Privacy policy

This Privacy Policy is a document related to the Terms of Use of the Application and the Website (“Terms of Use”). Definitions of the terms used in this Privacy Policy were included in the Terms of Use. The provisions of the Terms of Use are applied accordingly.

The Policy is for information purposes and serves satisfaction of information obligations imposed on the data controller under the General Data Protection Regulation, i.e. GDPR.

§ 1 PERSONAL DATA CONTROLLER

  1. The Controller of the personal data processed within the Application and the Website, entered therein under the Agreement, in particular the Users' personal data, is the Client, i.e. the entity using the Application subject to paragraph 1.2. below.
  2. The Controller of the personal data of the Clients themselves, i.e. personal data related to the conclusion of agreements for the provision of services by electronic means, data related to subscription to commercial information, data related to complaints and backups of such data, is the Service Provider, i.e. inEwi sp. z o.o. with its registered office in Bielsko-Biała, ul. 1 Maja 15, 43-300 Bielsko-Biała, entered in the register of entrepreneurs of the National Court Register (KRS) under number KRS: 0000456957, Tax Identification Number NIP: 5472146245, National Business Registry Number REGON: 243231027, share capital in the amount of PLN 151,000.
  3. If a User consents to the processing of his/her personal data for the purposes indicated in the Privacy Policy, the Service Provider is also their controller.
  4. The Data Controller has appointed a Data Protection Officer (DPO) to ensure the processing of personal data in compliance with the laws and security rules. The DPO (Piotr Kania) may be contacted via the e-mail address: [email protected].

§ 2 PURPOSES, BASES, SCOPE AN TERM OF PERSONAL DATA PROCESSING

  1. The Service Provider processes the following categories of the Client's personal data: first and last name, business name, Tax Identification Number NIP, address, e-mail address, IP address, geolocation.
  2. The Service Provider, as the Data Controller, may process the following categories of personal data of the Users: first and last name, e-mail address.
  3. The individual purposes and bases for processing the personal data of the Clients and Users are presented below, along with the scope of data processed for individual purposes and the period for which the data will be processed (purpose; scope of data; legal basis; processing period).
    • establishment of an Account by a Client; IP address, email address; Article 6(1)(b) GDPR - processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject prior to entering into a contract; until the statute of limitations for claims related to the use of the Account;
    • provision of Services to Client; email address, IP address, first name, last name, address, company, geolocation; Article 6(1)(b) GDPR - processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject prior to entering into a contract. With regard to health data, Article 9(2)(a) of the GDPR, i.e. the express consent of the data subject to the processing of such data; Until the statute of limitations for claims related to the use of the Account, unless the User earlier independently deletes part of the processed personal data or withdraws consent to the processing of his/her personal health data;
    • contacting data subjects, responding and other correspondence; name, surname, telephone number, e-mail address, other data provided voluntarily by the data subject; Article 6(1)(f) GDPR - legitimate interest of the Service Provider as a controller to handle inquiries and correspondence addressed directly by data subjects; until the correspondence is completed or the data subject objects;
    • issuance of accounting documents, bookkeeping; name and surname, payment data, company, Tax Identification Number; Article 6(1)(c) of the DPA - implementation of the law; for the duration of the obligation to keep accounting documents under the law;
    • traffic surveys on the Application and on the Website; IP address, cookies, Internet identifiers; Article 6(1)(a) GDPR - consent of the data subject; until the data is no longer useful or the data subject withdraws consent;
    • sending Newsletters (including information about new features of the Application and the Website) to Service Recipients and Users; name, surname, e-mail address; Article 6(1)(a) GDPR - consent of the data subject or Article 6(1)(f) GDPR - legitimate interest of the Service Provider as controller to inform about new features of the Application and the Website; in case of consent - until the data loses its usefulness or the data subject withdraws consent. In the case of the legitimate interest of the controller - until the data loses its usefulness or the data subject objects;
    • handling of requests regarding so-called illegal content: name and surname or name, e-mail address, information regarding an Account within the Application; Article 6(1)(c) of the GDPR in conjunction with Article 9 and 16 of the Digital Services Act - fulfillment of legal obligations; for the duration of the request handling and the reporting period regarding the handling of the respective request.
  4. The Client may consent to the use of Cookies necessary for the implementation of purposes by the programs detailed in paragraph 7 of this Policy.
  5. In the scope in which the Service Provider is the Controller of the data of the Clients and Users, the Service Provider does not take any activities that constitute profiling, including automated decision-making with respect to the Clients and Users.
  6. The Service Provider informs that the provision of personal data by the Client is voluntary, whereby if the Client refuses to provide personal data, it will not be possible to conclude the Agreement, provide the Services and take any other actions.

§ 3 RECIPIENTS OF PERSONAL DATA

  1. The Service Provider may transfer the personal data of the Clients and Users to third parties for further processing. The recipients of personal data include: an accounting company, a hosting provider for the Website, a company providing technical support for the Website, a company handling payments, a company providing a CRM system. Personal data may also be disclosed to: competent state authorities upon their request on the basis of the relevant legal provisions or other persons and entities – in the cases prescribed in the legal provisions.
  2. The personal data of Clients and Users will not be transferred to third countries (i.e. beyond the European Economic Area).

§ 4 CLIENT AS THE PERSONAL DATA CONTROLLER

  1. The Client will process the personal data with respect to which he/she is the Data Controller in the Application for the purpose of employment (on the basis of both an employment contract and other civil-law contracts) and HR matters, in the scope and for the term necessary for the employer to fulfil its obligations under the Labour Code or other acts related to the conclusion of other civil-law contracts.
  2. The Client hereby undertakes to process in the Application as part of the Account only personal data which he/she is fully authorised to process and which do not violate third persons' rights, as well as with regard to the processing of which he/she is able to provide the legal basis in the scope prescribed by the Terms of Use and the Privacy Policy.
  3. The Client has transferred to the Service Provider the processing of all personal data provided to the Service Provider within the Account, in particular referring to the Users, for the term of the Agreement, unless there is another legal basis for their further processing.
  4. The data will be transferred for processing for the purpose of the proper provision of the services provided by the Service Provider to the Client connected with the recording and management of the working time of persons employed by the Client, as well as the exercise of the rights and obligations of the Users as prescribed in the Terms of Use.
  5. Upon the Client's consent, the Service Provider will further transfer personal data for processing, which will consist in their storage, to entities that guarantee the level of security of personal data processing as required by the provisions of the GDPR.
  6. The terms of the processing of personal data by the Service Provider on behalf of the Client have been established in a separate agreement (personal data transfer agreement) concluded between these entities.

§ 5 SECURITY OF PROCESSING

  1. The Service Provider declares that as the Data Controller and the Processor of personal data upon order of the Client he/she has taken all the necessary organisational and technical measures to secure the data sets as well as the security of processing as prescribed in Articles 25, 30, 32-34, 35-39 of the GDPR.
  2. Access to information that is personal data on the part of the Service Provider is granted only to persons authorised to administer the Website on the basis of granted authorisations including declarations of confidentiality with respect to the processed data and the applied safeguards. Files containing web server logs may be analysed for the purposes of preparing statistics concerning traffic on the Website and occurring errors.
  3. For more information on Data Security, please refer to the Terms of Use.

§ 6 RIGHTS OF DATA SUBJECTS

  1. The Service Provider informs that the Users whose personal data are controlled by the Service Provider have the right to inspect their data processed by the Service Provider and the right to correct such data, they also have the right to control the processing of the data referring to them contained in the data sets, in particular the right to: (i) access their personal data, (ii) complete and correct their data by submitting a relevant request, (iii) request the temporary or permanent suspension of their processing or their deletion if they are incomplete, outdated, untrue or have been collected in violation of the Act or are no longer necessary for the purpose for which they were collected, (iv) object to the processing of their personal data and (v) request their deletion when they become unnecessary for the purpose for which they were collected.
  2. Furthermore, the Users have the right to: remove the collected personal data referring to them both from the system of the Service Provider and of the bases of the entities with whim the Service Provider has co-operated, object to the further data processing for marketing purposes, restrict the data processing, portability of the personal data referring to the Users collected by the Service Provider, including the right to receive them in a structured form, file an objection with the supervisory authority if a User states that his/her data are processed in violation of the law and to seek judicial remedy against the supervisory authority and the infringing entity.
  3. In the scope in which the Client is the Controller of the Users' data, he/she is responsible for the exercise of the Users' rights indicated in paragraphs 7.1. and 7.2. above. The Service Provider will immediately inform the Client of any claim raised by a User who is an employee of the Client.

§ 7 COOKIES AND OTHER SOFTWARE POLICY

  1. The Application, in the scope in which it operates as a website opened by means of a browser used by the User, uses software that is not a component of the services described in these Terms of Use, as indicated below.
  2. The Application uses cookies in order to store a session and remember basic login data. The Client may modify the cookie settings in his/her web browser, with the proviso that for purpose of the proper functioning of the Application, the support of the Service Provider's session cookies should be enabled for a current session. The Client may also agree to the use of third-party External Cookies by the Service Provider at any time, specifying the conditions for their storage, through the settings of the web browser or through the configuration of the service provided within the Application. Failure to enable External Cookies will not result in the unavailability of part or all of the functions of the Website to the Client or the User.
  3. The Application uses, upon the Client's consent and on the terms specified in paragraph 7.2., programs that monitor activity on the Users' screens and the number of clicks on given functions in order to adapt the Application interface to the Users' needs more effectively. The indicated programs do not generate any personal data of the Users.
  4. The program mentioned in paragraph 7.3. above does not undertake any activities that involve the processing of personal data.
  5. If the User has consented within the Service, the information contained in the cookies will be transmitted to Google. Information about the purposes, ways and principles on which Google will process information can be found in Google's Privacy Policy and Google's Terms of Service.

This website uses cookies, pixel tags, and local storage for performance, personalization, and marketing purposes. We use our own cookies and some from third parties. Only essential cookies are turned on by default.