Processing of personal data of Users of the www.timepot.io Web Service
Personal data shall include all information relating to an identified or identifiable natural person.
The Service collects and keeps personal data according to Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and the Act of 18 April 2002 on provision of electronic services (“GDPR”).
Registration with the Service and provision of personal data thereat is voluntary, however, it is required for registration of User Account and use of the Newsletter service. The Newsletter service is available to registered Users of the Service only.
Categories of personal data
For the purpose of the services rendered by Sparkbit Sp. z o.o. (“Sparkbit”) as part of the Service, personal data of Users, including but not limited to: email address, first name, surname, residence address, NIP (taxpayer ID no.), image, will be subject to processing. For the needs of the Newsletter service only email address will be processed.
The data controller is:
Sparkbit Sp. z o.o.
ul. Wańkowicza 5/30
KRS (National Court Register) number: 0000729100
Basis and purpose of personal data processing
The legal basis for processing of your personal data is the electronic services agreement entered into upon your acceptance of the Terms and Conditions of Use of the www.timepot.pl Web Service, the performance of which requires processing of your data. For the Newsletter service, the legal basis for processing of your personal data is your consent. Sparkbit will use personal data only to ensure adequate quality of service and performance of the services contained in the Service, including complaint handling, exercise of User’s right to withdraw from the electronic services agreement and communication with Users.
Right of access, right to rectify and right to delete personal data
The User shall be entitled to access and rectify its personal data provided to Sparkbit at the time of registration with the Service, in the “Edit profile” section available to the User after it logs in to the Service. Deletion of email address will cause deletion of User Account upon the User checks “Delete Account” in the User profile. To delete an email address provided for the needs of the Newsletter service, the User shall connect to Sparkbit’s website through a link which can be found at the bottom of each message sent as part of the service.
Notwithstanding the foregoing, each registered User of the Service may address Sparkbit directly to request access to its personal data, to rectify or delete it, to limit processing thereof or object to the processing of personal data and to exercise its right of data portability.
For the exercise of its rights related to personal data processing, each person whose personal data is subject to processing in connection with using the Service should contact Sparkbit by email at:email@example.com or by post at the following address: Sparkbit Sp. z o.o., ul. Wańkowicza 5/30, 02-796 Warszawa.
The User may lodge a complaint with a supervisory authority competent for personal data protection matters.
Personal data of Users is not used for profiling.
Right to object
The User shall be entitled to object to the processing of its personal data at any time. If the User uses its right to object, the Data Controller shall discontinue processing of its personal data, unless it is able to demonstrate that the Data Controller has legitimate grounds for the processing of User’s personal data, which override any interests, rights and freedoms of the User or the User’s personal data is essential for determination, pursuing or defending any claims.
The User shall be entitled to object to the processing of its personal data for the purpose of sending the Newsletter, at any time. If the User chooses to use that right, the Data Controller shall discontinue processing of its personal data for that purpose.
Personal data security
Subject to the following sentence, Sparkbit shall not transfer (sell nor lend for use) any personal data of Users to third parties.
Sparkbit uses accounting and Service administration services rendered by external service providers to perform the services contained in the Service. For the foregoing reason and due to technical reasons, Sparkbit shall be entitled to entrust processing of personal data, as defined in Article 28 of GDPR, to other entity pursuant to an agreement or other legal instrument, without change of the purpose of processing of User’s personal data stated herein. Further, all persons engaged to process personal data of Users for the needs of the Service shall have appropriate authorisation granted by the Data Controller in accordance with Article 29 of GDPR.
For security reasons, if it is suspected that a User Account has been breached, e.g. through unauthorised login, it shall be promptly reported to the administrators of the Service by email at: firstname.lastname@example.org
Sparkbit shall process personal data in accordance with appropriate procedures and in a way that guarantees security thereof.
Any data of special importance, including but not limited to passwords, shall be transmitted based on SSL.