of Scottie Go! Platform and Scottie Go! Dojo application
This document is the output of the information policy of BeCREO TECHNOLOGIES spółka z ograniczoną odpowiedzialnością with registered office in Poznań with regard to the users of the Internet platform at portal.scottiego.com (hereinafter referred to as the ‘Platform’) and the related application (hereinafter jointly referred to as the ‘Applications’ or individually as the ‘Application’) in all personal data processing and protection aspects. We attach a great importance to the protection, collection, processing and use of your personal data according to the applicable law.
1. Information on the Controller and collection of personal data.
1.1. Pursuant to art. 4, sec. 7 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the ‘Regulation’) in respect of your personal data, as the user of the Platform, is BeCREO TECHNOLOGIES spółka z ograniczoną odpowiedzialnością with registered office in Poznań, ul. Plac Andersa nr 7, 61-894 Poznań, entered in the Register of Entrepreneurs kept by the District Court Poznań-Nowe Miasto i Wilda in Poznań, 8th Economic Division of the National Court Register under KRS no.
0000716935, REGON no. 369401813, VAT no. 7831771896, share capital of PLN 30,000.00 (hereinafter referred to as the ‘Controller’).
1.2. The Controller shall process personal data submitted by you for the purpose necessary for the Platform and a given Application to function properly, to control the Platform and a given Application and to complete their functions, including cooperation of the Platform with related Applications, contact between the user of the Platform or a given Application and the Controller, in particular in matters relating to the functioning of the Platform or a given Application, for accounting and financial reporting, seeking or enforcing claims. For these purposes, the Controller shall collect your personal data such as full name, name of the entity/institution under which you act, institution address, email, login, password, ID
address. When concluding a contract, submission of personal data is required to enter into the contract. If data submission is voluntary, data shall be processed on the basis of consents, as specified in the consent granted.
1.3. Data is processed on the basis of:
a) art. 6, sec. 1, letter b) of the Regulation – with regard to personal data necessary to enter into a contract, and with regard to personal data submitted by you in order to take actions before concluding the contract at your request, e.g. to make contact before such conclusion, answer questions, etc.
b) art. 6, sec. 1, letter c) of the Regulation – with regard to personal data the processing of which is necessary to fulfil a legal obligation imposed on the controller, e.g. to issue invoices and for accounting and financial reporting purposes.
c) art. 6, sec. 1, letter f) of the Regulation – with regard to personal data the processing of which is necessary for purposes of legitimate interests pursued by the Controller, i.e. to seek claims.
d) art. 6, sec. 1, letter a) of the Regulation – when consent is given in the event the processing of data is voluntary.
1.4. The Controller shall also use information contained in cookies for analytical purposes. It gives data on the activity of users on the Platform. Cookies are used on the basis of your consent. You can disable cookies at any time by changing the settings in your browser.
1.5. Regarding your personal data, the Controller shall not take automated decisions, including decisions resulting from automated processing, including profiling, pursuant to the Regulation.
2. Rights of the data subject.
2.1. You have the right to obtain from the Controller confirmation whether your personal data is processed, the right to require access to that data and the right to obtain from the Controller information on the processing purposes and the category of processed personal data, information on recipients or categories of recipients to whom personal data is disclosed, the planned storage periods of personal data, the source of data if it has not been collected from the data subject, and information if the Controller makes automated decisions to the data subject, including profiling-based ones, etc. You have also the right to receive copies of data.
2.2. Furthermore, you have the right to require rectification of personal data, the right to require removal of personal data, the right to require restriction of processing, the right to data portability and the right to object to the processing. You may enforce these rights:
2.2.1. with regard to a request that data be rectified when: your data is incorrect or incomplete;
2.2.2. with regard to a request that data be removed when: your data is no longer necessary for the purposes for which it has been collected by the Controller; you withdraw your consent to process data; you object to the processing of your data; your data is unlawfully processed; data should be erased in order to fulfil a legal obligation or data has been collected in relation to the offer of information society
2.2.3. with regard to a request that the processing of data be limited when: your data is incorrect – you may request that the processing thereof be limited for a period allowing the Controller to check the correctness of data; your data is unlawfully processed, but you do not want it to be erase; your data is no longer needed by the Controller, but you shall need them to determine, seek or defend claims; or you objected to the data processing – pending verification whether the legitimate grounds of the Controller override the legitimate grounds of the objection;
2.2.4. with regard to a request that data is transferred when: your data is processed on the basis of consent granted or a contract, and when this processing is automated;
2.2.5. with regard to the right to object when: your personal data is processed on the basis of a legitimate interest and the objection is justified due to your particular situation, and when your personal data is processed for direct marketing purposes, including they are profiled.
2.3. You have also the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data referring to you infringes the Regulation. In Poland, the supervisory authority is the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warszawa).
2.4. Implemented safety rules mean that we may require you to confirm your identity before enforcing your rights.
3. Consent to process personal data.
3.1. If the processing of data is voluntary, e.g. if the Controller processes personal data that is not necessary to complete a service or contract, submission of such data by you shall always be voluntary, once you give your consent to process it.
3.3. You may withdraw your consent at any time the same way it was given.
3.4. Furthermore, you may always withdraw your consent by sending a consent withdrawal declaration to the Controller, in the manner specified in section 6 hereof.
3.5. Withdrawal of consent shall not affect the lawfulness of processing based on the consent before its withdrawal.
4. Information on recipients/categories of recipients of personal data.
4.1. The Controller may also partially use third party service providers who, on behalf of the Controller, shall process personal data, e.g. hosting providers, email providers, courier companies, accounting or legal service providers. Data, however, may only be submitted to fulfil their service. The Controller shall only use services of such entities which ensure sufficient data subject protection guarantees. Data is processed by these entities on the basis of written agreements concluded with the Controller. These entities shall observe the guidelines of the Controller and be subject to audits conducted by the latter. The
recipient of your data may also be relevant bodies authorised to receive data.
4.2. Furthermore, in the context of the use of specific services by the Controller, data may be transferred outside the EEA, provided, however, that guarantees of a sufficient degree of protection exist, e.g. resulting from the participation of the entity in the Privacy Shield programme established under the executive decision of the Committee (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield.
5. Safety of personal data. Data source.
5.1. The Controller shall process your personal data in accordance with the Regulation, including the application of proper technical and organisational measures to provide safety and appropriate confidentiality and integrity of personal data, including protection from unauthorised access, unauthorised modification, disclosure or destruction of such data.
5.2. With regard to the use of a given Application, your data may be obtained to a specific extent from a third party which manages a proper account on the Platform cooperating with the Application, in particular it refers to the subaccount password. In such a case, your data shall be obtained from an institution (e.g. school) under which a subaccount has been created for you on the Platform cooperating with the Application.
6. Contact details
6.1. You may send all demands, requests, notices, inquiries relating to the processing of personal data by email to the following address: email@example.com or by regular mail to: BeCREO TECHNOLOGIES spółka z ograniczoną odpowiedzialnością with registered office in Poznań, ul. Plac Andersa nr 7, 61-894 Poznań.
As at 25.11.2019