1. General provisions
- This document concerns the processing and protection of personal data pertaining to Users regarding their use of the Prown system.
- Application - a mobile application or the Prown mobile website which enable User to use the System functionalities and services offered by Prown Sp. z o.o.;
- GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
- Regulations - these System regulations;
- System/Prown - a platform available under the address: https://prown.io, and the Prown Application by means of which the User can use Prown Sp. z o.o. services;
- User - a natural person using the System who is a service recipient within the meaning of the regulations.
2. Personal data administrator
- The administrator of personal data is Prown Sp. z o.o. with its registered office in Lublin (20-148) at ul. Związkowa 26, entered in the register of entrepreneurs of the National Court Register (KRS) maintained by the District Court for Lublin-Wschód in Lublin with its registered office in Świdnik, 6th Commercial Division of the National Court Register, under number KRS: 0000856663, Tax Identification Number NIP: 8652574493, National Business Registry Number REGON: 386862691 (hereinafter referred to as "Administrator, Service Provider”).
- The User may contact the Administrator each time via:
- the contact form available in the System,
- electronic mail - via the e-mail address: email@example.com,
- by letter to the address of the Administrator with the annotation GDPR - ul. Związkowa 26, 20-148 Lublin, Poland.
3. Scope of processed data
- Administrator collects data for specified, lawful purposes, processes it in accordance with the law and does not subject it to further processing incompatible with these purposes. Data is collected only in an adequate, indispensable and necessary scope in relation to the purposes for which they are processed.
- Administrator does not process specific categories of User data and makes every effort by taking appropriate measures to protect data against unauthorized access by third parties by applying organizational and technical security measures.
- Administrator does not make data available to any unauthorized entities, in accordance with the mandatory provisions of law in this regard.
- As part of the provision of services and the functioning of the System, the Administrator collects the following data of Users, if they have decided to provide it:
- e-mail address (e-mail);
- first name and last name;
- date of birth;
- nick name;
- phone number;
- IP address;
- data that uniquely identifies the device;
- other data necessary for the provision of services by the Service Provider, which will be entered by the User voluntarily in connection with the use of the Prown by him;
4. Purpose and basic of personal data processing
- The data will be processed by the Administrator for the following purposes:
- providing services by electronic means by the Service Provider, including for the purpose of logging in, maintaining a User account and performing two-factor authentication;
- marketing and information, including those related to profiling and sending Users messages regarding the functioning, development and other issues relevant to the functioning of the Prown (e.g. mailing);
- fraud detection, use of unauthorized tools;
- conducting statistical and analytical measurements aimed at improving the operation of the Prown;
- handling incidental events, such as, e.g. participation in competitions, on the basis of personal data processing indicated in the regulations of these events.
- The processing of personal data in connection with the Users' use of the Prown may be performed by the Administrator, depending on the category and purpose of personal data processing, i.a. based on:
- consent to the processing of personal data expressed by the User - e.g. in relation to the processing of personal data for marketing and information purposes (in accordance with Article 6 (1) (a) of the GDPR);
- providing the data necessary for the performance of the contract by the User - e.g. in relation to the processing of personal data for the purpose of providing electronic services by the Service Provider, including for the purpose of logging in, maintaining a User account and performing two-factor authentication (in accordance with Article 6 (1) (b) of the GDPR);
- the legal obligation of the Administrator, including in particular obligations for tax and accounting purposes (in accordance with Article 6 (1) (c) of the GDPR);
- legitimate interest of the Administrator - e.g. in relation to the processing of personal data for the purpose of detecting fraud, using unauthorized tools, conducting statistical and analytical measurements aimed at improving the operation of the System (in accordance with Article 6 (1) (f) of the GDPR).
5. Time period of personal data processing
- Administrator processes personal data until there is a basis for their processing, i.e. in the case of:
- granting consent until its withdrawal, restriction or other actions taken by the User limiting the consent granted;
- the necessity of the data for the performance of the contract, for the duration of its performance and until the expiry of the limitation period for the claim under this contract in accordance with the applicable regulations;
- when the basis for data processing is the legitimate interest of the Administrator, until the User objects to it;
- fulfillment of the legal obligations incumbent on the Administrator, e.g. for tax and accounting purposes to the extent and for the time consistent with applicable regulations.
6. User rights
- According to the GDPR, User has the following rights:
- the right to access User data and receive a copy of it;
- the right to delete User data ("right to be forgotten");
- the right to rectify User data;
- the right to limit data processing;
- the right to object - to processing, to direct marketing, including profiling, to the processing of User’s data in the legitimate interest of the Administrator;
- the right to lodge a complaint with the President of the Personal Data Protection Office.
- In order to exercise the rights and obtain all the necessary data, the User may contact the Administrator in the manner indicated in sec. 2.2 above.
7. Providing personal data to third parties
- As part of the functioning of the Prown, the Administrator may share User data with trusted partners - in particular entities providing the Service Provider services necessary for the functioning of the System. The above applies in particular to entities cooperating with the Service Provider in the following areas: administration, accounting, technology (e.g. Facebook, Google, Twitter – i.a. to enable the User to log in via accounts set up in the above-mentioned portals), service or advertising.
- Data provided to trusted partners is provided to them only to the extent necessary to perform a given service.
- Entities to which User data are made available - trusted partners - apply current, GDPR-adapted rules for the processing of personal data that meet the criterion of trusted partners.
- Personal data may be transferred outside the European Economic Area, which is dictated by the location of data processing centers of entities, but always in accordance with the EU rules for the transfer of personal data from the European Union on the basis of standard contractual clauses that will oblige the entities to which the data will be sent to properly secure them.
- The Service Provider uses own cookies and cookies belonging to external entities in accordance with the applicable regulations.
- The processing of cookies takes place for a period defined by the User (in accordance with the settings / preferences of the browser or device).
- The Service Provider processes cookies:
- functional - necessary for the website to function, enabling the use of services available as part of the Prown, e.g. authentication cookies used for services that require authentication on the website; serving for ensuring security, e.g. used to detect fraud in the field of authentication within the Prown;
- analytical / performance - enabling the collection of information on the use of the Prown, in order to analyze the use of the System, monitoring traffic in the System - used in particular to improve the operation of the System.
- In addition, in connection with the User's use of the Prown, the User may receive cookies from trusted partners of the Service Provider - advertisers, research entities, analytical services providers, entities providing solutions implemented in the System, etc.
To protect your personal data, we undertake reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed to unauthorized persons, altered, lost, damaged or destroyed. The set of collected personal data is stored on a secured server, while the data are secured by our internal procedures related to the processing of personal data and information security policy.
10. Final provisions