1.1. Controller – ES System K Spółka z ograniczoną odpowiedzialnością with its seat in Wolbrom (32 - 340) at ul. Wrzosowa 10.
1.2. Application – a mobile application under the name of “SmartShopCtrl”, designed to be installed on a mobile device with Android or iOS operating system, through which the User, after registering an Account, can use selected services and functionalities available via the Platform and the Peer-to-Peer Connection.
1.3. Personal Data - information about a natural person who is identified or identifiable by one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, internet identifier and information collected through cookies and other similar technology.
1.4. Customer - an individual, an unincorporated organisational unit or a legal entity who has purchased from the Service Provider, Distributor or other entity a Device equipped with a Smart Package, a Commercial Package or an Access Package, who has a QR code for the Device equipped with the Smart Package;
1.6. Peer-to-peer Connection - a direct connection between the Device equipped with a Smart Package and a mobile device on which the Application is installed (i.e. a connection that does not require the connection of the aforementioned devices to the Internet); Peer-topeer Connection is possible using the Access Point of the Device equipped with the Smart Package or via the Customer's local Wi-Fi network with which the Device equipped with the Smart Package is connected
1.7. . Platform - an organised internet and IT platform available to Customers via the Application or the Website, enabling the use of the Smart Shop Control Services, including in particular remote control of the Device equipped with the Smart Package, under the conditions described in the Terms and Conditions.
1.8. Terms and Conditions - the terms and conditions governing the Controller’s provision of services via the Platform and via the Peer-to-Peer Connection.
1.9. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC
1.10. Website - the website available at https://20elza21.essystemk.com/, hosted in a cloud computing environment, through which the Customer, after registering an Account, can use the services and functionalities available on the Platform.
1.11. Service Technician - acting on behalf and under the authority of the Customer, an entity providing service or repair of the Device equipped with a Smart Package.
1.12. User - Customer who is a natural person or a natural person who makes use of one or more services or functionalities available via the Platform or peer-to-peer Connection; a Service Technician is also a User;
1.13. Other capitalized terms in the Policy that are not defined in clauses 1.1. to 1.12 above shall be given the meaning as defined in the T&Cs.
2. PROCESSING OF DATA IN CONNECTION WITH PLATFORM USE
REGISTRATION AND USE OF THE PLATFORM AFTER REGISTRATION
2.1. Through the Application or the Website, the User has the possibility to register an Account on the Platform in order to use the services available to the User on the Platform and through the Peer-to-Peer Connection. In order to register on the Platform, it is necessary to provide an e-mail address, the name of the Customer’s or Service Technician’s business and to choose a login and password. The User may provide additional data, thereby consenting to its processing. Such data can be deleted at any time. The provision of data marked as mandatory is required in order to set up and use an Account. Provision of other data is voluntary.
2.2. The data of the User who has registered an Account on the Platform is processed:
2.2.1. in order to provide electronic services to the User, including the registration of the Account, the provision of services available within the Account and within the Peerto-Peer Connection, and, in case of a complaint, in order to resolve it; the legal basis for processing is the necessity for the performance of the contract (Article 6(1)(b) GDPR), and, with regard to optional data provided, the legal basis for processing is consent (Article 6(1)(a) GDPR),
2.2.2. for analytical and statistical purposes - the legal basis of the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting of conducting analyses of the Users’ activities, as well as their preferences in order to improve the functionalities used and the quality of the services provided,
2.2.3. for possible establishment, investigation or defence of claims - the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR) to defend its business interests
EXPRESSION OF INTEREST IN THE PROVISION OF TECHNICAL SERVICES
2.3. The Controller provides the possibility for Users to declare their interest in providing technical maintenance services for Devices equipped with the Smart Package in cooperation with the Controller. In order to contact the User in this respect, at the Account registration stage or at a later stage, within the Account Profile the User has the option of providing their telephone number, name and company name. The provision of this data is necessary in order to make contact with the User. The User may also provide other data in order to facilitate contact and the consideration of the application for cooperation with the Controller. The provision of data marked as mandatory is required in order for the Controller to contact the User, and failure to provide such data will result in the Controller being unable to contact the User. Provision of other data is voluntary.
2.4. Personal data is processed:
2.4.1. in order to ensure communication and handling of an expression of interest in cooperation with the Controller via an electronic form - the legal basis for processing is the Controller's actions taken at the request of the data subject prior to the conclusion of a contract (Article 6(1)(b) GDPR); with regard to data provided on an optional basis, the legal basis for processing is consent (Article 6(1)(a) GDPR);
2.4.2. for analytical and statistical purposes - the legal basis of the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting of keeping statistics on requests for cooperation with the Controller in order to improve functionality
2.4.3. for the possible establishment, investigation or defence of claims - the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR) to defend its rights.
2.5. The Controller provides a newsletter service to Users who have provided their e-mail address for this purpose. The provision of data is required in order to provide the newsletter service and failure to do so will result in the newsletter not being sent.
2.6. Personal data is processed:
2.6.1. for the purpose of providing the newsletter service - the legal basis for the processing is the necessity of the processing for the performance of the contract (Article 6(1)(b) GDPR) and, as regards optional data, the consent given (Article 6(1)(a) GDPR);
2.6.2. in the case of sending marketing content to the User within the newsletter - the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting of the promotion of the Controller’s brand, in connection with the consent to receive the newsletter;
2.6.3. for analytical and statistical purposes - the legal basis of the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting of conducting analysis of newsletter recipient activity in order to improve functionality,
2.6.4. for the possible establishment, investigation or defence of claims - the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR) to defend its rights.
3. COOKIES AND SIMILAR TECHNOLOGY
3.2. The User can change their privacy settings by changing their browser settings. Detailed information can be found at the links below:
Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka
3.3. The User can verify the status of their current privacy settings for the browser used at any time using the tools available at the links below:
4. PERIOD OF PERSONAL DATA PROCESSING
4.1. The duration of data processing by the Controller depends on the type of service provided and the purpose of the processing. As a general rule, data shall be processed for the duration of the service, until the consent given is withdrawn or an effective objection is made to the processing in cases where the legal basis for the processing is the legitimate interest of the Controller.
4.2. The processing period may be extended if the processing is necessary for the establishment, investigation or defence of possible claims, and thereafter only if and to the extent required by law. At the end of the processing period, the data are irreversibly deleted or anonymised.
5. USER RIGHTS
5.1. The User has the right: to access the content of the data and to request rectification, erasure, restriction of processing, the right to data portability and the right to lodge a complaint with the supervisory authority in charge of personal data protection.
5.2. To the extent that the User’s data is processed on the basis of consent, this consent may be withdrawn at any time by contacting the Controller, deleting the data provided voluntarily or by using the functionalities provided within the Account Profile. Withdrawal of consent will not affect the lawfulness of processing carried out on the basis of consent before its withdrawal
5.3. .To the extent that the User’s data is processed by automated means in connection with the contract concluded or consent given, the User has the right to data portability. If the User makes such a request, the Controller shall issue the data to the User in a computerreadable format. It is also possible to request that this data be sent to another entity designated by the User, provided that there is technical capacity to do so on the part of both the Controller and the entity designated by the User
5.4. The User has the right to object to the processing of data for marketing purposes if the processing is carried out in connection with the legitimate interest of the Controller, and - for reasons related to the User’s particular situation - in other cases where the legal basis for the processing is the Controller’s legitimate interest (e.g. in connection with the performance of analytical and statistical purposes).
6. DATA RECIPIENTS
6.1. In connection with the provision of the services available on the Application, personal data will be disclosed to external entities acting on behalf of the Controller, including in particular IT, accounting and legal service providers and IT system providers.
6.2. The Controller reserves the right to disclose selected information concerning the User to the competent authorities or to third parties who make a request for such information on the basis of an appropriate legal basis and in accordance with the provisions of the applicable law.
7. SOURCE OF DATA
7.1. In order to activate Access Packages within the Accounts maintained for Users other than the Customer who is a natural person, the Controller may receive personal data of the Users from the Customers as regards: e-mail address, login (User name) and business name. The Customer providing the User’s data is an employer, principal or has another business relationship with the User. . The legal basis for the provision of User data by the Customer is the Controller’s legitimate interest (Article 6(1)(f) GDPR) in the efficient management of the Customer’s business.
8. TRANSFER OF DATA OUTSIDE THE EEA
8.1. The level of protection of personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers personal data outside the EEA only when necessary and with an adequate level of protection, primarily by:
8.1.1. cooperation with processors of personal data in countries for which a relevant European Commission decision has been issued;
8.1.2. using standard contractual clauses issued by the European Commission;
8.1.3. applying binding corporate rules approved by the competent supervisory authority.
8.2. Users’ personal data is transferred outside the EEA when they contact the Service Provider via the email provided by the Service Provider. In order to ensure a high level of protection for the Personal Data transferred, this transfer is based on the standard contractual clauses issued by the European Commission. The User has the right to obtain a copy of the standard contractual clauses establishing the relevant safeguards and a summary description of the security measures in place. For this purpose, please contact the Controller at the following e-mail address email@example.com
9. CONTACT DETAILS
9.1. The Controller can be contacted by e-mail at firstname.lastname@example.org or by sending correspondence to the address of the Controller.
10.1. The Policy is kept under review and updated as necessary. The current version of the Policy was adopted and became effective on 8 December 2022.