- Who is the Administrator of personal data? Your personal data is processed by EON46 Joint-stock company, Młyńska street 12/322, 61-730 Poznan, National Court Register: 0000810511, tax number: 7831803136, National Business Registry Number: 383714263, share capital: 500.000 zlotys paid in full.
- How can the Data Protection Officer help me?If you have any questions or concerns regarding the processing of personal data using the app, please contact the DPO at: firstname.lastname@example.org .
- Purposes and basics of personal data processing What data do we collect?
In order to enable full use of the app by its users, we collect the following data:
- Personal data of a parent or the legal guardian which are: name, surname, residentialaddress, telephone number, email address that was used to verify registration in theapp
- Personal data of the child under 16 years, on whose device the app has beeninstalled. The data that we collect are name and surname
- School and/or the educator contact details: email address or phone number – at theUser’s choice
- Email address and the login password
- Incident data reported in the app
- Data about the location of the device on which the user uses the app
- Data collected while logging into the app: brand, model, hardware identifier, typeand version of the system used; login date and time, IP address
- The IMEI number of the mobile device on which the user or the juvenile user usesthe app
When do we collect them?
The Personal Data is collected
- a) For users downloading the app – at the time of registration in the app, confirmationof account creation and account configuration,
- b) If using the app – when a juvenile reports an incident or when the user logs in to the app
Who does the personal data come from?
The user enters personal data during account configuration in the app himself, the app only processes data entered by the User who uses its functionality.
In what purpose do we collect them?
We collect personal data to:
- Enable users to properly use the app by using a user account,
- Provide electronic services available in the app for users,
- Create registers and records to the obligations arising from the GDPR,
- Administer the app operation correctly,
- Provide information contained in user’s reports entered into the app,
- Prevent sending false reports and using the app against its intended purpose,
- For analytical and statistical purposes – to improve the operation of the app and toimprove the response to user’s queries.
On what grounds do we process personal data?
- Consent of parent or legal guardian – article 6 sec. 1 letter a in conjunction with article 8 sec. 1 GDPR – to the extent that other grounds for processing personal data do not apply
- Performance of the contract for the provision of electronic services or pre-contractual activities undertaken at the request of the data subject – article 6 sec. 1 letter b GDPR
- Fulfilling legal obligations incumbent on the Administrator of personal data (in the scope of keeping registers and documentation resulting from the provisions of generally applicable law, tax obligations) – article 6 sec. 1 letter c GDPR
- The justified interest of the Personal Data Administrator in:
- conducting analyzes and statistics aimed at improving the operation of theapp
- administering the operation of the app
- preventing from sending false reports via the app and using it against theintended purpose by the users
- creating records and registers related to the processing of personal inaccordance with the principles arising from the GDPR Processing based on article 6 sec. 1 letter f GDPR
- Personal data processing not requiring identificationDue to the fact that the app is designed to send messages from the user to the indicated addressee and the user is responsible for the content of the message, it may happen that personal data will also appear in the content of the message posted by the user in the app. In the ordinary functioning of the app, the administrator of personal data does not have access to the content of messages sent by the users. Therefore the administrator of personal data is not able to identify the persons whose data can be processed this way.
- Protecting children’s privacyThe app is an information society service, hence – if the user is under 16 years old the basis for personal data processing is the consent of the data subject. The personal data administrator will process personal data only if consent to the processing of personal data is expressed or confirmed by the child’s parent or legal guardian, and only to such extent. The administrator stipulates that in order for the app to be used by people under 16 years old, it is necessary to activate the account with the data of the legal guardian or parent, in accordance with the procedure described in the App Regulations carried out by the child’s legal guardian.
- Recipients of personal dataThe recipients of personal data in the app can be:
- Public authorities – the transfer is based on the provisions of generally applicable lawor – in the case of sending information from the user via the app – at the request ofthe user himself.
- Subjects providing services to the Personal Data Administrator – in the field ofhosting or similar services provided to the Personal Data Administrator.
- Subjects provided legal and accounting services to the Personal Data Administrator.
- How long is the data stored?
1. The Personal Data Administrator stores data for the following periods:
a) In the case of personal data necessary to provide services by electronic means and performance of the contract for the provision of services – for the period necessary to provide services by electronic means, but no longer than until the limitation periods for claims related to services rendered.
- In the case of personal data processed on the basis of consent – until it is withdrawn or the purpose of processing is achieved, but no longer than until the user resigns from using the app.
- In the case of personal data processed on the basis of the legitimate interest of the Personal Data Administrator – until an effective objection has been lodged or the purpose of personal data processing has been achieved, however no longer than 5 years, counted from the end of the year in which the Personal Data Administrator began processing.
- In the case of personal data processed for analytical purposes, administration of the app and cookies – until they become outdated or they loose their usefulness.
2. In the case of a request to exercise the right to be forgotten, each application is considered individually
VIII. Can personal data processed in the app be transferred to third countries?
- The app uses popular services and technologies, offered among others by Google, which – due to the headquarters in the United States of America – in the light of provisions of the GDPR is treated as a third country (outside the European Union).
- The GDPR limits the possibility of transferring personal data to third countries, due to the fact that they may not guarantee an adequate level of protection of personal data of European Union citizens and due to the fact that European law regulations are not respected there. Each administrator of personal data is required to determine the legal basis for such transfer of personal data.
- The Personal Data Administrator ensures that in connection with the use of services and technologies, personal data is only transferred to those subjects from the USA that joined the Privacy Shield program, based on the European Commission implementing decision of July 12, 2016 – more on this can be read on the European Commission website available at https://ec.europa.eu/info/law/law-topic/data-
protection/data-transfers-outside-eu/eu-us-privacy-shield_pl. Subjects participating in this program guarantee that they will comply with high standards in the field of personal data protection that are in use in European Union, therefore the use of their services and offered technologies in the processing of personal data is lawful.
4. The administrator of personal data will provide you with additional explanations regarding the transfer of personal data at any time, also at any time you have the right to obtain a copy of personal data transferred to a third country.
IX. What are the rights of individuals to whom the personal data relates?
The app user, who entered his personal data into it has the following rights:
- access to personal data and receive copy thereof
- request to correct or complement the personal data
- request to remove the personal data – the data subject may request their deletion, ifhe considers that there are no grounds for the administrator of personal data toprocess subjects personal data and there are no grounds justifying further processing
- restrictions on the processing of personal data – the data subject may request thePersonal Data Administrator to limit the processing of his/hers personal data, only use it to storage or performing activities agreed upon with it. If the data is incorrect or processed without a legal basis, or the person whose data concern does not want to delete it, due to the need to save data for the reasons which are investigation or defense of claims or the time of recognition of objection to the processing of personal data.
- objecting to the processing of personal data
- – processing of personal data for direct marketing purposes: the datasubject has the right to object the processing of personal data for direct marketing purposes. The exercise of this right causes the Personal Data Administrator to stop processing personal data
- – objection due to a special situation: the data subject has the right to object to the processing of his personal data on the basis of a legitimate interest for purposes other than direct marketing. The objection should then indicate what specific situation concerns the data subject who justifies the request to stop processing personal data. The administrator of personal data will cease processing the personal data for these purposes, unless it demonstrates that the grounds for further processing are superior to the rights of the data subject or that these data are necessary to establish, assert or defend claims
- data transfer – the data subject has the right to receive in a structured, commonly used machine-readable format, personal data that apply to him and which has been provided to the Administrator on the basis of consent. The data subject may instruct the Administrator to send them directly to another subject
You can exercise your rights by sending an email to: email@example.com
X. The opportunity to withdraw consent to the processing of personal data
If personal data are processed on the basis of the consent of the data subject, he has the right to withdraw his consent to the processing of personal data at any time. Withdrawal of consent to the processing of personal data does not reverse the lawfulness of the processing of personal data prior to the submission of the statement. You can exercise your rights by sending an email to: firstname.lastname@example.org
- Right to lodge a complaint with a supervisory authorityThe data subject who believes that his personal data is being processed unlawfully may lodge a complaint with the supervisory authority in this regard.
The leading supervisory authority to which you can lodge a complaint regarding the processing of personal data is the Polish authority – the President of the Office for Personal Data Protection.
- The need to provide personal dataProviding personal data is voluntary, however – necessary if the data subject wants to use the app or wants to configure the app on the child’s mobile device and use its full functionality, in particular create a user account in it.
- Do we collect server logs?
- Information about some of the events caused by users is saved as logging on the server. These data are used only for the proper administration of the app and to ensure efficient operation of the app and its functionalities.
- Saved can be:
- brand and model of the mobile device
- hardware identifier
- operating system type and version
- login date and time
- mobile device IP address
- Saved can also be logs of users activities, in this case the logs are available in tools that support individual functionalities of the app or its website
- Data indicated in par. 2 above are not associated with specific users and are used only to properly administer the operation of the app or website.
- Do we use profiling and automated decision making?
1. At this moment, the app does not use mechanisms that allow profiling, however – due to the use of device’s location – the app makes decisions in automated manner.
- Making decisions in automated manner is based on the location of the device and we need it to determine as accurately as possible the appropriate units of the services to which the user can send an incident report using the app.
- Automated decision making consists in determining the appropriate, nearest locations of the user’s device, public service units to which notification of the event can be sent via the app.
- Automated decision making is lawful because it serves to protect your safety and allows you to report an incident to the appropriate services whose registered office is closest to the place of the incident.
- Decisions are made in the manner indicated above and may affect the situation of the User, because the transfer of information about the event to the appropriate services may result in appropriate responses by the services, including the initiation of appropriate proceedings with the participation of the User, depending on the content of the submitted report and their addressee.
- If the User does not agree with the decision taken in an automated manner, he / she has the right to object, e.g. in the form of a complaint described in the App Regulations. In this case, please contact the Personal Data Administrator at email@example.com and indicate the reasons why in the User’s opinion the decision is incorrect. The personal data administrator guarantees that each User’s condition will be considered by the appropriate person who has been authorized to analyze such reports and make decisions regarding them. Entries are not analyzed using an IT system.
XVI. Final provisions