rights related to data processing via the following email: iod@aat.pl

3.              Personal data collected by AAT through the Application are processed in accordance with the GDPR.

4.              AAT takes special care to respect the privacy of Users using the Application.

 

III.           RULES FOR PERSONAL DATA PROCESSING

1.              AAT collects personal data and technical data of Users.

2.              The Application collects the following Users’ personal data:

a)     User’s e-mail address;

b)     User’s ID;

c)     User’s location (including region);

d)     User’s image (optional, upon its’ express consent);

e)     User’s biometric data (optional, upon its’ express consent).

3.              Users' personal data is processed for the purpose of:

a)     p. 2a), 2b), 2c) – sending notifications, sending opinions on Application, on the basis of Article 6(1)(b) of the GDPR, i.e. for the purpose of performing the service agreement or for the purpose of enabling the use of some functions of the Application;

b)     p. 2c) – choice of the appropriate server, on which the User’s personal data are stored, on the basis of Article 6(1)(b) of the GDPR, i.e. for the purpose of performing the obligations arising from the service agreement;

c)     p. 2c) – search of the devices, located in the User’s location, on the basis of Article 6(1)(b) of the GDPR, i.e. for the purpose of performing the obligations arising from the service agreement;

d)     p. 2 d), 2e) – enabling the chosen Application’s functionality, on the basis of Article 6(1)(b) of the GDPR, i.e. for the purpose of performing the obligations arising from the service agreement or for the purpose of enabling the use of some functions of the Application and on the basis of Article 9(2)(a), i.e. pursuant to User’s express and voluntary consent, given via Application. In the case of sharing image or biometric data of third person by the User, the User is obliged to receive their express consents for processing their personal data. This personal data are stored solely on the Device and AAT does not possess any access to them.

4.              Personal data are obtained directly from the User by entering it in the appropriate field during usage of the Application or by enabling the Application access to other applications or information on the User’s Device.

5.              The application also collects technical data on the User's Device, i.e. name of the device, device model, device unique identifier, device or related devices serial number, IP address, web logs, device logs:

a)     this data in an anonymized form is stored in the Device's memory, and AAT has no access to it;

b)     if the User participated in the “User Experience Program” or the User send an opinion on the Application – the User may transfer the technical data to AAT in a form of diagnostic report for the purpose of analysis and problem solving with the proper Application functioning. In such case, AAT process this technical data on the basis of Article 6(1)(b) of the GDPR, i.e. for the purpose of executing the error repair order.

6.              AAT may also process anonymized information about frequency of use of the Application, Devices, data on Application crashes, error reports or data on unusual events, operational status of non-standard devices, general information on installation and use, performance data - in order to improve the performance of the Application, identify and repair errors in the operation of the Application, based on Article 6(1)(f) of the GDPR, i.e. for the purpose of realizing the legitimate interest of facilitating the use of electronically provided services and improving the functionality of the Application.

7.              The provision of personal data is voluntary, but necessary for the use of the Application or its individual functions. Failure to provide data will result in the inability to use the Application or some of its features.

IV.           ACCESS TO OTHER APPLICATIONS AND INFORMATION ON THE DEVICE

1.              The Application may access other applications installed on the Device, i.e. location, camera, microphone, gyroscope, phone memory, local network and gallery - in order to operate the functions of the Application, based on Article 6(1)(b) of the GDPR, i.e. to perform the contract for the provision of electronic services.

2.              Information and personal data collected by the Application by accessing the aforementioned application is stored on the User's Device. AAT does not gain access to this data and information.

3.              The Application may access the location of the Device in order to make network settings in the Application, i.e. to obtain information about the Wi-Fi of the Device, based on Article 6(1)(b), i.e. - in order to perform the contract for the provision of electronic services.

V.             PUSH NOTIFICATIONS

1.              The Application enables receipt of the Push notifications, i.e. notifications send to the Device and displayed on its main screen. Those notifications work while the Application is running in the background (the Application is not turned on.

2.              After the Application is installed, the User may turn on the Push notifications.

3.              The User may turn on or turn off the Push notifications at any time.

4.              The notification system does not use User’s personal data. It relies solely on anonymous identifiers generated by the provider’s system services (Google/Apple).

5.              Push notifications contain messages related to the Application’s functioning.

6.              Usage of the Push notifications is voluntary. Turning off this option may result in the inability to use some Application’s features.

VI.           PERSONAL DATA RECIPIENT

1.              Users' personal and technical data are transferred to the service providers used by AAT in developing and operating the Application. Service providers whom User’s data is transferred to, depending on contractual arrangements and circumstances, may be subject to AAT's instructions as to the purposes and means of processing such data (processors), or may determine the purposes and means of processing themselves (controllers).

2.              Personal and technical data may be received by:

a)     entities that provide services to AAT and therefore process personal data,

b)     entities providing consulting and auditing services, e.g., auditing firms, chartered accountants,

c)     state authorities or other entities authorized under the law, in order to carry out their obligations (Tax Office, Social Security),

d)     as AAT is part of a group of companies - other group companies.

3.              Service providers are based in Poland or other countries in the European Economic Area (EEA).

4.              If it becomes necessary to transfer your Personal Data to a third country, AAT will take the necessary steps to ensure that the transfer complies with the GDPR.

VII.         PERIOD OF PERSONAL DATA PROCESSING

1.              Personal Data and Technical Data of Users are kept for as long as it is necessary to perform the contract for the provision of electronic services, and after that for a period corresponding to the period of limitation of claims.

2.              If the basis for the processing of Personal Data and Technical Data is consent, Personal Data and Technical Data of Users are processed by AAT until the User withdraws consent, and after that - for a period corresponding to the period of limitation of claims.

3.              The user has the option to delete his/her account at any time, which will result in the discontinuation of the processing of Personal Data and Technical Data by AAT. However, AAT is still entitled to process their Personal Data and Technical Data for a period of time corresponding to the statute of limitations for claims.

VIII.       RIGHTS OF THE DATA SUBJECT

1.              Any person whom Personal Data relates to has the right to:

a)     access their personal data, including, in particular, information about whether AAT processes its personal data and about the scope of their personal data held by AAT, the purposes of data processing or the categories of recipients of personal data;

b)     object at any time to the processing of personal data for reasons relating to your specific situation,

c)     request rectification of their personal data or complete personal data, if found incomplete;

d)     request to have their personal data deleted;

e)     transfer data

f)      request to have their personal data processing limited

-      under the terms of the GDPR.

2.              The User has the right to revoke any consent he/she has given to AAT with effect from the moment of withdrawal of their consent.

3.              Withdrawal of consent does not affect the processing performed by AAT lawfully before its withdrawal.

4.              The exercise of certain rights of the data subject, in particular those indicated in paragraph 1(b), (d), (f) and paragraph 2, may prevent further use of the Application or certain of its functions.

5.              To exercise these rights, contact our Data Protection Officer (contact information above). You have the right to lodge a complaint to the President of the Personal Data Protection Office.

6.              Despite a request for deletion of personal data, due to the filing of an objection or withdrawal of consent, AAT may retain certain personal data to the extent that the processing is necessary to establish, assert or defend claims, as well as to comply with a legal obligation requiring processing under Union law or the law of a Member State to which AAT is subject.

7.              Based on the personal data you provide, AAT will not make automated decisions, including decisions resulting from profiling within the meaning of the GDPR.

IX.           COOKIE MECHANISM, IP ADDRESS

1.              The application does not use cookies. The application does not collect IP addresses of Users.

X.             SECURITY OF PERSONAL AND TECHNICAL DATA

1.              AAT has implemented appropriate technical measures and security controls to protect the Personal Data processed. The application provides a secure and encrypted connection when using it and transferring Personal Data. AAT uses an SSL certificate issued by one of the world's leading companies for security and encryption of data transmitted over the Internet.

XI.           FINAL PROVISIONS

1.              This Policy is subject to change and AAT will inform Users if it by posting the current content of the Policy on the Application.

2.              The Company shall provide the Application as is, without any warranties, and shall not be liable for the functional deficiencies of the Application or the consequences of using the Application.

3.              The User acknowledges and agrees that the entire risk arising from the use of the Application rests with the User to the fullest extent permitted by law.

4.              The Application may contain links or references to other websites or applications. AAT is not responsible for their content and privacy policies there.

5.              In the event that other language versions of this Policy are created and there is a linguistic discrepancy between them, the Polish language version shall prevail.