PRIVACY POLICY
WWW.POCKETINSPECTIONS.COM
version as of 2022-01-14
I. General provisions
II. Ways and purposes of personal data processing
III. Personal data sharing
IV. Period of personal data storage
V. User’s rights in connection with the processing of personal data
VI. Protection of Users’ Confidential Information
VII. „Cookies”
VIII. Server logs
IX. Security and personal data protection authority
I. GENERAL PROVISIONS
1. The controller of personal data collected via the Website and the App www.pocketinspections.com is Marcin Pawlik running a business under the name „SOLVE-NET Marcin Pawlik” registered in the Central Register and Information on Economic Activity, address: Juliusza Lea 114/415, 30-133 Kraków (Poland), tax id no. (NIP): 8722252703, email: info@pocketinspections.com, phone no.: +48 660 312 716, hereinafter referred to as „Controller”, who is simultaneously the Service Provider.
2. The User’s personal data is processed in compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as „GDPR”.
3. The Controller attaches great importance to the privacy of all entities using its services. The Controller cares about the security of the data made available to him. These data are adequately protected and secured against unauthorized access, which is reflected in this Privacy Policy.
4. The Website and App are of closed form and are intended for registered Users only, each of whom has an individual, private Account, protected by a password assigned by the User.
5. Any words or expressions written in this Privacy Policy with a capital letter should have the meaning assigned to them by the glossary contained in the Terms of Service.
II. WAYS AND PURPOSES OF PERSONAL DATA PROCESSING
1. Using the Website and App involves the processing of Users’ personal data for the following purposes:
a) Contact via email – for this purpose, User provides their e-mail address and other data contained in the message. Providing an email address is voluntary, but necessary to contact the Controller via email. In this case, personal data is processed in order to contact the User, and the basis for processing is the User’s consent resulting from the initiation of contact (Article 6 (1) (a) of the GDPR). The data will also be processed after contacting the Controller. The legal basis for such processingis the legitimate purpose of archiving correspondence for the purpose of documenting its course in the future (Article 6 (1) (f) of the GDPR).
b) Contact via telephone – for this purpose, the Controller requires User’s telephone number when setting up an Account. Contact by phone serves to provide the User with information about the products and services offered by the Controller, during the free trial period. The basis is the User’s consent (Article 6 (1) (a) of the GDPR).
c) Issuing and sending invoices – in order to perform and settle online services, as an obligation resulting from legal provisions – Article 6 (1) (c) of the GDPR and resulting from the content of Article 6 (1) (f) of the GDPR, i.e. the legitimate interest of the Controller. Providing data for the invoice is mandatory in order to receive it.
d) Account and App support – in order to perform the contract for the provision of online services (Article 6 (1) (b) of the GDPR), the Controller processes the User’s personal data provided via the Account, in particular for sending reports generated by the User by email.
e) Complaint handling – by submitting a complaint, the User provides personal data contained in the complaint, which include, in particular, name and surname, company name, e-mail address, telephone number. Providing this data is voluntary, but necessary to file a complaint. The data provided in connection with the submission of a complaint is used to implement the complaint procedure (Article 6 (1) (c) of the GDPR), and then for archival purposes, which is the Controller’s legitimate interest (Article 6 (1) (f) of the GDPR). These data will be processed for the time necessary to implement the complaint procedure or the withdrawal procedure. Complaints and statements of withdrawal from the contract may also be archived in order to show the course of the complaint process in the future. In the case of data provided in the process of submitting a complaint, some of the rights will not be available to the User always and under all conditions.
f) Processing for archival and evidence purposes, for the purposes of securing information that may be used to prove facts – this is a legitimate interest of the Controller (Article 6 (1) (f) of the GDPR).
g) Confirmation of the performance of the Controller’s obligations and pursuit of claims or defense against claims that may be directed against the Controller, as well as for the purpose of preventing or detecting fraud – based on the Controller’s legitimate interest, which is the protection of rights, confirmation of the performance of obligations and obtaining due remuneration from Users (Article 6 (1) (f) of the GDPR).
III. PERSONAL DATA SHARING
1. Personal data may be transferred to the following entities whose services are used by the Controller in order to run the Website and to provide services through it: a) Entities handling email distribution: • Mailgun LLC 620 Folsom St STE 100 San Francisco, CA 94107-3625
• Mailjet SAAS, 4 Rue Jules Lefebvre 75009 Paris, VAT ID: FR 67524536992
• Google Cloud Poland Sp. z o.o., ul. Emilii Plater no. 53, 00-113 Warsaw, Poland, Nr VAT: PL5252822767
b) Payment operators: • Stripe (Stripe Payments Europe, Ltd., The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland
c) Accounting services:
• IFIRMA SA Grabiszyńska 241 B, 53-234 Wrocław
d) Hosting service providers: • DigitalOcean LLC, 101 Avenue of the Americas 10th Floor New York, NY 10013 United States
e) Internet traffic monitors: • Google LLC. (1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA)
• Hotjar, Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, Malta.
f) Others: • Chat service: LiveChat, Inc. (101 Arch Street, 8th Floor, Boston MA 02110, United States of America)
2. The purpose and scope of data collection and their further processing and use by service providers referred to in clause 1, as well as the possibility of contact and the User’s rights in this regard and the possibility of making settings that ensure privacy protection are described in the privacy policies of those service providers.
3. In the case of service providers based outside the EEA, the Controller has concluded appropriate contracts for entrusting the processing of personal data using the so-called Standard Contractual Clauses.
IV. PERIOD OF PERSONAL DATA STORAGE 1. Personal data necessary for the performance of the contract, the handling of complaints, confirmation of the performance of the Controller’s obligations and pursuit of claims or defense against claims that may be directed against the Controller, as well as for archival and evidence purposes – will be kept for the period necessary for the purpose for which they were collected.
2. Other personal data will be kept for the period necessary for the purpose for which they were collected, but not longer than 5 years from the date of collection of such data.
V. USER’S RIGHTS IN CONNECTION WITH PROCESSING OF PERSONAL DATA
1. According to the GDPR, the User has the following rights in connection with the processing of their personal data: a. The right to be informed how personal data is processed;
b. The right to access and rectify personal data;
c. The right to delete personal data; The Controller may refuse to delete data for which there is a basis for their further processing (e.g. fulfillment of a legal obligation or pursuing claims or defending against claims that may be directed against the Controller);
d. The right to request the restriction of the processing of personal data;
e. The right to object to the processing of personal data if the basis for processing is the Controller’s legitimate interest or performance of tasks in the public interest;
f. The right to withdraw consent if personal data was processed on the basis of the User’s consent;
g. The right to transfer personal data.
2. All of the above rights can be exercised by contacting the Controller by e-mail at: info@pocketinspections.com. Requests will be handled without undue delay, not later than within 30 days from the date of receipt of a request. Within this period, the Controller will reply or inform about a possible extension of the deadline and explain the reasons. If the Controller has doubts as to whether a specific request was made by an authorized person, he may ask a few additional questions to verify the identity of the applicant.
VI. PROTECTION OF USER’S CONFIDENTIAL INFORMATION 1. All information, files and data (such as voice recordings, text descriptions, photos, drawings) placed on the Website and in the App by the User, constitute Confidential Information, which: a. remains the exclusive property of the User and will be permanently removed from the Controller’s servers at the User’s express request;
b.are stored and protected by the Controller with due diligence, and at least with the same care as the Controller protects his own confidential information against disclosure;
c.will not be disclosed by the Controller to any third parties, including other Users or potential clients, without the consent of the User expressed in writing under pain of nullity;
d.will not be used by the Controller in any way other than in accordance with the Terms of Use, such as copying, creating derivative works, designs, or in production, sales and marketing;
2. The provisions of clause VI.1. do not apply to the information, files and data that are publicly available, unless the disclosure was due to a breach of the Terms of Use, the Privacy Policy or any generally applicable law.
3. The provisions of clause VI.1. do not apply to document templates created by the User within the App. Upon their creation, these templates become the exclusive property of the Service Provider and may be used and modified by him free of charge, without any restrictions.
VII. “COOKIES”
1. The Website, like almost all other websites, uses Cookies to provide Users with the best possible experience. During the User’s first visit to the Website, information on the use of Cookies is displayed. If they do not change their browser settings, they consent to the use of Cookies.
2. Cookies are digital data, in particular small text information, saved and stored on devices (e.g. computer, tablet, smartphone) through which the User uses the Website’s pages.
3. Cookies used by the Controller are safe for Users’ devices. In particular, it is not possible for viruses or other unwanted software or malware to enter Users’ devices this way. Cookies allow to identify the software used by the User and individually adjust the functionality of the Website. Cookies usually contain the name of the domain they come from, the storage time on the device and the assigned value.
4. The Website uses three types of Cookies:
a) Session –they are stored on the User’s device and remain there until the end of thebrowser session. The saved information is then permanently deleted from the device’s memory. The session Cookies mechanism does not allow the collection of any personal data or any confidential information from the User’s device;
b) Permanent –they are stored on the User’s device and remain there until they are deleted. Ending a browser session or turning off the device does not delete them from the User’s device. The permanent Cookies mechanism does not allow the collection of any personal data or any confidential information from the User’s device;
c) Analytical –they enable better understanding of the User’s interaction with regard to the content of the Website, and allow the Controller to better organize its layout.
Analytical Cookies collect information onhow the Website is used by the Users, the type of page from which the User has been redirected, and the number of visits and the duration of the User’s visit to the Website. This information does not contain User’s personal data, but serves to compile statistics on the use of the Website. Analytical cookies may be used to develop statistics on the Website in the Google Analytics and Hotjar applications.
5. The User has the option to limit or disable the access of Cookies to their device. If they use this option, the use of the Website will still be possible, except for functions that, by their nature, require Cookies.
6. The Website uses Hotjar (https://www.hotjar.com/) for analytical purposes, which allows the Controller to monitor, save and analyze Users’ behavior on the Website. Hotjar can record the following behaviors: navigation, page scrolling, cursor movement. Information on the location, device used, operating system, browser and Cookies may be collected. Hotjar does not register and does not store personal data allowing the identification of the User. For more information on Hotjar’s privacy policy, please visit https://www.hotjar.com/privacy. Data collected by Hotjar is used to improve and develop the services provided on the Website. The User has the right not to consent to the above-mentioned actions. For this purpose, one should go to the website: https://www.hotjar.com/opt-out to disable the tracking code.
7. The moble Appmay contain built-inanalytical tools, such as: Google Analytics for Firebase, BugSnag. By using the mobile App, you consent to the collection of analytical data from mobile apps.
8. The analytical data collected by the tools listed in this sectionare only used to improve the quality of services provided on the Website and are not transferred to third parties.
VIII. SERVER LOGS
Using the Website and the App involves sending inquiries to the server on which the Website pages and App data are stored. Each query directed to the server is saved in the server logs. Logs include User’s IP address, server date and time, information about the web browser and the User’s operating system. Logs are saved and stored on the server. The data stored in the server logs are not associated with specific Users and are not used by the Controller to identify Users. The server logs are only auxiliary material used to administer the Website and the Application, and their content is not disclosed to anyone except those authorized to administer the server.
IX. SECURITY AND PERSONAL DATA PROTECTION AUTHORITY
1. The Controller guarantees the confidentiality of all personal data provided to him. The Controller ensures that all security and personal data protection measures required by law are taken. Personal data is collected with due diligence and adequately protected against access by unauthorized persons.
2. If you believe that the Controller is processing personal data unlawfully, you can file a complaint with the competent authority, which is the President of the Personal Data Protection Office of Poland (Prezes Urzędu Ochrony Danych Osobowych).