TERMS REGULATING THE PROVISION OF SERVICES BY ELECTRONIC MEANS IN CONNECTION WITH THE USE OF THE UNRUBBLE APPLICATION
§ 1 DEFINITIONS
- Application - an application designed to record working time provided by the Service Provider, available through the Website;
- Staff Scheduling Mobile Application - an application adjusted to operate on smartphones, enabling the use of certain functions of the Application;
- TimeClock Mobile Application - an application adjusted to operate on tablets or smartphones, enabling the use of working time recording functions available in the Application by means of QR codes;
- Applications - in aggregate: the Application, the Staff Scheduling Mobile Application and the TimeClock Mobile Application;
- Account - a service rendered by electronic means by the Service Provider; a part of the Application individually assigned to the Client, enabling the use of its functionalities;
- Package - access to the Application functionalities purchased by the Client, whose price depends on the duration of the Service provision, the number of Users authorised to use the Application, and the scope of the Application functionalities made available to the Users;
- Website - a website available at the URL address unrubble.com and its subpages;
- Force Majeure - an external and unpredictable event that could not be prevented by the Service Provider or the Client, in particular an epidemic, a natural disaster, extreme weather conditions, unusual conduct of communities, acts of state authorities, server failures, and hacker attacks;
- Service Provider - inEwi sp. z o. o. with its registered office in Bielsko-Biała, ul. 1 Maja 15, 43-300 Bielsko-Biała, entered in the register of entrepreneurs of the National Court Register (KRS) maintained by the District Court in Bielsko-Biała, 8th Commercial Division of the National Court Register under number KRS: 0000456957, Tax Identification Number NIP: 5472146245, National Business Registry Number REGON: 243231027; share capital: PLN 151,000.00, e-mail address: firstname.lastname@example.org;
- User - a Client and any person to whom the Client has granted access to the Application in an individually defined scope.
§ 2 GENERAL PROVISIONS
- By means of the Application, the Service Provider enables a User with relevant authorisations, on the basis of the information and data entered into the Application, to record working time, plan the work schedule, and manage applications.
- By means of the Application, the Service Provider provides services to entrepreneurs only, and the Agreement cannot be concluded by a consumer or an entrepreneur on the rights of a consumer. All Services are provided exclusively to the benefit of the Client, who may use the Employer's profile in connection with employment, create User profiles, and authorise individual persons to use these profiles.
- In the case of any doubt as to the purpose of the Services, it should be assumed that the Service Provider does not provide any services to Users other than Clients. The Client is responsible for enabling other Users to use the Services to the extent chosen by the Client, and the Client bears full responsibility towards the Service Provider and third parties for facilitating the use of the Services by such other Users.
- Any actions taken by the Users are performed for and on behalf of the Client.
§ 3 TYPES AND SCOPE OF SERVICES
- By means of the Applications, the Service Provider provides in particular the following types of services to the Client:
- The Service Provider provides information services by providing, upon an individual request of the User, the information requested by the User, placed and edited in the Application.
- The Service Provider provides storage services for the data edited by the User by providing data storage on third-party servers. The Service Provider ensures that the provider of data storage services has safeguards to ensure the security of the data.
- The Service Provider provides the services mentioned in paragraphs 2-3 in such a way that it allows the Client to access the full range of services, and other Users in a limited scope determined individually by the Client.
- The Service Provider enables the Users to communicate with other Users by means of the relevant functionalities of the Application.
- As part of the Website, the Service Provider enables the purchase of paid Packages by online payment through the payment operators stated on the Website or otherwise as indicated on the Website.
- The Service Provider provides Services to the given Client in the scope resulting from the functionalities provided by the Service Provider free of charge or in the scope resulting from the type of Package purchased by the Client.
§ 4 CONDITIONS OF AGREEMENT CONCLUSION AND TERMINATION
- By means of the Application, the Service Provider provides the Client with:
- As part of the Agreement, the Service Provider provides Services to the Client that consist in making the Application available to Users and enabling them to use its functionalities.
- The Agreement for the provision of free-of-charge services by electronic means is concluded for a defined period of 14 (fourteen) days from the date of its conclusion, with the proviso that the Account and the data collected during the Service provision of Services are not deleted, and the Client has access to the functionalities enabling the export of the collected data outside the Application.
- The Client is entitled to delete the contents of the Account by means of the relevant functionalities of the Application. In such a case, the data collected during the use of the Application by the Client and his/her linked Users are completely and irreversibly deleted or anonymised.
- The Service Provider may extend the period of provision of free-of-charge services by electronic means on the terms agreed upon with the Client.
- The Agreement for the provision of paid services by electronic means is concluded between the Service Provider and the Client upon the Client’s effecting the payment.
- The Agreement for the provision of paid Services is concluded for a defined period of time as stated in a Package, with the proviso that the Client's account and the data collected in the course of the Service provision are not deleted, and the Client has access to the functionalities enabling the export of the data outside the Application. If the Client wishes to delete the Account completely, then he/she should submit a relevant request by means of the relevant functionality of the Account. In such a case, the data collected during the use of the Application by the Client and his/her linked Users are completely and irreversibly deleted or anonymised.
- The Agreement for the provision of paid Services by the Service Provider may be amended by the Client by means of a dedicated panel, modifying the Agreement by selecting a Package with a different specification from the previous Package and, if an extra payment is required, making payment. If the Agreement is changed into an agreement with a lower price value, the fees paid to that date are not refundable and the Client may return to the previous Agreement with a higher price value only by changing the Agreement with obligatory extra payment or concluding a new Agreement.
- The Service Provider may terminate any Agreement with the Client immediately, without observing the notice period, if:
- The Service Provider may terminate each Agreement for the provision of free-of-charge services upon one week's notice where, after the relevant Client uses the Application for one year, the Application includes no data referring to that Client, except for data related to the creation of profiles, company information and possible data related to the conclusion of the Agreement for the provision of free-of-charge services.
- Invoices will be sent to the Client in electronic form, to which the Client hereby consents. Invoices will be made available to the Users with appropriate authorisations.
§ 5 TERMS AND CONDITIONS OF SERVICE PROVISION
- In order to use the Application, the User's equipment needs to meet the following minimum technical requirements:
- Where the User uses the Application by means of equipment that fails to meet the requirements indicated above, this may cause that the relevant Application will not function or will function incorrectly, or some of the options contained in it will be unavailable, for which the Service Provider is not liable.
- As a result of concluding the Agreement for paid Services, the Client gains access to the Application functionalities limited to a number of Users selected by the Client, for a period of time and in modules selected by the Client, whereby the Client's choice is limited to the options available in the Application and offered by the Service Provider.
- The Service of User access to the Application is provided only where the Client adds, by means of a dedicated panel, of a new User and enters his/her data, and then the relevant User uses an activation link.
- The Service Provider may not provide any unlawful content to the Application or to take any action that may disrupt the functioning of the Application or lead to an infringement of the law or of the privacy of Users.
- The Service Provider is subject to the exclusion of liability for the provision of services by electronic means in the scope and on the terms prescribed in Articles 12 to 15 of the Act.
§ 6 SECURITY
- The Applications operate on appropriately secured servers that are resistant to attacks thanks to the fact that operational activities in the Applications are carried out in compliance with the strict security guidelines prescribed in the operational quality assurance process.
- The Applications employ the Antimalware technology to protect against malware and spyware, and the DDoS attack detection and mitigation techniques. The DDoS defence technology provides for protection against massive network attacks by means of techniques such as SYN cookies, connection limits, query rate limits. The DDoS defence technology also provides for protection against attacks from other applications by means of firewall substitutes, such as Web Application Firewalls (WAFs), which provide for protection against, among other things, a wide range of DoS attacks. The available protections include also virtual detection and prevention solutions, namely Barracuda Network. Special web server 'overlays' are also used, as well as network ACLs to protect against attacks from specific sources.
- The application uses the Secure Socket Layer (SSL) cryptographic protocol that provides for the confidentiality and integrity of data transmission, protecting in particular against password cracking techniques (cracking, phishing). Password masking is used when entering the password. The Application running on Android 4+ additionally uses security tokens.
§ 7 INTELLECTUAL PROPERTY
- Upon the conclusion of the Agreement, the Service Provider grants the Client a non-exclusive licence to use the Application from any place in the world for the period specified in the respective Agreement, only to enable the use of the Application in accordance with its intended purpose and only in the fields of exploitation necessary for this purpose.
- Any activities other than those stated in paragraph 2 above, in particular any permanent or temporary reproduction of the computer program in whole or in part by any means and in any form, as well as the introduction, display, use, transmission and storage of the computer program that requires multiplication, rearrangement or any other changes to the computer program, while retaining the rights of the person who made those changes, are subject to the consent of the Service Provider, even if they are necessary for the use of the Application in accordance with its intended purpose, including for the correction of errors by the person who legally came into possession of the Application.
- A violation of the licence by any User linked with the Client provides the grounds for immediate termination of the Agreement (without observing the notice period), as well as the immediate blocking of the Client’s access to the Account and the deletion or anonymisation of any data collected as part of the Agreement performance.
§ 8 COMPLAINT PROCEDURE
- If the Service Provider provides the Services incorrectly or in violation of the Agreement, the Client has the right to file a complaint.
- Complaints may be submitted to the Service Provider by means of a message sent via the Application or via e-mail to email@example.com.
- The complaint should include:
- The complaint procedure commences upon the Service Provider’s receiving the complaint. The Service Provider will exercise due diligence to consider the complaint within 14 days from the date of its submission, whereby this period may be affected in particular by an incomplete description according to paragraph 3.
- The Service Provider will inform the Client of the manner in which the complaint has been considered by means of a message from the Application, an e-mail message, or a written statement.
- The Service Provider will not be liable towards the Clients unless the Client suffers damage as a result of the sole fault of the Service Provider. Furthermore, the Service Provider's liability towards the Client is limited to the amount of the actual damage suffered and does not include any profits lost by the Client.
- The Service Provider will not be liable to the Client in the event of Force Majeure.
§ 9 PERSONAL DATA AND TRANSFERRING DATA FOR PROCESSING
- Certain functionalities of the Application enable the processing of biometric data that, pursuant to Article 9.1 of the GDPR, are subject to specific regulatory conditions. Before activating or using such functionalities, the Service Provider is obliged to analyse the legality of the collection and processing of the Users' biometric data, in particular whether the User's consent is necessary or not for their processing. The Service Provider provides a template consent for the processing of biometric data, but its content is not binding upon either party and should also be subject to legal analysis by the Client. Under no circumstances does the Service Provider guarantee the correctness of the provided consent.
- The Client represents that being the personal data controller within the meaning of Regulation of the European Parliament and of the Council of 27 April 2018 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) with respect to the processed personal data, it is authorised to transfer them to the Service Provider for processing.
- By means of the Application, the Service Provider processes the personal data transferred by the Client in connection with the provision of services by electronic means. The Client undertakes that throughout the entire term in which it uses such personal data it will keep the rights to them or guarantee the legal basis for their processing. The Client declares that the basis for his/her processing of the Users' personal data is Article 6.1.(b) of the GDPR, i.e. the performance of an agreement with a relevant User, and Article 6.1.(c) of the GDPR, i.e. the fulfilment of his/her obligations resulting from the law, in particular the provisions of the labour law.
- The Service Provider guarantees that (taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of infringement of rights or freedoms of natural persons of varying likelihood and severity) it has implemented appropriate technical and organisational measures to ensure the level of security of the personal data processing appropriate to a relevant risk. The Service Provider further guarantees compliance with Article 28 clauses 2 and 4 of the GDPR.
- Personal data in the scope of image and geolocation are only transferred for processing if the Client or an authorised User decides to process such data as part of the Application functionalities.
- The Service Provider will process personal data of the Client only upon the Client’s documented instruction. If a data subject directly requests the Service Provider to change or erase his/her personal data, then the Service Provider shall immediately refer such request to the Client.
- The Service Provider ensures that only persons who have been granted the updated authorisations as specified in the provisions of the GDPR by the Service Provider and who have been trained in the scope of methods for securing the processing of data according to the new standards may have access to the data the Service Provider processes on behalf of the Client. The Service Provider also ensures that the persons authorised to process personal data have undertaken to keep secret the personal data as well as the methods of securing them, or be subject to the relevant statutory confidentiality obligation, and that such persons have undertaken to abide by the provisions of the GDPR and other domestic regulations issued on the basis thereof.
- The Service Provider will immediately provide the Client with any information necessary to prove the fulfilment of the obligations prescribed by the generally applicable legal provisions in the scope of personal data protection, and the Service Provider will enable the Client, as the data controller, or a professional auditor authorised by the Client in the scope of audits to carry out audits, including inspections, and shall contribute thereto.
- Taking into account the nature of processing, the Service Provider will provide data controllers with assistance by appropriate technical and organisational measures, insofar as this is possible, for the purpose of fulfilling the obligation to respond to requests for exercising the data subject's rights laid down in the GDPR. The Service Provider will also assist the controllers in fulfilling the obligations prescribed in Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to the Service Provider.
- The Service Provider undertakes to notify the Client on any breaches connected with the processing of data. In particular, the Service Provider undertakes, immediately but no later than within 36 h from being advised thereon, to inform the Client of any events that may give rise to the Client’s liability as the data controller, on the basis of the generally applicable provisions related to personal data protection.
- The personal data transferred for processing will not be transferred to third countries (outside the EEA) without the prior consent of the Client.
- The Service Provider may transfer the personal data transferred by the Client for processing to other entities for the purpose of implementing the functionalities of the Application and within the frames of internal Client service processes, i.e. to a development company and to a hosting provider (general consent).
- The Service Provider will notify the Client of any planned changes involving engagement or replacement of other processors, at least 7 (seven) business days before such other processor commences processing, thereby enabling the Client to object to the use of another processor by the Service Provider. In the absence of such objection, the Client is deemed to have given its consent to such change.
- The Service Provider declares that it will transfer personal data for processing only to entities which guarantee compliance with the GDPR provisions and protection of the transferred data.
- The Service Provider will process the transferred data only for the period for which the Client maintains the account in the Application. At the choice of the Client, the Service Provider will delete or return all the personal data to the Client after the end of the provision of services relating to processing for the account of the Client, and will delete any existing copies thereof unless the law of the European Union or a relevant Member State requires the Service Provider to store the personal data.
- The Client declares that he/she is aware that in some cases, after the User gives his/her separate consent thereto, the Service Provider becomes the controller of the User's personal data in the scope of the consent given by the relevant User.
§ 10 FINAL PROVISIONS
- The Service Provider ensures that the terms for the processing of the personal data transferred to it by the Client will not be amended in the scope in which such amendment would affect the level of protection of such data.