Wersja polska

Privacy Policy of CEMonitorApp

This document defines the terms of personal data processing (hereinafter also referred to as "data") and cookies in the area of the website https://ce-monitor-app-lnx.azurewebsites.net/, conducted through the website, made available at the URL: https://ce-monitor-app-lnx.azurewebsites.net/, hereinafter referred to as "Service".

Privacy Policy of CEMonitorApp

1. Data controller.
2. Basis for processing personal data.
3. Information about processing data for the purpose of concluding and implementing contracts, possible pursuit of claims, and defense against them.
4. Information about processing data for the purpose of sending newsletters.
5. Information about processing data for the purpose of direct marketing.
6. Information about processing data for the purpose of ensuring security.
7. Absolute rights of the persons whose data is processed.
8. Relative rights of the persons whose data is processed.
9. Cookies - introduction.
10. Provider's cookies.
11. Third-party cookies.
12. Consent to use cookies and manage them.
13. Cache memory.
14. Links to other websites or software.
15. Changes to the privacy policy and cookies.
16. Terms of entrusting personal data.

§1. Data Controller

The owner of the Service and the Service Provider is Adrian Brania Chip Electronics FHU, Zabierzów Bocheński 315A, 32-007 Zabierzów Bocheński NIP 678 305 74 32. You can contact the Service Provider by phone: 531 569 991 and using the e-mail address: [email protected]. The Service Provider is the data controller of the Users' personal data, who use the Services of the Service, e.g., in relation to the data of Users who:

have created a User Account, The Service Provider is the entity processing the personal data of the Users on behalf of the users, in the case when they are processed for their purposes, i.e., in particular in connection with receiving a message from another User or in connection with concluding a target agreement between Users. The administrators of these data are Resellers. The conditions for entrusting these personal data to the Service Provider are established in the second part of the privacy policy and cookies.

PART I - FOR ALL USERS OF THE SERVICE

§2. Basis for Processing Personal Data

When collecting personal data, we always inform about the legal basis for their processing. It results from the provisions of the GDPR (Regulation of the European Parliament and the Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data in the case of the free movement of such data and repealing Directive 95/46/EC - the general data protection regulation). When we inform about:

Art. 6 par. 1 lit. a) GDPR – means that we process personal data based on the received consent, Art. 6 par. 1 lit. b) GDPR – means that we process personal data, because they are necessary to perform the contract or to take actions before its conclusion, upon request, Art. 6 par. 1 lit. c) GDPR – means that we process personal data in order to fulfill a legal obligation, Art. 6 par. 1 lit. f) GDPR – means that we process personal data in order to perform legally justified interests.

§3. Information about Processing Data for the Purpose of Concluding and Implementing Contracts, Possible Pursuit of Claims and Defense Against Them

We may process personal data necessary for the implementation of the contract concluded with you. However, even before its conclusion, we may process personal data necessary to take actions at your request. The processing of this data takes place based on Art. 6 par. 1 lit. b) GDPR. In the case of implementing a contract for the provision of paid services, we may process your data for the purpose of fulfilling accounting and tax obligations. The processing of this data takes place based on Art. 6

par. 1 lit. c) GDPR. During the implementation of the contract and after its completion, we process personal data of its party for the purpose of possibly considering claims, as well as their pursuit. Our legally justified interest is, for example, the possibility of responding to a possible complaint, to which we are obliged under separate civil law provisions. In such a case, we will process personal data based on a legally justified interest, which is the defense against possible claims or their pursuit. The processing of this data takes place based on Art. 6 par. 1 lit. f) GDPR. We will store these data for the period necessary to achieve the designated purposes, no later than until the expiration of claims arising from separate legal provisions. You have the right to access your data, rectify them, delete them, limit processing, the right to transfer data, and the right to lodge a complaint with the supervisory authority. In the situation of data processing for the purpose specified in point 3, you also have the right to object to their processing. Providing this data is voluntary, but failure to provide them will prevent the conclusion or implementation of the contract.

§4. Information about Processing Data for the Purpose of Sending Newsletters

We enable signing up for our newsletter. If you have used this functionality, we process your personal data for the purpose of sending it. The newsletter may contain advertising, commercial, or marketing content. The processing of this data is based on your consent and thus Art. 6 par. 1 lit. a) GDPR. You have the right to withdraw the consent given at any time. However, withdrawal of consent does not affect the legality of the previous processing of data. We will store your data until the withdrawal of the given consent. If you never withdraw it, we will process your data until we stop sending the newsletter. You have the right to access your data, rectify them, delete them, limit processing, the right to transfer data, and the right to lodge a complaint with the supervisory authority. Providing this data is voluntary, but failure to provide them will prevent the sending of the newsletter.

§5. Information about Processing Data for the Purpose of Direct Marketing

We may process your personal data for direct marketing purposes. This happens, for example, when we respond to your message, presenting details of our offer. The processing of this data takes place based on Art. 6 par. 1 lit. f) GDPR. We will store your data for the time necessary to achieve the purpose. You have the right to access your data, rectify them, delete them, limit processing, the right to transfer data, the right to object to data processing, and the right to lodge a complaint with the supervisory authority. Providing this data is voluntary, and failure to provide them will prevent the implementation of direct marketing activities.

§6. Information about Processing Data for the Purpose of Ensuring Security

From the moment you launch our website, to ensure the security of services, we process such data as: the public IP address of the device from which the request came, type and language of the browser, date and time of the request, the number of bytes sent by the server, the URL of the previously visited page, in case the visit occurred using this link, information about errors that occurred during the execution of the request. Our legally justified interest in this processing is keeping server event logs and securing the Service against potential hacker attacks and other abuses. In this, the possibility of determining the IP address of the person performing an unauthorized activity in the area of the Service, such as an attempt to break security, publishing prohibited content, or attempts to perform unauthorized actions using our servers. The processing of this data takes place based on Art. 6 par. 1 lit. f) GDPR. We will store these data for the period necessary to achieve the designated purposes, no later than until the expiration of claims arising from separate legal provisions. You have the right to access your data, rectify them, delete them, limit processing, object to their processing, and the right to lodge a complaint with the supervisory authority. Providing this data is a condition for using the Service. Failure to provide them will prevent the use of the Service.

§7. Absolute Rights of the Persons Whose Data is Processed

When we write about rights related to the processing of your personal data, we refer to the rights described below. The possibility of using the following rights is independent of the legal basis for processing personal data.

Right of access to data You have the right to obtain from us confirmation whether we process your personal data. If so, you have the right to access these data and receive additional information about:

the purposes of processing, categories of relevant data, recipients or categories of recipients to whom the data has been or will be disclosed, in particular recipients in third countries or international organizations, where possible, the planned period of data storage, and if this is not possible, the criteria for determining this period, the right to request from us the rectification, deletion, or limitation of data processing, to object to such processing, and the right to lodge a complaint with the supervisory authority, the source of the data if your data was not collected from you, automated decision-making, including profiling, and the rules for making them, as well as the significance and expected consequences of such processing for you. Upon receiving such a request, we are obliged to provide a copy of the personal data being processed. If such a request is submitted electronically and unless we receive any other reservation, we will also provide the information electronically.

Right to rectification of data You have the right to request from us the immediate rectification of your personal data that is incorrect. Taking into account the purposes of processing, you have the right to request the completion of incomplete personal data, including by submitting an additional statement.

Right to erasure of data (to be forgotten) You have the right to request from us the immediate deletion of your personal data. We then have the obligation to delete personal data without undue delay if one of the following circumstances occurs:

you have withdrawn your consent to the processing of your personal data and we have no other basis for processing them, you have effectively objected to the processing of your data, your personal data was processed unlawfully, your personal data must be deleted in order to fulfill a legal obligation, your data was collected in connection with the offering of information society services. Right to restriction of processing You have the right to request from us to restrict processing in the following cases:

when you question the accuracy of the data - for a period allowing us to verify their accuracy, processing is unlawful, and you oppose the deletion of data, requesting instead the limitation of their use, we no longer need personal data for processing purposes, but they are needed by you to establish, pursue, or defend claims, you have objected to the processing of your data - until it is determined whether the legally justified grounds on our side are overriding your grounds for objection. Automated decisions, including profiling You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects on you or similarly significantly affects you.

The right does not apply if the decision:

is necessary for the conclusion or performance of a contract between you and us, is permitted by Union or Polish law and which provides appropriate measures to protect your rights, freedoms, and legally justified interests, or is based on your explicit consent. Right to

lodge a complaint You have the right to lodge a complaint regarding the processing of your personal data with the supervisory authority: President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, tel. 22 531 03 00, fax. 22 531 03 01, e-mail: [email protected].

§8. Relative Rights of the Persons Whose Data is Processed

When we write about rights related to the processing of your personal data, we refer to the rights described below. The possibility of using them is each time dependent on the legal basis for processing personal data.

Right to withdraw consent to processing In the case where we process your personal data based on the consent given for this, you have the right to withdraw the given consent at any time. Naturally, withdrawing the given consent does not affect the lawfulness of the previous processing of personal data.

Right to data portability You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, machine-readable format. You also have the right to transfer these personal data to another administrator without hindrance from our side, if the processing is carried out:

based on consent or on the basis of a contract, and in an automated manner. In exercising the right to data portability, you have the right to request that personal data be transferred by us directly to another administrator, if technically possible. This right must not adversely affect the rights and freedoms of others.

Right to object In the case where we process your personal data based on Art. 6 par. 1 lit. f) GDPR, you have the right to object to the processing of these data for reasons related to your particular situation.

Then we are no longer allowed to process these personal data, unless we demonstrate the existence of:

valid, legally justified grounds for processing, and these grounds must be overriding in relation to your interests, rights, and freedoms, or grounds for establishing, pursuing, or defending claims. Also, if you object to the processing of your personal data for direct marketing purposes, then we will not be able to process them for such purposes.

§9. Cookies - Introduction

The Service's website uses cookies. These are commonly used, small files containing a string of characters that are sent and saved on the end device (e.g., computer, laptop, tablet, smartphone) used while visiting the Service.

This information is sent to the memory of the used browser, which sends it back on subsequent entries to the website.

Cookies can be categorized considering three methods of division. In terms of the purposes of using cookies, we distinguish three categories:

Essential cookies – these files enable the proper functioning of the website and its functionalities, e.g., authentication or security cookies. Without saving them on your device, using the website will be impossible. Analytical cookies – these files allow monitoring opened websites, sources of traffic, the time spent on the website. Without saving them, using the website's functionalities will not be limited. Advertising cookies – these files enable displaying personalized ads within the website area or outside it. Without saving them, using the website's functionalities will not be limited. In terms of their validity period, we distinguish two categories of cookies:

session cookies – existing until the end of a given session, persistent cookies – existing after the session is completed. In terms of distinguishing the entity administering cookies, we differentiate:

our cookies, third-party cookies.

§10. Service Provider's Cookies

Cookies administered by us allow for:

authentication access, maintaining the session after logging in, securing the Service against hacker attacks, "remembering" by the browser of the contents of completed form fields (optionally), "remembering" by the browser of positions added to the cart. This makes using the Service's functionalities easier and more pleasant.

§11. Third-Party Cookies

We use cookies administered by Google Inc. 1600 Amphithe

atre Pkwy, Mountain View, CA 94043, United States within the service;

Google Analytics – analytical cookies, used to study user behaviors and traffic, as well as compiling traffic statistics. Data collected by Google Inc. are anonymous and aggregate. In particular, they do not contain characteristics identifying (understood as personal data) users of the Service. Using the mentioned services, we collect data such as sources of acquiring users visiting the Service, as well as their behavior on the Service page, information about the devices and browsers they use, IP address, domain, demographic data (age, gender), interests, and geographical data.

More information in this regard can be found here: https://policies.google.com/technologies/cookies?hl=en

§12. Consent to Use Cookies and Manage Them

Consent to use cookies and manage them excluding necessary cookies, their processing is based on the user's consent.

Consent to the processing of cookies is voluntary and can be withdrawn at any time. However, it should be remembered that the lack of consent to the use of certain cookies may cause limitations in using the Service and its functionalities, or even prevent such use.

Consent to the processing of cookies can be given:

using the settings of the software installed in the telecommunications terminal equipment used by the user, through the use of a button containing a statement of consent to the processing of cookies or confirmation of acquaintance with its conditions, using the settings available in the area of the website.

§13. Cache Memory

When you use the Service website, we may automatically use cache memory installed in your device. As part of local memory, it is possible to store data between sessions, i.e., between subsequent visits to the Service website. The purpose of using cache memory is to speed up the use of the Service by eliminating situations where the same data would be downloaded multiple times from the Service, thus burdening the user's internet connection. Cache memory may also store data such as a login password.

§14. Links to Other Websites or Software

The Service may contain links to other websites or software. We are not responsible for the privacy policies and cookie processing rules in force on these websites or in this software. We recommend familiarizing yourself with the privacy policy and cookies of these websites or software after entering them or before installing them.

§15. Changes to the Privacy Policy and Cookies

The privacy policy and cookies become effective on the date of publication on the Service's website. The change in the Privacy Policy and cookies occurs by publishing its new content on the Service's website. Information about the change in the Privacy Policy and cookies is published in the area of the Service's website, no later than 3 days before the date of the new version's effectiveness.

PART II – FOR RESELLERS

This part of the privacy policy and cookies defines the conditions for entrusting personal data for processing by the Service Provider on behalf of the Reseller.

The Service Provider undertakes to process the entrusted personal data according to these conditions for entrusting the processing of personal data, the GDPR, and other generally applicable legal provisions. The Reseller entrusts the Service Provider with data processing activities, carried out on its behalf. The subject of the entrusted data processing activities is the continuous transmission of all correspondence sent via the Service, for the period of the agreement for providing the Service. The correspondence, as referred to in the point above, may contain personal data of other Users, in the scope of contact and identification data. The Service Provider declares that it has appropriate technical and organizational means, ensuring that the processing of the entrusted personal data protects the rights of the persons concerned and meets the requirements of generally applicable data protection laws, particularly Art. 32 GDPR. The Service Provider undertakes to apply them. The Service Provider declares that it uses only procedures, services, and information systems that meet GDPR requirements. The Service Provider undertakes to process the entrusted personal data in premises or information systems secured against access by unauthorized persons. The Service Provider undertakes to keep a register of all categories of personal data processing activities performed on behalf of the Reseller, in accordance with Art. 30 par. 2 and 3 GDPR, if the exclusion specified in Art. 30 par. 5 GDPR does not apply. In the case of keeping a register of categories, the Service Provider undertakes to make the register available on request from the supervisory authority. The Service Provider and persons authorized by the Service Provider to process the entrusted personal data are obliged to keep them confidential, both during the period of the data entrustment terms and indefinitely after their expiration or termination of the agreement between the parties. The Service Provider undertakes to ensure that persons authorized to process the entrusted personal data have committed themselves to secrecy or are subject to an appropriate statutory duty of secrecy. The Service Provider undertakes to keep a record of persons authorized to process the entrusted personal data. As part of the implemented technical and organizational measures, the Service Provider undertakes to

ensure full accountability of the personal data entrusted to it for processing on behalf of the Reseller. In particular, by ensuring control over what personal data, when, and by whom were entered, edited, archived, returned to the Reseller, or deleted. When processing the entrusted personal data, the Service Provider uses the services of entities listed in §7 of the Privacy Policy and Cookies, to which the Reseller consents. In this respect, the Service Provider will inform the Reseller about the planned change 7 days before its implementation. Subject to the next point, the Service Provider undertakes to process the entrusted personal data exclusively within the territory of the European Economic Area, which includes all European Union countries, Iceland, Liechtenstein, and Norway. In accordance with Art. 28 par. 3 lit. e) GDPR, to the extent possible and taking into account the nature of the processing of the entrusted personal data, the Service Provider undertakes to provide appropriate technical and organizational measures that will help the Reseller comply with the duty to respond to requests from the person concerned, in the scope of exercising their rights specified in Art. 12 – 22 GDPR. In accordance with Art. 28 par. 3 lit. f) GDPR, the Service Provider, taking into account the nature of the processing and the information available to it, undertakes to assist the Reseller in fulfilling the obligations specified in Art. 32 – 36 GDPR. The Service Provider undertakes to notify the Reseller of any circumstances that have or may have an impact on the security of the entrusted personal data or its assessment, as well as on the exercise of rights by the persons whose data are processed. In accordance with Art. 28 par. 3 lit. h) GDPR, the Service Provider undertakes to make available to the Reseller all information necessary to demonstrate compliance with the obligations defined in the conditions of entrustment, in particular information and documents concerning the methods of fulfilling the obligations to secure personal data and the course of their processing. In accordance with Art. 28 par. 3 lit. h) GDPR, the Service Provider undertakes to allow the Reseller or an auditor authorized by it to conduct audits of the principles of entrusting personal data, including inspections, and contribute to them. The termination and expiration of the data entrustment agreement result in the obligation of the Service Provider to delete the entrusted personal data.