1. The Service Provider represents that the Personal Data Controller of the Customers and Users who are natural persons under the Personal Data Protection Act is Luceos Intelligence Spółka z ograniczoną odpowiedzialnością with its registered seat in Józefów, (05-420) at ul. Elizy Orzeszkowej 19, entered into the Register of Entrepreneurs kept by the District Court for the capital city of Warsaw in Warsaw, 14th Economic Division of the National Court Register under the KRS number 498356.
2. The Service Provider processes the Customer’s and User’s personal data in order to provide Luceos Smart electronic services, in particular in order to perform the Agreement concluded with the Customer and for billing. The provision of personal data by the Customer and Users is voluntary but necessary for the provision of the electronic Service and for billing. The failure to provide the above data shall result in the Service Provider’s refusal to provide the Service in accordance with Article 22 (1) of the Provision of Electronic Services Act:. The Customer’s and Users’ personal data is processed with compliance with the principles resulting from the provisions of the Personal Data Protection Act and the Provision of Electronic Services Act.
3.The Customers and Users who use the Luceos Smart System give their consent to the processing of their personal data by the Service Provider, in particular, the Customer and Users give their consent to:
1. the processing of their personal data necessary for the purposes of advertising, market research and the study of the behaviour and preferences of the Customers and Users by the Service Provider, aimed at using the results of such a research and study for the improvement of the quality of services provided by the Service Provider, also after the end of the provision of the Service by the Service Provider, without the need to remove all markings which identify them or which identify the end of the telecommunications network or the ICT system which the Customers or Users used;
2 the processing of operating data referred to in Article 18 (5) of the Provision of Electronic Services Act by the Service Provider for the purpose indicated in item 3.1.
3. Detailed scope and purpose of User sentitive and personal data processing is specified in point 11.
4. The Service Provider shall guarantee the Customers and Users whose personal data it processes that it respects their rights under the Personal Data Protection Act, including access to the content of their personal data and the right to rectify it and to control the processing of their personal data based on principles described in the Personal Data Protection Act.
5. Service Provider guarantees the Customers and Users whose personal data is processed, access to current information referred to in Article 20 (1) of the Provision of Electronic Services Act, i.e. information about:
1. the possibility to use the Service provided by electronic means anonymously or with the use of a pseudonym, however, the Service Provider does not allow the possibility to use the Service of the Luceos Smart System anonymously or with the use of a pseudonym;
2. technical means applied by the Service Provider to prevent the acquisition and modification of personal data sent electronically by unauthorised persons;
3. the entity which the Service Provider entrusts data processing, of its scope and the intended date of transfer, if the Service Provider has concluded with that entity a personal data processing agreement referred to in Article 18 (1, 2, 4 and 5) of the Provision of Electronic Services Act.
6. Customer and User personal data may be transferred to entities which are entitled to received them under applicable legal provisions, including to the appropriate judicial authorities. Subject to the provisions of item 5.3 and 7., Customer and User personal data may also be transferred to third parties indicated by the Service Provider, in particular entities involved in performance of services provided to Customers and Users within the Services.
7. The Service Provider may entrust another entity with data processing pursuant to a written agreement, however, the above entity may only process data in the scope and for the purpose stipulated in the agreement. In particular, data is provided to entities:
1. which provide the Service Provider with technological infrastructure and services, such as Microsoft or Google;
2. which perform the services of sending e-mails and text messages;
3.which provide services connected with the performance and security audits of the Service.
8. Customer and User personal data is protected by the Service Provider against their provision to unauthorised persons and against other cases of their disclosure or loss and against their destruction or the unauthorised modification of the indicated data and information, through the use of appropriate organisational security, technical and programming measures.
9. In the event of entering personal data of third persons to the Luceos Smart System or providing them by the Customer or User to the Service Provider in a different way, the Customer or User is obliged to inform the person whose personal data is entered into the Luceos Smart System or provided to the Service provider in another way, of:
1. the address of the registered office and full name of the Service Provider;
2. the purpose and scope of collecting the data, in particular about the recipients or categories of recipients in accordance with the Rules and Regulations or other information received from the Service Provider;
3. the source of data;
4. the right to access the content of their data and to rectify it;
5. the right to lodge a written, warranted request to stop the processing of their data because of their special situation (this applies to the case when (i) personal data processing is necessary for performing tasks defined by law in the public interest or (ii) when it is necessary for achieving legitimate goals of data the controller or data recipients and the processing does not infringe the rights and freedoms of data subjects);
6. the right to object to the processing of their data in cases referred to in item X.9.e above, when the data controller intends to process it for marketing purposes or against transferring their personal data to another data controller.
10.Entering personal data of third persons to the Luceos Smart System or providing it to the Service Provider in a different means by the Customer, User or First User is tantamount to the Customer, User or First confirming that the data subject received information referred to in item 9.
11. Scope and purpose of processing Personal and Sensitive Information
1. The Service Provider processes personal and sensitive information as provided to the system by the Customer which covers: : first name, last name, password to the system, e-mail address and optionally mobile phone number.
2. Depending on activated by the Customer system features, Luceos Smart mobile application may additionaly collect the following information:
1. Information about the User location. Collected location data are gathered, stored and processed only for purpose of activated by the Customer functional module within Luceos Smart system and only if the User accepted the Luceos Smart mobile application to access such location data. Personal location information are collected by the Luceos Smart mobile application in the background process and are protected according to general rules as described in point 11.3. Additionally the location data are stored in the system for only 120 days and then removed. The storage length may be modified on the Customer request. Information about User's location is used to:
1.present in the Luceos Smart application users' current and historical locations and routes.
2.analyse historical routes for detection of potential discrepancies between business data entered by the User into the system (like work times) and real User's locations.
3.Access to the above functions in the Luceos Smart system requires user's authorisation and additional raised permission.
2. Information about the User activities durong the work day (work hours) as manually entered by the User into the Luceos Smart mobile application, according to rules and scope agreed by the contract between the User and the Customer.
3. Information gathered by Luceos Smart system is limited to data required for providing and improving the Service according to the Agreement with the Customer. Data transmission and storage are performed in a which which ensures safety, security, privacy, authorisation and protection agains unathorised access. Luceos Smart system ensures that access to the Customer and the User information is provided only to authorised personel from the Customer and the Service Provider organisations.
4.After termination of the Agreenent with the Customer or after deactivation of User account in the Luceos Smart system the sensitive data are either deleted or anonimized. The applied process is decided by the Customer in agreement with the User.