OKOAPP PRIVACY POLICY

Dnia: 2020-05-11

This Privacy Policy applies to OKOAPP system and other related tools and services. If you do not agree to any of the provisions of this document, do not access or use services in any way.

I. DEFINITIONS OF TERMS

    Whenever this OPOAPP Privacy Policy (hereinafter the “Privacy Policy”) refers to:

    Administrator – it should be understood as a person indicated in subsection II, section 2 below;
    Client – it should be understood as a natural person conducting a business activity, legal person or organizational unit to which civil code grants legal capacity.
    User – a natural person who has registered an account in OKOAPP as a representative of the Company or uses the site on behalf of the Client.
    Employee – a third party performing work for the Company, who is associated with the Company by any type of agreement.
    Service/Website – means the website available at www.okoapp.eu, through which MSSI will provide services
    Services – means a service or services provided by MSSI based on the Agreement to the extent described in the Regulations.

II. GENERAL PROVISIONS

  1. This Privacy Policy defines the type, scope or purpose of processing of personal data of the Service’s Clients.
  2. The administrator of Clients’ personal data is: an entrepreneur running business activity under the name of Mariusz Stefaniak Specjalista Informatyk, located at 12 Krańcowa street, 63-004 Tulce, NIP: 777-184-30-13,

III. COLLECTION, STORAGE AND PROCESSING OF PERSONAL DATA

  1. Personal data is processed by an Administrator on the basis of a consent given by the Client and in other cases where the law authorizes the Administrator to process personal data.
  2. The Administrator collects and processes personal data in the following way:
    1. through the information entered by the Client during account registration in the Service,
    2. through data collected automatically, i.e. collecting “cookies”.
  3. Providing personal data by the Customer is voluntary, but the consequence of not providing data might be partial or total inability to conclude and carry out the contract.
  4. The Client may register in the Service in order to use the Services provided by MSSI.
  5. The condition for registration on the website by the Client is to provide the data of the Client and the User for whom an account is created, including e-mail address, Login and Password securing the Account. A unique combination of numbers, letters and characters must be used in the Password. Failure to provide an email address may prevent registering by the Client, as the Administrator will not be able to contact the Client in order to verify his personal data. The Login and Password are confidential and should be guarded by the Client and the User against use by persons not authorized by the Client.

III. SCOPE, PURPOSES AND DURATION OF PROCESSING PERSONAL DATA

  1. The Administrator may process the following data:
    1. Client’s – name, address, NIP and VAT number, industry, names of ongoing projects.
    2. User’s – name, surname, position held, contact number, IP address, e-mail address, password.
    3. Employee’s – data of the company’s employees: name, surname, position, affiliation to the branch, position, names of projects in which he participates.
    4. All information about employee’s activity at the computer, collected in 1-minute intervals: number of mouse clicks, keyboard keystrokes, mouse movements, IP address from which the transmission takes place; collected in 10-minute intervals: screenshots, the name of the currently used application, the title presented by this application, the URL. NOTE: If OKOAPP application is installed on the Employee’s private computer, OKOAPP will also log private activity, including the Employee’s sensitive data, which may lead to a dispute between the User and/or the company and the Employee. The condition for starting the Application is the User’s statement that the Employee has been informed about the Customer’s use of the System and its purpose, and that he or she has agreed to the monitoring and storing the information displayed on his on her computer system in the form of pritscreens, including correspondence within the scope and based on the rules in these Regulations and to the processing of personal data to the extent described in this Privacy Policy.
    5. Employee’s activity analysis: the distribution of employee’s activity over time, computer work intensity, start and end times of computer work, the amount of time spent on the computer.
    6. OKOAPP system logs including: history of adding and modifying records, including user’s IP address and time.
    7. Server logs including: the IP address of the visitor, the addresses of the pages visited in the OKOAPP system, the address of the page visited prior to accessing OKOAPP, the name and detailed information about the web browser, the content of cookie files of the OKOAPP system.
    8. Information provided by the user in the course of contacts with the OKOAPP team (requests for help, complaints, comments, ideas).
    9. Information about User’s and Employee’s location (based on IP address), information from third parties, such as marketing service providers concerning companies, customers, addresses, etc. This data might be combined with our data. To obtain additional information about (for example) the effectiveness of marketing campaigns.
  2. The purpose, the scope and the recipients of data processed by the Administrator result from actions taken by the Client in the Service.
  3. The Administrator may process the personal data of Customers, Users for the purpose:
    1. conclusion and performance of the contract – for the duration of the contact until the expiry of the time limits for the vindication of claims (pursuant to Article 6(1)(b) GDPR);
    2. examining complaints – for one year after the expiry of the warranty or settlement of the complaint (pursuant to Article 6(1)(c) GDPR)
    3. Determination, investigation or defense against the claims – pending the final conclusion of the proceedings, including enforcement proceedings (pursuant to Article 6(1)(f) GDPR);
    4. archiving documents for the purposes of proof until the expiry of the limitation period for liabilities, including tax liabilities (pursuant to Article 6(1)(c) GDPR);
    5. carrying out marketing activities for its own products and services without the use of electronic means of communication, where the legitimate aim is to carry out marketing activities promoting its activities, until such time as an objection is raised (pursuant to Article 6(1)(f) GDPR)
    6. if the Client has consented to this, then also for the purpose of marketing its own products and services using the electronic means of communication, until such time as its consent to such activities is withdrawn or objections are raised, depending on which of the events occurs first (pursuant to Article 6(1)(f) of the GDPR and the regulations of other laws requiring consent to such activities)
    7. analytical and statistical, i.e. for the purpose of examining and analyzing data on the website about the statistics of our activities, which allows us to improve our business, as well as for the purpose of administering the website, until we have an additional legal basis for proceedings, if we lose the basis, the data will be anonymized (pursuant to Article 6(1)(f) GDPR)
  4. The Administrator uses the data provided by the Customer for the purpose of contact (in the contact form) solely to contact the Customer.
  5. MSSI further stipulates that:
    1. Information on Employee’s activity is NOT USED BY MSSI in any way. MSSI processes them ONLY to the extent necessary for the performance of the Agreement, i.e. to provide them for the User and the Client, and (. The information on Employee’s activity is not used for MSSI’s own purposes.
    2. may use other information at a general level such as: industries, locations, system logs, payment data, usage trends, user feedback for debugging, error prevention, improvement of OKOAPP, system development, development of our business.
    3. may use user’s, company’s or employee’s data at a detailed level to respond to user’s requests, comments, questions and other inquiries.

IV. AUTOMATED DECISION MAKING AND PROFILING

  1. Personal data is not processed in an automated way, in particular it’s not subject to profiling.
  2. The Administrator uses cookies as a part of his activities, which allow him to observe and analyze the traffic on the Website, as well as to undertake remarketing activities.

V. COOKIES POLICY

  1. The Administrator collects information contained in the cookie files. Cookie files (also known as cookies) are small text files, sent by the server and saved on the device of a person visiting the Website (e.g. on the hard drive of a computer, laptop, smartphone’s memory card, etc.) and which the browser sends back the next time you visit the Website. Detailed information about the cookies, as well as their history can be found here: http://eng.wikipedia.org
  2. The Administrator may process the data contained in the cookies the User visits the
  3. Website in order to:
    1. Adjust the content of the Service to the Client’s preferences, including adjusting the color, font size, layout, as well as optimizing the use of the website.
    2. Learn the data from completed forms, logging in, surveys;
    3. Adapt the advertising content displayed on the website;
    4. Create anonymous statistics on the use of the Website and customer flow statistics between different websites.
  4. The setting for cookies can be changed at any time by the Clients, especially to prevent automatic storing or accessing cookies. Detailed information about particular browsers can be found below:
    1. Firefox - https://support.mozilla.org
    2. Chrome - https://support.google.com
    3. Internet Explorer - https://support.microsoft.com
    4. Opera - https://www.opera.com
    5. Safari - https://support.apple.com/
  5. The Administrator warns you however, that blocking or deleting cookies may cause difficulties in using the Service and in justified cases prevent from using some of its options.
  6. The terms and conditions for storing or accessing cookies by means of settings in terminal devices, used by the Client of order to browse the Service and the software installed in these devices can be found in the user’s manual usually provided by the manufacturer or in the instruction on the website. However, in most cases you should choose the “Tools” or “Settings” option and there you will find the section responsible for cookie settings or for managing privacy while browsing the internet.
  7. The Administrator may collect IP addresses of Clients visiting the Website, which may be helpful in diagnosing technical problems with the server, creating statistical analyses (e.g. determining from which regions the Service has the most visits). Moreover, they may be useful for administration and improvement of the Service.

VI. DATA STORAGE

  1. The Administrator stores data at all times, from the registration until the account deletion.
  2. If the Client’s or User’s data is not confirmed after the registration by clicking on the link in the sent message, the user account and all information related to it will be irretrievably deleted after three days of ineffective waiting for confirmation.
  3. If the Client or User activates the account and then during the test period decides to delete the account, the Administrator will remove all User’s data, except for the e-mail address and registration logos and delete the account.
  4. If the customer requests the deletion of the account after the test period, the data will be removed to the extent permitted by the local law. If it is not possible to remove the data due to technical reasons, the data will be anonymized to the extent permitted by the law.
  5. The Administrator stores Client’s data from the moment of registration until the deletion of the account, as long as no money transactions have been generated in the account.
  6. The Administrator stores the Employee’s data throughout the entire period of the account’s existence, from the moment of adding the Employee to the system until the moment of the account deletion, including:
    1. The data including the name, surname, position, department is stored until the account is deleted,
    2. Monitoring data such as the number of clicks, keystrokes, application names, titles are stored until the account is deleted.
    3. Downloaded screenshots are stored for three months and then automatically deleted.

VII. THE RECIPENTS OF DATA

  1. The Administrator may, within the limits stipulated by law, entrust the processing of personal data to another entity which provides sufficient guarantees – in particular in terms of expertise, reliability and resources – to implement technical and organizational measures which meet legal requirements, including the security of processing.
  2. The Administrator may employ specialized service providers to assist in the development of data analysis systems, data security, data archiving. For this purpose, the Administrator may provide these companies with general information about the collected data, however, WITHOUT ANY SPECIFIC INFORMATION such as name, surname, company names or employees’ monitoring data.
  3. The Administrator uses Amazon AWS services to store the collected data. Data security policy within the service is available at https://aws.amazon.com/legal/
  4. The administrator may transmit data especially to the following recipients:
    1. Entities that enable us to perform remote payment operations:
      PayLane Sp. z o.o. located in Gdańsk at Norwida 4, zip code: 80-280, KRS: 0000227278, on the terms that it will beneficial on in service connected to order payments;
    2. Banks, in case of necessity to carry out payoffs;
    3. Third party service providers, tools to perform the contract (including the owners of the servers on which we store the data for the duration of the Services, i.e. Amazon AWS).
    4. State authorities or other entities entitled on the basis of law;
    5. Entities that support the Administrator in the conducted activity on our behalf, in particular suppliers of external systems supporting our business.
  5. The Administrator may use aggregated or anonymized data for any purpose, such as presentation in brochures, business talks, presentations on the website.
  6. The Administrator uses computing centers located in the USA, Europe and Asia. As a consequence, data may be transferred outside the European Economic Area. By sharing our data outside the European Economic Area, the Administrator ensures adequate level of data protection and privacy laws.

VIII. CLIENT, USER AND EMPLOYEE’S RIGHTS

  1. The Client and the User shall determine their own rules of disclosure of the collected / analyzed data. In accordance with the Regulations, the User is responsible for the legality of acquiring, analyzing and transferring the collected data.
  2. The Client, the User and the Employee have the right to access their personal data, to complete it, update it, correct it, limit the processing, demand to cease the processing or delete them in whole or in part if they are incomplete, outdated, untrue or may have been collected in violation of the law or are no longer necessary for the purpose for which they were collected provided by the law. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by submitting an additional declaration.
  3. The Client, User and Employee have the right to object to the processing of personal data.
  4. The Client, User and Employee may withdraw their consent to the processing of personal data at any time without affecting the lawfulness of the processing that was made on the basis of the consent before its withdrawal.
  5. In order to exercise the rights indicated in this Privacy Policy the Client should contact the Administrator. The Administrator shall, without any delay, no later within one month from the date of receiving the information from the Client, respond to the requests of Clients, Users and Employees, and if he does not intend to comply with such a request, provide the reasons.
  6. Within the scope of technical capabilities of the Service, the Client and the User may independently make changes in personal data after logging into the Service using the Password and Login.
  7. If the Administrator plans to further process personal data for a purpose other than for which the personal data was collected, the Administrator shall, before further processing, inform the data subject about this other purpose and provide them with any other relevant information required by the law.
  8. The Client has the right to file a complaint to the President of the Office for the Protection of Personal Data in accordance with the applicable law, if the Administrator does not comply with the applicable provisions of law on personal data protection.

IX. FINAL PROVISIONS

  1. The Administrator uses the technical and organizational measures necessary to protect the data required by law, in particular to protect the Clients’ personal data against sharing it with unauthorized entities, loss or damage.
  2. The Administrator takes data security seriously. He makes every effort to ensure that the data entrusted to him is safe. However, taking into account the nature of communication technology and information processing, the Administrator cannot guarantee that the information during the process of transmission over the Internet or white stored in our systems or in other way will be completely safe under his care, however, he shows the utmost care in order to secure it.
  3. The Client may direct any additional questions related to the Privacy Policy to the address:
  4. The Administrator is entitled to unilaterally change the Privacy Policy, in particular in the event of occurrence:
    1. Changes in legal regulations applicable to the provision of services by MSSI;
    2. Changes in the Website’s offer regarding the provision of services, with the proviso that the changes to the Privacy Policy are aimed at adjusting the contents of the Privacy Policy to the offer and its conditions.
  5. The Administrator will notify the Client of a significant change to the Privacy Policy in the form of message sent to the e-mail address provided by the Client to the Seller, indicated in the registration data entered by the Client at least 14 days before the changes are made.
  6. If the Clients do not agree with the provisions of the new Privacy Policy, they should delete their account.
  7. The rules set out in the Privacy Policy are subject to Polish law and accordingly, European Union law.

Should you have any question, don't hesitate contacting us at: