INXY PL Sp. z.o.o., Hoza street, 86, office 210, 00-682, Warsaw, Poland
§ 1. GENERAL PROVISIONS AND DEFINITIONS
- 1. INXY PL Sp. z o.o. with registered office in Warsaw (00 – 682), Hoża 86/210 Street, for which District Court for the capital city Warsaw in Warsaw, XII Commercial Division of the National Court Register maintains registration files under the following number: 0001010901, NIP (tax identification number): 7011123359, REGON (statistical identification number): 524094544 with the share capital of 5.000,00 PLN, with status of micro entrepreneur within the meaning of the Act on combating excessive delays in commercial transactions of 8 March 2013. is the Controller of the personal data collected by Platform.
- 2. Controller may be contacted via email at [email protected].
- 3. Definitions:
- 1) Cookies – refer to IT data, particularly small text files that are saved and stored on the devices through which the User uses the services of Platform;
- 2) Personal data – information about an identified or identifiable natural person. An identifiable natural person is a person that may be directly or indirectly identified, and in particular on the basis of an identifier such as their name and surname, identification number, location data, Internet identifier or one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person;
- 3) Profiling - means any form of automated processing of personal data that consists in using personal data to assess certain personal factors of a natural person, in particular to analyse or forecast aspects relating to the work effects of that natural person, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement;
- 4) Processing – means an operation or a set of operations performed on personal data or sets of personal data in an automated or non-automated manner, such as collection, recording, organising, arranging, storage, adaptation or modification, downloading, viewing, use, disclosure by transmission, distribution or any other means of making available, matching or merging, limiting, deleting or destroying;
- 5) Platform – electronic services available at: https://inxy.io , providing Services indicated in Terms and Conditions;
- 6) Device – an electronic device that allows data to be processed, received and sent such as a smartphone, tablet, and mobile phone used by the User to access the Platform;
- 7) User – means an entity to the benefit of whom services may be provided by electronic means in accordance with the law or with whom a contract on the provision of services by electronic means may be concluded.
- 8) Terms and Conditions – refer to the document that sets out the terms and conditions of use of the Platform, available at https://inxy.io .
- 9) Providers - third parties that provide content available on Platform consisting in particular of offers, surveys and advertisements;
- 10) Payment Providers – third parties that processes payment by Users of means of payment to the Service Provider for exchange into virtual currencies.
§ 2. LEGAL BASIS AND PURPOSES OF USER’S DATA PROCESSING
- 1. Personal data collected by Controller shall be processed in accordance with the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”), the Act of 10 May 2018 on the protection of personal data (Journal of laws from 2019, item 1781) and the Act of 18 July 2002 on the provision of services by electronic means (OJ L 2020, item 344).
- 2. Controller processes personal data provided or made available by User in connection with the use of Platform, for the purposes of:
- 1) the conclusion and execution of a contract on the provision of services by electronic means and Platform functionalities (scope of data: name and surname, IP addresses, e-mail address, telephone number) - pursuant to Article 6(1)(b) of the GDPR, i.e. due to the fact that the processing is necessary for the performance of a contract, to which the data subject is a party,
- 2) informing Users of the matters related to the functioning of Platform (scope of data: e-mail address, details of the Device used by the User) - pursuant to Article 6(1)(b) and (f) of the GDPR, i.e. due to the fact that the processing is necessary for the performance of a contract, to which the data subject is a party, and due to the fact that it facilitates the pursuit of objectives arising from legitimate interests pursued by Controller or by a third party,
- 3) asserting claims and defending rights (scope of data: any and all data obtained from the User necessary to prove the existence of a claim or to defend a right - pursuant to Article 6(1)(f) of the GDPR, i.e. due to the fact that the processing is necessary for the purposes of legitimate interests pursued by Controller or by a third party,
- 4) the fulfilment of the legal obligations incumbent on Controller in connection with running a business activity (scope of data: any and all data received from the User) - pursuant to Article 6(1)(c) of the GDPR, i.e. due to the fact that the processing is necessary to fulfil the legal obligation incumbent on Controller,
- 5) conducting own marketing and promotional activities (scope of data: any and all data received from the User), pursuant to Article 6(1)(f) of the GDPR,
- 6) marketing and promotional activities on the basis of separate consent (Article 6(1)(a) of the GDPR),
- 7) electronic transmission of commercial information in accordance with article 10(2) of the Act of 18 July 2002 on the provision of services by electronic means (OJ 2017, item 1219, as amended), including sending notifications (scope of data: any and all data received from the User), on the basis of separate consent (Article 6(1)(a) of the GDPR).
§ 3. DATA COLLECTED BY CONTROLLER
- 1. Platform Controller collects or may collect the following personal data through Platform or when contacting User directly:
- 1) details of the Device used by the User (IP)
- 2) identification and contact details (e-mail address, telephone number, name and surname, type of identity document, period of validity of the identity document, date of birth, country, address of residence)
- 2. Platform Controller also collect or may collect other data voluntarily provided by User when contacting Controller, including the details of the User’s device, correspondence data, and other data not listed above
- 3. Browsing the content of Platform does not require User to provide personal data other than the automatically retrieved connection parameters.
- 4. Due to the functionality of the provided services, Controller collect the following personal data from User who:
- 1) has not signed up yet:
- a) details of the Device used by the User (IP);
- 2) signed up but did not complete the verification process:
- a) details of the Device used by the User (IP),
- b) identification and contact details (e-mail address, telephone number);
- 3) signed up and completed the verification process:
- a) details of the Device used by the User (IP),
- b) identification and contact details (e-mail address, telephone number, name and surname, type of identity document, period of validity of the identity document, date of birth, country, address of residence).
- 5. Due to executions of duties imposed by Act on Combating Money Laundering and the Financing of Terrorism of 1 march 2018, pursuant to article 36 of aforementioned Act, the Administrator may collect the following personal data:
- 1) Name, surname,
- 2) Citizenship,
- 3) PESEL number or birth date if no PESEL number is available,
- 4) The series and the number of the person’s identity card,
- 5) Address of residence,
- 6) the company name, tax identification number and address of the principal place of business - in the case of a sole trader.
- 6. Controller warns that, in the course of using the Platform’s functionality, Providers may also process User’s personal data based on their own privacy policies.
§ 4. COOKIES PROFILING OF DATA COLLECTED
- 1. Controller collects cookies related to User's activity on Platform, in particular essential and performance cookies.
- 2. Controller uses profiling of the processed data based on Article 6(1)(c) of the GDPR in connection with the duties arising from the Act on Combating Money Laundering and the Financing of Terrorism of 1 march 2018
- 3. While using Platform, small files, in particular text files, are stored on User's device, which are used to remember User's decisions, maintain User's session, remember the data entered, collect information about User's device and his/her visit for security purposes, as well as to analyse visits and adapt content.
- 4. Cookies do not contain User’s identifying data, which means that it is not possible to establish a User's identity on their basis. The cookies used by the Platform are not in any way harmful to the User or the device and do not interfere with the User's software or settings.
- 5. A cookie is assigned to User upon access to Platform's home page or any of its subpages.
- 6. The cookie system does not interfere with the operation of User's Device and can be disabled.
- 7. User has the option to set the browser to block certain types of cookies and other technologies by specifying the permissible extent of information collection.
|FILE NAME||PURPOSE||ORIGIN OF FILE||FLAG (type)||DURATION|
|inxy-payments-18n||storing information about user language preferences||INXY||Essential||1 year |
|inxy-payments-auth-token||storing user authentication data, maintaining user session ||INXY||Essential||7 days|
|amp_#||statistical data||Amplitude||Performance||1 year|
|amplitude_unsent_#||storing unsent data on user’s browser||Amplitude||Performance||Persistent|
|_ga||differentiation of visitors||Google||Performance||2 years|
|_ga#||recognizing unique visitors ||Google||Performance||2 years|
|_hjSessionUser_#||ensuring data from subsequent visits||Hotjar||Performance||1 year|
|_hjFirstSeen||identifying new user first session||Hotjar||Performance||30 minutes|
|_hjHasCachedUserAttributes||noticing update of data||Hotjar||Performance||Session|
|_hjUserAttributesHash||noticing when user attributes changes||Hotjar||Performance||2 minutes|
|_hjUserAttributes||storing user attributes ||Hotjar||Performance||Persistent|
|_hjViewportld||storing user viewport details||Hotjar||Performance||Session|
|_hjSession_#||holding current session data||Hotjar||Performance||30 minutes|
|_hjSessionTooLarge||stopping data collecting||Hotjar||Performance||Session|
|_hjSessionResumed||reconnection with Hotjar||Hotjar||Performance||Session|
|_hjLocalStorageTest||proper use of local storage||Hotjar||Performance||Session|
|_hjSessionStorageTest||proper use of session storage ||Hotjar||Performance||2 minutes|
|_hjIncludedInPageviewSample||site pageview limit||Hotjar||Performance||2 minutes|
|_hjIncludedInSessionSample||site daily session limit ||Hotjar||Performance||30 minutes|
|_hjAbsoluteSessionInProgress||first page view||Hotjar||Performance||Session|
|_hjTLDTest||setting cookie path||Hotjar||Performance||Session|
|hjRecordingEnabled||recording User performance on website||Hotjar||Performance||1 year|
|_hjRecordingLastActivity||recording User performance on website||Hotjar||Performance||1 year|
|_hjMinimizedPolls||minimising Surveys||Hotjar||Performance||1 year|
|_hjShownFeedbackMessage||Feedback widget||Hotjar||Performance||1 day|
- 11. Providers, including payment providers, may collect cookies based on the severally granted User’s consent.
§ 5. THE PROCESSING TIME OF PERSONAL DATA
- 1. Personal data will be processed for the period of time:
- 1) necessary for the performance of a contract on the provision of services by electronic means as defined in Terms and Conditions, concluded through Platform, including after the contract execution due to the fact the parties may exercise their contractual rights as well as due to possible recovery of receivables - until the expiry of the limitation period for any such claims;
- 2) until the revocation of the consent granted or the objection to the processing of data - in cases where the personal data of the User have been processed on the basis of separate consent;
- 2. Controller shall also store the personal data of the Users when it is necessary to fulfil Controller’s legal obligations, resolve disputes, enforce Users’ obligations, maintain security, prevent fraud and abuse, especially duties arising from the Act on Combating Money Laundering and the Financing of Terrorism of 1 march 2018
§ 6. USER RIGHTS
- 1. Controller shall ensure that Users may exercise the rights referred to in item 2 below. In order to exercise the rights, User shall send an appropriate demand (an appropriate request) via e-mail to: [email protected].
- 2. User shall have the right:
- 1) of access to the data content - pursuant to Article 15 of the GDPR,
- 2) to rectify/update the data - pursuant to Article 16 of the GDPR,
- 3) to erasure of the data- pursuant to Article 17 of the GDPR,
- 4) of restriction of processing of the data - pursuant to Article 18 of the GDPR,
- 5) to transfer the data - pursuant to Article 20 of the GDPR,
- 6) to object to the data processing - pursuant to Article 21 of the GDPR,
- 7) to withdraw the consent granted at any time, provided that the withdrawal of consent shall not affect the lawfulness of the processing, which has been done on the basis of the consent prior to its withdrawal - pursuant to Article 7(3) of the GDPR,
- 8) to file a complaint to the supervisory authority, i.e. the President of the Office for the Protection of Personal Data - pursuant to Article 77 of the GDPR.
- 3. Controller shall process the requests without undue delay, however not later than within one month from their receipt. If, however - due to the complexity of a request or the number of requests - the Controller is unable to process User's request within the specified time limit, Controller shall inform User of the intended extension of the time limit and shall indicate the time limit for processing the request, however not longer than 2 months.
- 4. Controller shall inform each and every recipient, to whom personal data have been disclosed, of the rectification or erasure of personal data or of the restriction of processing, as requested by User, unless this proves impossible or requires disproportionate efforts.
§ 7. NECESSITY OF DATA PROVISION
- 1. Submission of personal data through Platform is voluntary, yet necessary if the User wants to benefit from the full functionality of Platform.
- 2. Where personal data are provided for the purpose of concluding a contract with Controller, the data provision constitutes the condition for concluding such a contract. The submission of personal data in this case is voluntary, however failure to provide such data will disable the possibility to conclude a contract with Controller.
§ 8. DATA SHARING
- 1. For the purpose of executing the contract, Controller may share data collected from Users with various entities, including employees, co-workers, legal and IT service providers, and Providers. Furthermore, Controller shall make the personal data collected available to the entity, with which it has concluded an agreement on the entrustment of personal data processing.
- 2. In such cases, the amount of the data transmitted shall be limited to the minimum necessary. Additionally, the information provided by the Users may be made available to the relevant public authorities, limited to the situation where it is required by applicable laws.
- 3. The personal data processed shall not be provided externally to recipients not indicated above in a form that would allow any identification of the Users, unless the User has granted consent to the specific sharing of the data.
§ 9. TECHNICAL MEASURES
- 1. Controller shall use its best efforts to secure and protect User data from any actions by third parties, and shall supervise the data safety throughout the entire period of owning such data in such a manner as to protect the data against unauthorised access, damage, distortion, destruction or loss.
- 2. Controller uses the necessary server, connection, and Website security measures. Nevertheless, the actions taken by Controller may not be sufficient if Users do not follow the security rules.
§ 10. TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA
- 1. The personal data of Users shall not be transferred to countries outside the EEA. Controller uses servers located in the EEA countries for the purpose of storing such data.
- 2. Controller warns that Providers including Payment Providers may process and transfer personal data outside the European Economic Area.
§ 11. DATA PROCESSORS ACTING ON BEHALF OF THE CONTROLLER
- 1. The personal data of the Users may be entrusted to portals running the Controller’s marketing campaign for the purpose of being processed on behalf of the Controller. Each processor shall be obliged to ensure the security of data processing and the compliance with the rules for personal data processing to the extent identical to that of Controller.
- 1. Controller has the right to change this document and Users shall be notified of any such changes in a manner allowing Users to familiarise themselves with the changes before they enter into force, for example by posting the relevant information on Platform and on Controller's website, and in the case of substantial changes, by sending a notification to the e-mail address specified by User.
- 2. Should the User have any objections to the changes made, User may request the deletion of their personal data on Platform. The continued use of Platform after the publication or notification of changes to this document shall be considered to be consent to the collection, use and sharing of User personal data according to the updated content of the document.
- 3. This document shall not restrict any rights granted to User in accordance with generally applicable laws.