§ 1. General provisions
- Controller of the personal data is Notinote sp. z o. o. with its headquarters in Poznań, Poland (61-728) at ul. 3 Maja 49c/6, entered into the Register of Entrepreneurs of the National Court Register on the basis of an entry made by the District Court for Poznań – Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register, KRS number: 0000606146, Tax Identification Number (NIP): 7811924500, National Business Registry Number (REGON): 36389113000000 (hereinafter referred to as: “Controller”). The User may contact the Administrator by post to the registered office address or by e-mail to the address: email@example.com.
- In case of matters regarding personal data protection, the User may contact the Administrator via the appointed Personal Data Protection Inspector, i.e. Zuzanna Kachlicka, by e-mail sent to the following address: firstname.lastname@example.org.
- The Controller processes personal data of Users in compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”).
§ 2. Scope of the collected personal data
- During registration and use of NOTIONE, the Administrator may request the User to provide personal data in order to perform the services provided by the Administrator via NOTIONE.
- The User acknowledges that sharing personal data by him is voluntary, however, the lack of consent to processing of personal data by NOTINOTE may result in the inability of NOTINOTE to provide the User with electronic services via NOTIONE.
- To perform the agreement and use individual Services, it is necessary for the User to provide the following personal data:
- Basic Services – free NOTIONE functionality referred to in the Terms of Service: email address, password
- Premium services – additionally payable: e-mail address, password, bank account number;
- Purchase of NOTIONE Device: name and surname, address of residence/delivery, e-mail address, phone number
- Location service, providing information about the User's location and the location of his/her NOTIONE Device/Devices and NOTIONE Device/Devices of other Users: geolocation data, identifier of the User's NOTIONE Device/Devices
- Newsletter: e-mail address,
- Contact form: e-mail address
§ 3. Purposes and legal basis for personal data processing
- The User's personal data will be processed only for the following purposes:
- related to the conclusion and performance of the agreement(s) and the provision of Services, including contacting the User in connection with their implementation;
- processing complaints, claims and requests and answering them;
- providing payment services;
- possible determination, investigation, enforcement of claims or defence against claims being the implementation of the Administrator's legitimate interest in this – debt collection, conducting court and enforcement proceedings;
- preventing abuse and fraud – ensuring security in the scope of the Services provided;
- direct marketing of our services – for a legitimate purpose, i.e. promotion of the Administrator's activities, and in the event of the User granting appropriate consent – also to send commercial information by means of electronic communication, telecommunications terminal equipment and automatic calling systems for the marketing of the Administrator's products and services (in accordance with the Telecommunications Law and the Act on the provision of electronic services);
- newsletter if the User gives appropriate consent;
- handling of requests addressed using the contact form, other requests - answering notifications and inquiries addressed to the Administrator, including storing sensitive requests and responses to maintain the principle of accountability;
- statistical and analytical research, i.e. better selection of services to meet the needs of the User, optimization of service processes, ensuring IT security of the Application, detection of unauthorized use of services, financial analysis of the Administrator, being the implementation of the Administrator's legitimate interest – possession of the above mentioned information to improve the business;
- storing data for archiving purposes and ensuring accountability – implementation of the Administrator's legitimate interest in securing information in the event of a legal need to prove facts.
In addition, if the User agrees, the Administrator processes his/her data in order to save data in cookies, which are used to collect only anonymous statistical data about Users.
§ 4. Sharing personal data
- Personal data entrusted to the Administrator are made available to entities providing us with postal, courier, consulting services, legal, tax and accounting assistance, advertising and marketing agencies, banks and other financial institutions, entities conducting payment, IT and cloud services. The data may also be transferred to state authorities or other entities authorized pursuant to the provisions of law.
§ 5. Cookies
- NOTINOTE is entitled to collect data as part of the NOTIONE Application and Website through technologies such as cookies, tracking pixels and objects shared locally (e.g. in a browser or on a Device). Cookies are small text files that store data locally on a computer, mobile phone or other User's Device. Pixels are small images that are part of a website's code that among others enable another server website view measurement, and are often used together with cookies. The page code tracks if and when (and on which page) the pixel has been loaded, providing information that the User has viewed part or all of the page.
- Via cookies, the website server has the ability to save information, e.g. on the preferences and settings of the computer, mobile phone or other device of the User, which are displayed during the next visit. In other words, cookies are used, among others, to ensure a friendly use of NOTIONE so that it is possible e.g. to use NOTIONE without logging in again. NOTINOTE collects both "permanent" and "session" cookies. "Permanent" cookies are stored on the User's Device for a long time, while "session" cookies are automatically deleted after closing the browser window.
- The User may at any time stop providing this information by deleting cookies saved on their end devices by the Website and/or Application. To do this, he/she should change the settings of the currently used web browser.
§ 6. Data retention
- The User's personal data will be stored for the period:
- of the validity of the Agreement concluded with the Administrator, and after its termination, in connection with the Administrator's legal obligation arising from generally applicable law (e.g. tax);
- necessary for pursuing claims by the Administrator in connection with conducted operations or for defence against claims directed against the Service Provider, based on generally applicable law, including limitation periods for claims set out in generally applicable law;
- in the case of processing for marketing purposes - in the case of data processing on the basis of a legitimate purpose - for the duration of the validity of the Agreement or until an objection to such processing is filed, depending on which of these events occurs earlier; while in the case of data processing based on consent – until it is withdrawn;
- in the case of consent to the processing of data for a given purpose (e.g. newsletter) – until the consent is withdrawn,
- for the purpose of accountability, i.e. proving compliance with the provisions on the processing of personal data, they shall be stored for the period in which the Administrator is obliged to keep data or documents containing them to document compliance with legal requirements and enable control of their compliance by public authorities.
- The Administrator guarantees the provision of appropriate technical and organizational measures to ensure the security of processed personal data, in particular preventing access to them by unauthorized third parties, or their processing in violation of the provisions of generally applicable law, preventing the loss of personal data, their damage or destruction.
§ 7. Rights and obligations of the User
- The User who provided the Administrator with his/her personal data has the right to:
- have access to their data and receive a copy thereof;
- rectify (correct) their data;
- delete their data (the so-called “right to be forgotten”),
- limit the processing of their personal data;
- transfer their data to another administrator;
- object to data processing, including profiling, and for the purposes of direct marketing;
- withdrawal of consent in the event when the Administrator processes User's data based on consent, at any time and in any manner, without affecting the lawfulness of the processing that was carried out on the basis of consent before its withdrawal;
- file a complaint to the President of the Office for Personal Data Protection, if the User finds that the processing of personal data violates the provisions of the GDPR.
- As part of the exercise of the rights referred to in paragraph 1 above, the User may request the Administrator to perform specific actions. The request should be sent via the e-mail to: email@example.com. In order to check whether a person requesting a specific operation on personal data has the right to do so, the Administrator may request additional data enabling verification of the identity of the person submitting the request.
- In the event of permanent deletion by the User of personal data necessary for the Administrator to provide services provided through the Application, the User will lose the ability to use these services.
- Providing data is necessary for the conclusion of agreements and their settlement. In the remaining scope, providing data is voluntary.
§ 8. Automated processing of personal data
- Personal data will not be processed in an automated manner (including in the form of profiling) in such a way that as a result of such automated processing any decisions could be made, other legal effects would be caused or otherwise it would significantly affect Users.
- As part of the activities performed, cookies are used that enable observation and analysis of traffic on the Application and the Website. As part of these activities, however, no personal data are processed within the meaning of the GDPR.