The personal data controller within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) is:
SMART SOFTWARE LAB Sp. z o.o.
Address: Książnice Wielkie 9a, 32-130 Koszyce, Poland
tel. +48 517 617 218
The controller takes all measures required by applicable data protection laws to ensure the protection of your personal data.
The scope of Personal Data protection
Processing of personal data means activities such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
Personal data is all information relating to an identified or identifiable natural person.
The personal data controller declares that it protects the personal data of its customers as well as visitors to this website.
Personal Data Processed
When you contact us, e.g. as a person interested in our offer or a customer, we collect your personal data. This may happen, for example, in the case of interest in our products, registration to use our online services or contact with us through our communication channels, or when using our products or services as part of existing business relations.
We process the following types of personal data:
- personal data that permit identification, e.g. a name and surname, address details, an email address or telephone number;
- data contained in orders, e.g. a customer number, order number or data on the invoice;
- data on enterprises, companies and partnerships, e.g. enterprise name or type of activity;
- electronic data, e.g. IP addresses, usernames or data about your visits to our website or application;
and other information that may belong to the above categories of data.
Data under special protection
As the Controller, we do not collect sensitive personal data concerning health, religion or sexual orientation, or other data that may be considered as particularly sensitive data.
Personal data of minors
Personal data of children and minors are collected only if they set up a customer account with us, use our communication channels or use the application.
What are cookies?
Cookies are files that are placed on your computer by our website when you visit it. These files store information that makes the use of this website more effective.
Anonymous use of our website is not possible.
Providing login details (IP addresses, timestamps, the username, password, open pages) is necessary for proper use of the website. If a user account is registered, access to personal data is possible by logging into the personalised account.
The purpose of Personal Data Processing
The need to perform the contract and service
We process your data to process your order. This also applies to information that you provide to us as part of pre-contractual correspondence. The specific purposes of data processing depend on a given product and the service ordered.
Pursuit of contractual relations
In order to perform the contract, we need your name and surname, address, telephone number or email address so that we can contact you. Detailed information on the purposes of data processing may be found in the terms and conditions available on our website.
Taking steps to protect personal data
We analyse your data to protect you or your business against fraud. This may happen, for example, if you have become a victim of identity theft or when unauthorised persons have gained access to your user account. Our IT support team works closely with you in case technical problems arise so as to improve the reliability of our website and the provision of services. In this context, we evaluate logs of access to the website, logs of the activities performed, etc. We do this to be able to guarantee IT security and to record and prove facts in case any legal disputes arise.
Withdrawal of consent to the processing of personal data
If you have consented to the processing of your personal data for one or several specific purposes, we are entitled to process your data. This consent may be withdrawn at any time in the future without incurring other costs than the costs of data transmission in accordance with standard tariffs (internet connection costs).
Further transfer of personal data
Access to your data will only be granted to those entities that need your personal data for the purposes of the fulfilment of our contractual or legal obligations or for the purposes of the protection of our legitimate interests. Transfer of data will be necessary for the processing of the payment for an order placed by you.
We respect your personal data and transfer information about you only if it is required by law, if you have granted your consent, or if it is necessary for the fulfilment of our contractual obligations.
For example, a legal obligation to transfer personal data exists with regard to the following recipients:
- public or supervisory authorities, e.g. tax authorities or customs authorities;
- judicial and law-enforcement authorities, e.g. the police, courts or the public prosecutor's office;
- lawyers, e.g. in legal disputes;
- chartered accountants/auditors.
In order to fulfil our contractual obligations, we cooperate with other businesses. These include:
- transport service providers,
- banks, financial service providers and intermediaries in handling any financial matters.
To streamline our operations, we use services of external service providers, who may receive personal data for the purposes described, including IT and telecommunications service providers, debt collection agencies, consulting firms or trading companies.
Important: We pay special attention to your personal data!
To ensure that service providers comply with the same data protection standards that are applicable in our company, we have concluded relevant contracts for the processing of orders. These contracts stipulate, among others:
- that third parties have access solely to the data that are necessary for them to perform the tasks they have been entrusted with;
- that service providers disclose your data only to those employees who have expressly undertaken to comply with personal data protection laws;
- that service providers take technical and organisational measures to guarantee data security and protection;
What happens to the data when business relations between the service provider and us are terminated?
In the case of service providers based outside the European Economic Area (EEA), we take special security measures (e.g. through the use of special contractual clauses) to ensure that the data are treated with the same caution as in the EEA. We regularly check all our service providers for compliance with our specifications.
Very important: Under no circumstances do we sell your personal data to third parties!
Anonymisation. If any branches or subsidiaries of service providers are located outside the EEA, we take appropriate measures to ensure that the personal data processed there are protected in the same way as in the EEA.
Are you obliged to provide us with personal data?
As part of business relations, we require the following categories of personal data from you:
- all data necessary for establishing and pursuing business relations, setting up an account and placing an order;
- data necessary to fulfil contractual obligations;
- data we are legally obliged to collect.
We are unable to conclude or perform a contract without these data.
The period of personal data processing
In accordance with the applicable personal data protection laws, we do not store your personal data for a period longer than is necessary in relation to the purpose of the processing. If these data are no longer needed to fulfil contractual or legal obligations, we delete them regularly, unless temporary storage thereof is still necessary. The reasons for further processing of data may arise from the provisions of civil, commercial or tax law.
You have relevant rights with regard to the processing of your personal data. More detailed information can be found in the relevant provisions of the General Data Protection Regulation (Articles 15-21).
Right to information and rectification of personal data
You have the right to obtain from us information on which of your personal data are processed by us. If this information is not (any longer) accurate, you may request us to correct the data or, if they are incomplete, request us to complete them. If we transfer your data to third parties, we will inform the relevant third parties of the ensuing legal circumstances.
Right to request erasure of personal data
You may request immediate erasure of your personal data in the following circumstances:
- when personal data are no longer needed in relation to the purposes for which they were collected;
- if you have withdrawn your consent and there is no other legal ground for data processing;
- if you object to data processing and there are no overriding, legitimate reasons for data processing;
- if your data are processed unlawfully;
- if your personal data have to be erased for compliance with legal requirements.
Please note that before deleting personal data, we must check if there is no legitimate reason for the processing of these personal data.
Right to restriction of personal data processing
You may request us to restrict the processing of your personal data for one of the following reasons:
- if you question the accuracy of the data – until we are able to verify the accuracy of these data;
- if the data are processed unlawfully but they are not erased, you need to request the restriction of their use instead;
- if we no longer need personal data for the purposes of the processing, but they are still required for the establishment and exercise of legal claims;
- if you have objected to the processing of personal data and it is not yet clear whether your legitimate interests override ours.
Right to object
If the processing of data is carried out in the public interest or based on a balance of interests, you have the right to object to the processing of data for reasons arising from your particular circumstances. In the event of an objection, we will not further process your personal data, unless we are able to prove compelling reasons for the processing of your data that override your interests, rights and freedoms or that your personal data is used for the establishment, exercise or defence of legal claims.
An objection may be made without the need to observe any specific form and must be addressed to:
SMART SOFTWARE LAB Sp. z o.o.
Address: Książnice Wielkie 9a, 32-130 Koszyce, Poland
tel. +48 517 617 218
Right to personal data portability
Upon request, you have the right to receive the personal data that you have provided to us for processing in a portable and machine readable format.
Right to lodge a complaint with a supervisory authority
We strive to process your requests and claims as soon as possible in order to properly protect your rights. However, depending on the frequency of inquiries, it may take up to 30 days before we are able to provide you with further information regarding your inquiry. If it takes longer, we will promptly notify you of the reasons for the delay and discuss further steps with you.
In certain cases, we are unable to provide you with any information. If legally permissible, we will notify you of the reasons for the refusal to disclose the information.
However, if you are not satisfied with our response or if you believe that we are violating the applicable data protection law, you may submit a request to the supervisory authority. The supervisory authority competent for us is:
The Personal Data Protection Office (Urząd Ochrony Danych Osobowych)
Address: ul. Stawki 2
00-193 Warsaw, Poland
fax: 22 531-03-01