APPENDIX 2 TO GATE CONTROL STATION END USER LICENCE AGREEMENT (EULA) PRIVACY POLICY
The purpose of this Policy is to inform an end user of a GATE Control Station application (the End User, the Application) what personal data (the Personal Data) may be processed in connection with the use of the Application and about purposes of their processing, a manner of use thereof and about related rights available to the End User. A personal data controller (the Controller) protects the End Users’ privacy and ensures security of the Personal Data provided by them. The Controller complies with personal data processing rules and applies technical and organisational measures which guarantee that the data are secure and processed as prescribed by law. The End Users’ Personal Data are always processed in conformity with applicable laws, including in particular pursuant to the Regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the GDPR).
Who is the Controller?
The Controller is GATE ENTERPRISE Sp. z o.o. Sp. k. with registered office in Krakow, ul. Torowa 3H, 30-435 Krakow, Poland, entered into the Register of Entrepreneurs of the National Court Register under entry No. KRS 0000774854, registered under Tax Id. No. (NIP) 679-309-53-16 and Industry Id. No. (REGON) 122953493. The Controller has appointed a Data Protection Officer who can be contacted in any data protection issues at the e-mail address: iodo@gatee.eu. A data subject can contact the Controller also otherwise as preferred, including verbally and in writing at the Controller’s address.
Purposes of, and legal bases for, processing of the Personal Data:
The End User may set up and use the Account in the Application, which entails transferring their Personal Data to the Controller. In such a case, the Personal Data are processed in order to perform an agreement (Art. 6.1.b of the GDPR). Should no data be provided, the Account in the Application may not be set up and used. The Controller may process the following data of the End User: nick, name, surname, password hash, e-mail, country, Google ID, Facebook ID, Apple ID, information on participation in a ranking;
The End User may take part in GATE rankings, which entails transferring specific data to the Controller. Relevant information is displayed on https://www.gatee.eu/rankings. In such a case, the Personal Data are processed on the basis of consent of a data subject (Art. 6.1.a of the GDPR). Consent to participation in the rankings is voluntary. The End User gives their consent in an End User Account panel. Without the consent, the End User may not take part in the GATE rankings. The Controller may process the following data of the End User: nick, country, time of an entry, serial number;
By connecting a compatible Product with the Application, the End User can use specific functionalities of the Application, which entails transferring specific data to the Controller. In such a case, the Personal Data are processed in order to perform an agreement (Art. 6.1.b of the GDPR). Should no data be provided, specific functionalities of the Application cannot be used. The Controller may process the following data of the End User: connection between the Product and the Account, content of reports, connection time, local time, the Product’s serial number, device type, IP, country, phone model, screen DPI, operating system version, received signal strength indicator (RSSI), statistical data about a device and its settings and errors;
In order to purchase the Products in the Application Store, the End User needs to provide the Personal Data. In such a case, the Personal Data are processed in order to take steps at the request of the End User prior to entering into an agreement, and to perform an agreement (Art. 6.1.b of the GDPR). Should no data be provided, the End User cannot make purchases in the Application Store. The Controller may process the following data of the End User: IP address, country of a transaction, transaction ID, information on the successful completion of a transaction, purchase amount, purchase date, name and surname, e-mail, VAT-EU number, organisation name, organisation address, MCC code of a card;
The Personal Data are processed in order to communicate with the End User (Art. 6.1.f of the GDPR). The Personal Data are provided on a voluntary basis but the provision thereof is necessary to receive a reply from the Controller. In such a case, the Personal Data are processed due to the Controller’s legitimate interests. The Controller’s legitimate interests consist in communicating with an individual who requests of the Controller to provide an answer. The Controller may process the following data of the End User: nick, name, surname, e-mail, Google ID, Facebook ID, Apple ID. As its legitimate interests pursuant to Art. 6.1.f of the GDPR, the Controller also considers: exercise and defence against legal claims, fraud prevention, keeping statistics and analyses, ensuring security of an ICT environment, application of internal control systems and in some cases also direct marketing of its own services, where for marketing purposes the Controller may process the Personal Data also with the End User’s consent (Art. 6.1.a of the GDPR);
The Personal Data are processed in order to fulfil contractual obligations (Art. 6.1.b of the GDPR) and to comply with the Controller’s legal obligations resulting in particular from accounting policies and tax related regulations (Art. 6.1.c of the GDPR). These data are processed in case of purchasing the Products in the Application Store. The provision of the Personal Data is a statutory requirement needed for the discharge of obligations resulting from accounting policies and tax related regulations. The Controller may process the following data of the End User: IP address, country of a transaction, transaction ID, information on the successful completion of a transaction, purchase amount, purchase date, name and surname, e-mail, VAT-EU number, organisation name, organisation address, MCC code of a card, card issue country, card expiry date, card type (VISA/MASTERCARD, etc.), information on a PayPal account, part of a card number, information on the Product purchased, device serial number, platform where payment has been made.
Recipients of the Personal Data:
The Personal Data may be processed by the Controller’s service providers rendering, among others, financial settlement (including payment intermediaries such as PayPal (Europe) S.a.r.l. et Cie, S.C.A.), legal, advisory, consulting, archiving and IT services. The End Users’ Personal Data may be transferred to providers of services related to software used by the Controller and to hosting service providers.
The Personal Data will not be shared with any third parties or transferred to any third countries outside the EEA, unless this proves necessary and the End User gives consent thereto, or an obligation or option of sharing the data results from mandatory rules of law, a final and non-appealable court judgment or a final decision of a relevant body.
What does profiling involve and are any data in the Application subject to profiling?
Profiling consists in any form of automated processing of the Personal Data evaluating the personal aspects relating to a natural person, in particular to analyse or predict aspects concerning the data subject’s work performance, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements, where it produces legal effects concerning the data subject or similarly significantly affects the data subject. The data in the Application, including in the Application Store, will not be profiled.
How can the Personal Data be changed?
The End User has the right of access to content of their Personal Data and the right of rectification and erasure thereof, the right to restrict processing and the right to data portability. The End User has the right to object to the processing of the Personal Data, for instance if the Controller profiles the End User’s data.
The End User who has given consent to the processing of the data has the right to withdraw their consent at any time without affecting the lawfulness of processing carried out on the basis of the consent prior to the withdrawal. To this effect, the End User can contact the Controller at the e-mail address: online.store@gatee.eu or iodo@gatee.eu. The End User can contact the Controller also otherwise as preferred, including verbally and in writing at the Controller’s address.
How does the Controller protect the Personal Data?
The Controller protects the End Users’ data against unauthorised access, disclosure, change or destruction. In particular, the Controller makes use of data encryption, physical security measures and verification in IT systems. Further, the Controller uses anti-virus software and firewalls. The End Users’ data may be accessed exclusively by authorised individuals bound by confidentiality and by subcontractors that have entered into a personal data subprocessing agreement with the Controller and satisfy security criteria set forth therein.
How long will the Personal Data be processed?
In the case of the use of the Account, the Personal Data are processed for as long as the End User uses the Account, subject to the data to the processing of which the End User has given separate consent or in the case of which there exists another basis for processing. In the case of participating in the GATE rankings, the Personal Data are processed for as long as a ranking is published or until the End User withdraws their consent. In the case of information from the Product compatible with the Application, the Personal Data are processed for as long as the End User uses such functionalities of the Application. In the case of the sale of the Products, the Personal Data are processed for the duration of a sales process, including delivery and payment settlement. In the case of communication with the End User, the Personal Data are processed for a period necessary to provide the End User with an answer. To a limited extent, the Personal Data may also be processed upon the lapse of the above periods until any potential legal claims become time-barred or for as long as possible or required in compliance with applicable laws, e.g. for statistical purposes or to document a transaction. Upon the lapse of a processing period, the Personal Data are permanently deleted or anonymised.
Other personal data processing related rights of the End Users
The End User has the right to lodge a complaint with the President of the Personal Data Protection Office if they consider that their Personal Data are processed in breach of mandatory rules of law.
This Policy shall enter into force once made available in the Application.