- "Personal information" - information about an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
- "Data Controller" or "Controller" - natural or legal person, public authority, entity, or any other entity which alone or jointly with others determines the purposes and means of processing of Personal Data, i.e. in this case 4Goal.App Sp. z o. o. with its registered office in Katowice (40-668), 35 Bazantow Street, entered in the register of entrepreneurs kept by the District Court in Katowice, VIII Economic Department of the National Court Register under KRS number: 0000885101, NIP: 9542823694, REGON: 388206608
- "GDPR" - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
- "Processing" - an operation or set of operations performed on personal data or sets of personal data in an automated or non-automated manner, such as collecting, recording, organizing, structuring, storing, adapting or modifying, downloading, viewing, using, disclosing by transmission, dissemination or otherwise making available, matching or linking, limiting, deleting or destroying.
- "Application" - mobile application called "4goal.app".
- "User" - Any natural person using the services provided through the Application.
- "Device" - means the electronic device through which the User accesses the Application.
§2 General Provisions
- Out of concern for the security of the personal data entrusted to us, we have developed internal procedures and recommendations to prevent the release of personal data to unauthorized persons. We control their execution and constantly check their compliance with the relevant legal acts, i.e. the GDPR, the Act of 10.05.2018 on the Protection of Personal Data (Journal of Laws of 2018, item 1000, as amended), the Act of 18.07.2002 on the Provision of Electronic Services (Journal of Laws of 2017, item 1219, as amended), as well as any other generally applicable laws.
§3 Information regarding the processing of Personal Data
Who processes personal data and for what purposes.
- Personal data is processed by the Controller for the following purposes:
- for purposes necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject prior to entering into a contract (based on Article 6(1)(b) of the GDPR),
- for the purposes necessary to perform legal obligations incumbent on the Controller, in particular those arising from the Act of 12.07.2002 on the provision of electronic services (i.e. Journal of Laws of 2020, item 344, as amended), as well as tax law and accounting regulations (pursuant to Article 6(1)(c) GDPR),
- for purposes arising from the legitimate interests pursued by the Controller, in particular:
- conduct marketing of Controller products and services,
- to conduct analysis of Users' activities, as well as their preferences, and to ensure smooth functioning of the Application,
- Investigation and defense against possible claims arising from the concluded contracts,
- To answer a question posed to the Controller related to the operation of the application - on the basis of Article 6(1)(f) of the GDPR;
- for the purpose in accordance with the voluntary consent given by the User for the processing of personal data, including in the case of the User's enrollment in newsletters, loyalty programs, or consent to participate in contests and marketing actions (indicated precisely in the regulations for a particular contest or marketing action) - on the basis of Article 6(1)(a) of the GDPR.
- The Service Provider also processes personal data of Users visiting Controller profiles maintained on social media (Facebook, YouTube, Instagram). This data is processed exclusively in connection with the operation of the profile, including for the purpose of informing Users about the Controller's activities and promoting various events, services and products. The legal basis for the Service Provider's processing of personal data for this purpose is its legitimate interest (Article 6(1)(f) of the GDPR) in promoting its own brand.
- The User should not provide the Controller with personal data of third parties. Instead, if he/she provides such data, he/she shall each time declare that he/she has the appropriate consent of third parties to provide data to the Controller.Data collected by the application automatically
- The Controller does not collect personal data without the User's consent, but reserves the right to collect data that do not have this attribute, in particular demographic data and data on the use of the Application. The collection of data described in the preceding sentence is carried out automatically (hereinafter referred to as "automatically collected data").
- Automatically collected data do not uniquely identify the User.
- Data collected automatically may be used by the Controller to improve the quality of the services provided, in particular in the event of an error in the Application. In the situation described above, the data collected automatically will relate to the error of the Application, including the state of the User's mobile device at the time of the error, the identification of the User's mobile device, the physical location of the User's mobile device at the time of the error.
- It will not be possible to change or delete data collected automatically.How long will we process your personal data?
- The Controller shall exercise due diligence to ensure that the personal data processed are always substantively correct and adequate in relation to the purposes for which they are processed, and stored in a form that allows the identification of the persons to whom they relate for no longer than is necessary to achieve the purpose of the processing.
- Personal data will be kept by the Controller for the following periods:What rights do you have in connection with the processing of your personal data?
- If the processing of data is carried out on the basis of voluntarily given consent by the User, the personal data will be stored until the consent to process personal data for specific, explicit and legitimate purposes is withdrawn.
- If the processing of the data is necessary for the performance of a contract to which the User is a party, or to take action at the request of the User, prior to the conclusion of the contract, the personal data will be processed for the duration of the contract, and thereafter for the period of limitation of possible claims under generally applicable laws.
- If the processing is necessary to fulfill a legal obligation incumbent on the Controller, the personal data will be processed for a period of time under generally applicable laws.
- If the processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party, the personal data will be processed for a period no longer than necessary for the purposes for which the data are processed or until you object to the processing of your personal data for those purposes, on grounds related to your particular situation, unless the Controller demonstrates the existence of valid legitimate grounds for the processing, overriding your interests, rights and freedoms, or grounds for the establishment, assertion or defense of claims.
- If personal data is processed for the purposes of direct marketing, personal data will be processed until you object to the processing of personal data for such marketing, to the extent that the processing is related to such direct marketing.
- Each data subject (if the Controller is the data controller) has the following rights:
- the right of access to one's personal data, which includes the right to obtain confirmation as to whether or not personal data is being processed, and if this is the case, the right to access this information indicated and to receive a copy of the personal data being processed,
- the right to rectification of personal data, which includes the right to request that the Controller immediately rectify personal data concerning it that is inaccurate,
- the right to erasure of personal data - you have the right if:
- personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- the data subject has withdrawn the consent on which the processing is based pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal basis for the processing;
- the data subject objects under Article 21(1) of the GDPR to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects under Article 21(2) of the GDPR to the processing;
- personal data were processed illegally;
- personal data must be deleted in order to comply with a legal obligation to which the Controller is subject;
- personal data was collected in connection with the offering of information society services to children, as referred to in Article 8(1) of the GDPR, where the child is under 16 years of age
- the right to erasure - you are not entitled to if the processing is necessary:
- to exercise the right to freedom of expression and information;
- to comply with a legal obligation requiring processing to which the Controller is subject, or to perform a task carried out in the public interest or in the exercise of public authority entrusted to the Controller;
- for archival purposes in the public interest, for scientific or historical research purposes, or for statistical purposes in accordance with Article 89(1) of the GDPR, insofar as the right referred to in paragraph 1 is likely to prevent or seriously impede the purposes of such processing;
- to establish, assert or defend claims.
- You have the right to restrict the processing of your personal data if:
- the data subject questions the accuracy of the personal data - for a period that allows the Controller to verify the accuracy of the data;
- processing is unlawful and the data subject objects to the erasure of the personal data, requesting instead a restriction on its use;
- the Controller no longer needs the personal data for the purposes of processing, but they are needed by the data subject to establish, assert or defend claims;
- the data subject has objected under Article 21(1) of the GDPR to the processing - until it is determined whether the legitimate grounds on the part of the Controller override the grounds for the data subject's objection
- the right to data portability includes the right to receive the data and send it to another Controller or to request, if technically possible, that the data be sent directly to another Controller - to the extent of data processing based on the User's consent and for purposes necessary for the performance of the contract and data processing by automated means;
- the right to object to the processing of personal data to the extent:
- processing of personal data based on Article 6(1)(e), including profiling on the basis of these provisions, unless the Controller demonstrates the existence of valid legitimate grounds for processing overriding the interests, rights and freedoms of the data subject, or grounds for establishing, asserting or defending claims.
- processing data for direct marketing purposes, including profiling.
- The data subject has the right to revoke the consent granted for the processing of personal data at any time, without affecting the lawfulness of the processing carried out on the basis of the consent before its revocation. Withdrawal of consent is made by contacting: firstname.lastname@example.org.
- A person whose personal data is processed has the right to lodge a complaint with the supervisory authority, which is the President of the Office for Personal Data Protection, if he/she considers that the processing of data is incompatible with the law.To which entities will personal data be transferred?
- In connection with the performance of services by the personal data may be disclosed to external entities, including, in particular, suppliers responsible for the operation of information systems used to provide services, entities such as banks and payment operators, research companies, accounting service providers, couriers (in connection with the fulfillment of orders), marketing agencies (for marketing services) and entities affiliated with the Controller.
- If the User's consent is obtained, his data may also be shared with other entities for their own purposes, including marketing.
- The Controller reserves the right to disclose information concerning the User to the competent authorities or third parties who make a request for such information, based on the relevant legal basis and in accordance with the provisions of the applicable law.
§4 Procedure for exercising the rights of personal data subjects
- With a request related to personal data protection, you can contact the Controller via e-mail address or by mail:
e-mail at: email@example.com,
4Goal.App Sp. z o. o. based in Katowice (40-668), 35 Bazantow Street "with the note IOD"
- In cases where the User contacts the Controller, it will be required for the User to provide: first name, last name and e-mail address. Provision by the Applicant of the data collected for the purpose of contact is voluntary; however, it will be the sole basis for the Controller's return contact with the User and will enable the Controller to verify the Applicant.
- The Controller is authorized to verify the identity of the Applicant. Failure to successfully verify the Applicant's identity for reasons for which the Applicant is responsible may mean that the Controller will not pursue the submitted application, of which the Applicant will be promptly informed.
- If the right of access to data and the right to data portability is exercised, a copy of the personal data concerning the Applicant shall be attached to the response provided to the Applicant in commonly known and accessible machine-readable formats.
- Data collected for the purpose of contact will be used only to enable correct, complete and efficient communication between the Controller and the Applicant.
- The Controller shall store correspondence with the Applicant for statistical purposes and for the best and fastest possible response to emerging inquiries, as well as for the purposes of complaint resolution and possible decisions on administrative interventions on the indicated data based on the applications. Addresses and data thus collected will not be used to communicate with the User for any purpose other than the execution of the request.
§5 Direct marketing
- Conducting direct marketing by the Controller may be carried out by sending commercial information by means of electronic communication, in particular e-mail and by phone.
- The Controller may send you information about its products and services as a rule if you voluntarily consent to the processing of personal data for marketing purposes. Consent to the processing of personal data may be withdrawn at any time.
- Sending information about Controller's products and services by means of electronic communication requires consent to send commercial information by means of electronic communication, in particular e-mail, and the provision of an e-mail address.
- Presentation of information about the Controller's products and services through telephone contact requires the User's consent to the use of telecommunications terminal equipment for direct marketing purposes and the provision of a telephone number.
- If you do not wish to receive information about the Controller's products and services, you may withdraw your consent to the processing of personal data for marketing purposes or object to the processing of personal data for direct marketing purposes, including profiling, to the extent that the processing is related to such direct marketing.
§6 Final provisions