§1 General provisions
- This document sets forth the rules of processing and protecting personal data collected from the Users, as well as using cookie files and other tracking technologies in connection with the functioning of the app.wedding application (hereinafter referred to as the ‘Application’).
- This Policy has an informative purpose and was developed due to the data Administrator’s concern for the rights of individuals downloading the Application and using the services it offers. However, it does not replace the security policy run by the Administrator.
- The administrator of personal data collected through the Application is Maciej Stypka, operating under the business name Master4U Maciej Stypka with its registered seat in Katowice (40-123) at ul. Czerwińskiego 6 lok. 316, entered into the Register of Entrepreneurs of the National Court Register under KRS no. 241080707, Taxpayer ID (NIP) 634-232-70-26 (hereinafter referred to as: ‘Administrator’).
- You can contact the Administrator by:
- sending a letter to the following address: Katowice 40-123, ul. Czerwińskiego 6 lok. 316;
- sending an e-mail at: firstname.lastname@example.org;
- calling: +48 504 085 585
- The Administrator has appointed a Data Protection Inspector, Ms Krystyna Wal, who can be contacted via e-mail at email@example.com.
- Personal data – pursuant to Art. 4 p. 1) of GDPR – shall mean information about an identified or identifiable natural person (‘Data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data,
an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- User – each natural person with full legal capacity, having the status of a consumer subject to Art. 221 of the Act of 23 April 1964 of the Civil Code, having the Application installed on his/her mobile device.
§2 Personal data collected through the Application and its processing
Basis, purpose and scope of processing
- The Service includes an Internet website https://app.wedding and a mobile application available in the Google Play store at https://play.google.com/store/apps/details?id=com.wedding.app.pl and in the Apple Store at <url>
- The Administrator does not collect any personal data through the Service. Personal data is collected solely through the mobile application.
- The personal data collected upon user account registration are: name, surname, e-mail address, telephone number, image. The other data collected through the application is: wedding date, name of the fiancée, IP address.
- The Administrator processes the personal data in order to fulfil the service agreement performed by means of the Application, or for another purpose set forth in an appropriate agreement.
- The legal basis of personal data processing is Art. 6, sec. 1, letter b) of GDPR, which provides as follows: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. In the remaining cases Art. 6, sec. 1, letter a) of GDPR shall apply, which means that personal data shall be processed based on the consent given by the data subject.
- Providing personal data is voluntary, yet indispensable to use the services offered by the Administrator, which means the Application.
- If the legal basis for the processing is the consent given by the data subject, such a consent may be withdrawn at any time. Consent withdrawal does not affect the legality of the processing, which had been performed before the consent was withdrawn. The data subject may withdraw their consent by sending an e-mail entitled Consent withdrawal to the contact address (firstname.lastname@example.org) of the data Administrator or to the address of the data protection Inspector (email@example.com).
- The Administrator processes data solely for the purposes set forth in p. 4 above and for the time period necessary to perform the agreement, or until the Application User withdraws their consent, or until the operation of the Application is terminated.
- The Administrator undertakes activities referred to as profiling with regard to persons who have given their consent, where ‘profiling’ means any form of automated processing of personal data which involves the use of personal data to evaluate their personal preferences, interests. Data profiling in the Application run by the Administrator is used to identify the needs of Users better.
- The Administrator implements appropriate technical and organisational measures to protect the rights, freedoms and legitimate interests of the data subjects.
- For persons who have given their consent to profiling, the Administrator shall, in accordance with Article 22(3) of the GDPR, implement appropriate measures to protect the data subject’s rights, freedoms and legitimate interests, or at least the right to obtain human intervention on the part of the Administrator, to express his or her point of view and to challenge the decision of profiling. The person subject to profiling may exercise his or her rights by writing to the following e-mail address: firstname.lastname@example.org.
- The recipients (entrustment processors) of the personal data are:
- entities providing service and maintenance of the Application, i.e. legal service, and in the case of financial settlements, the entity performing personnel and accounting services for the Administrator;
- entities providing IT support
- entities which own the profiling software (Master4u Maciej Stypka) including entities outside the European Economic Area. The exchange of personal data with the above entities is regulated by personal data entrustment agreements or remains in accordance with relevant service provision regulations.
- The personal data of the Application Users is not disclosed to third parties, except for the purpose of profiling, and in the event that such disclosure results from the applicable legal provisions obliging the Administrator to disclose them to authorised entities.
§3 Rights of the personal data subject
- Pursuant to Art. 15–22 of GDPR, each Application User bears the following rights:
- right to access the data (Art. 15 of GDPR);
- right to rectify the data (Art. 16 of GDPR);
- right to erase the data (‘right to be forgotten’) (Art. 17 of GDPR);
- right to restrict processing of the data (Art. 18 of GDPR);
- right to data portability (Art. 20 of GDPR);
- right to object (Art. 21 of GDPR).
- The User can exercise their rights by sending a request to the following e-mail address: email@example.com or by sending a registered letter to the postal address of the Administrator.
- The request, in order to be correctly identified, must be sent from the email address used by the User to register the Application. This requirement is subject to Article 12(6) of GDPR. In justified cases, the Administrator shall contact the person submitting the request by phone or e-mail in order to verify the authenticity of the request and clarifying expectations.
- In accordance with the applicable provisions of law, the Administrator shall provide the person who submitted the request with an answer about the actions taken within a month.
- If the Administrator does not take such action, they shall inform the person making the request about this fact.
- Where personal data are processed for the purposes of direct marketing, the data subject shall have the right to object at any time to the processing of their personal data for such marketing, including profiling, to the extent that the processing is related to such direct marketing.
- The data subject shall have the right to lodge a complaint against the activities of the Administrator with the Supervisory Authority, which is the President of the Office for Personal Data Protection (formerly: the Inspector General for the Protection of Personal Data – GIODO).
§4 Security measures
- The application includes security measures to protect personal data collected by the Administrator against loss, misuse and modification. The Administrator also keeps appropriate documentation and has implemented appropriate procedures related to personal data protection as part of their business activity.
- The Administrator ensures that they protect all disclosed information in accordance with the applicable legal provisions and security standards in this regard, including in particular:
(a) the personal data collected by the Administrator shall only be directly accessible in accordance with Article 29 of GDPR by authorised employees or associates of the Administrator and by authorised persons involved in the operation of the Application who have been granted appropriate authorisations or who have signed appropriate data entrustment agreements;
b) The Administrator represents that, while commissioning other entities to provide services, they shall require from their partners, in accordance with the disposition of Article 28 of GDPR, to ensure appropriately high standards of protection of the entrusted personal data, to sign appropriate entrustment agreements in which the partners confirm the application of the standards and the right to control the compliance of these entities with these standards.
- The Administrator gives notice that due to the public nature of the Internet, using services provided electronically may involve risks, regardless of the Administrator’s due diligence.
§5 Cookie files and statistical data collection
- The Administrator uses cookie files on the website.
- In the case of the mobile application, the Administrator uses the information stored on the device in local storage for statistical and analytical purposes and to diagnose possible failures or malfunctions of the application. The Administrator uses Google Firebase and Google Analitycs applications for this purpose.
- Statistical data:
IP address assigned to the device or external address of the Internet provider, domain name, type of browser, access time, type of operating system. Logs concerning the correct operation of the website (including the IP addresses of the devices accessing the website), but does not associate them in any way with personal data. Log files may be used to generate statistics which can be further used to assist in the administration of the website. Aggregate summaries in the form of such statistics do not contain any identifying characteristics of website visitors.
- The entity placing cookies at the device of the User or the website visitor and accessing them is the Administrator or entities cooperating with them (Google Analytics, Google Adds).
- The cookie files are used for the purpose of statistics, analytics, development and so-called remarketing, including in particular:
- development of statistics to help understand how Users use the Application, making it possible to improve its content;
- analysis of errors.
- Two types of cookie files are used as part of the Service website: session cookies and persistent cookies.
a) Session cookies are temporary cookies that are stored at the device of the User and the website visitor until they leave it or turn off the software (the browser).
b) Persistent cookies are stored at the device of the User and the website visitor for the time specified in the parameters of the cookies or until they are deleted by the owner of the device.
- Web browsing software (Internet browser) usually allows the storage of cookies on the User’s device by default. The User and visitors to the website may change their settings in this respect. The Internet browser makes it possible to delete cookies. Cookie files may also be blocked automatically. Detailed information on this subject is presented in the help section or documentation of the Internet browser.
- The Application uses cookie files of a third party – Google Analytics and Facebook Pixels. You can learn more at https://support.google.com/analytics/answer/6004245 and https://web.facebook.com/privacy/explanation
- About the logs:
– The Administrator collects the so-called logs concerning the correct operation of the Website and the Application and security (including the IP addresses of the devices accessing the website), but does not associate them in any way with personal data.
2. The viewed resources are identified by URL addresses. The information which may be stored is as follows:
a. time of receipt of the inquiry,
b. time of sending a response,
c. the name of the client station – identification carried out by the HTTP protocol,
d. information about errors encountered while carrying out the HTTP transaction,
e. URL address of the page previously visited by the user (referrer link) – if the Service’s website was accessed via a link,
f. information about the user’s browser,
g. information about the IP address.
3. Log files may be used to generate statistics which can be further used to assist in the administration of the Application. Aggregate summaries in the form of such statistics do not contain any identifying characteristics of Users.
§6 Final provisions
2. The data Administrator reserves the right to amend, withdraw or modify the functions or features of the Application, as well as to cease running their business, to transfer the rights to the Application to a third party and to perform any legal actions permitted by the applicable law.