Privacy Policy and Information Clause of the TiPark Mobile Application

This document - Privacy Policy (hereinafter referred to as the "Privacy Policy") is an integral part of the Regulations on the use of the TiPark mobile application ("Application") and regulates the principles of processing personal data within the Application ("Personal Data", "Data"), in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as the "GDPR") and the Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws 2018, item 1000, hereinafter referred to as the "Act").

Personal Data Administrator

The Administrator Personal data processed within the Application is SPARKING Sp. z o.o., with its registered office in Warsaw, 00-626, at ul. Marszałkowska 7/10, registered in the register of entrepreneurs of the National Court Register, maintained by the District Court for the capital city of Warsaw in Warsaw, in the 12th Commercial Division, under KRS number: 0000664403, NIP: 7010667927, REGON: 366603700, e-mail: support@sparking.pro

In matters of Personal Data, you can contact the Administrator using the contact details indicated above.

Purposes and legal bases and period of processing Personal Data

Personal data of users of the Application ("User") are processed for the purposes, in the periods and based on the legal bases indicated below.

a. Fulfillment of the contract for the provision of services by electronic means

Personal data: name, telephone number, e-mail, Login created during registration, make, colour and registration number of the car used by the User and location data. Legal basis: art. 6 sec. 1 letter b) of the GDPR, i.e. performance of the contract to which the data subject is a party. Purpose of processing: fulfillment of the contract for the provision of services by electronic means. Data storage period: period of validity of the contract for the provision of services by electronic means

b. Consideration of complaints and applications, answers to questions

Personal data: name, Login created during registration, e-mail address or correspondence address. Legal basis: art. 6 sec. 1 letter c) of the GDPR, i.e. in order to fulfill the legal obligations incumbent on the Administrator. Purpose of processing: consideration of complaints and applications, answers to questions. Data storage period: until the expiry of 3 years from the date of the last communication with the User.

c. Fulfillment of legal obligations incumbent on the Administrator, resulting from tax and accounting regulations

Personal data: name, telephone number, e-mail, Login created during registration. Legal basis: Art. 6 sec. 1 letter c) of the GDPR, i.e. processing is necessary to fulfill legal obligations incumbent on the Administrator. Purpose of processing: fulfillment of legal obligations incumbent on the Administrator, resulting from tax and accounting regulations. Data storage period: for a period consistent with applicable regulations.

d. Conducting correspondence with the User - for the purpose of communication and handling the matter to which the correspondence relates.

Conducting marketing activities of the Administrator's own products and services without using electronic means of communication - conducting marketing activities promoting the conducted business. Handling notifications sent, among others, using the contact form or other requests - providing answers to notifications and inquiries addressed to the Administrator. Conducting analyses and storing data for statistical purposes - having information on the statistics of activities conducted by the Administrator.

Personal data: e-mail address, name, telephone number, e-mail, Login created during registration, make, colour and registration number of the car from which the User is driving.
Legal basis: correspondence, answers to questions. Purpose of processing: art. 6 sec. 1 letter f) of the GDPR, i.e. in order to implement the legitimate interest of the Administrator. Period of storage of Data: until the date of objection by the User to whom the Data relates.

e. Processing of Data for marketing purposes, by sending commercial information via e-mail.

Personal data: e-mail address, name, Login created during registration.

Legal basis: art. 6 sec. 1 letter a) of the GDPR, i.e. on the basis of the User's consent to the processing of Personal Data, in the event of its expression. Purpose of processing: sending commercial information via e-mail. Data storage period: until the day of withdrawal of consent to the processing of Personal Data, its limitation or other actions limiting the consent.

Voluntary provision of Personal Data

The provision of the required Personal Data by the User is voluntary, but at the same time it is a condition for the conclusion and implementation of the contract and the provision of services. The consequence of not providing individual data is the inability to conclude and execute the agreement and provide services by the Administrator.

Categories of Personal Data:

The Administrator informs about the following categories of Personal Data:
name, telephone number, e-mail, Login created during registration, make, colour and registration number of the car used by the User and location data.

Sources of personal data:

Personal Data processed by the Administrator comes from the User.

Recipients of personal data:

Authorised employees and associates of the Administrator;
Entities operating the Administrator's IT systems or providing the Administrator with IT tools, including space on servers;
Entities organising or conducting the Administrator's marketing campaigns;
Entities providing the Administrator with advisory, consulting, auditing or legal, tax, accounting assistance.
The Administrator does not transfer Data outside the EEA.

What rights do you have in connection with the processing of your personal data by the Administrator?

The User whose Data is concerned has the right to:
• request access to their Personal Data,
• request rectification of their Personal Data,
• request deletion of their Personal Data,
• request restriction of the processing of Personal Data,
• object to the processing of Personal Data,
• request transfer of Personal Data.

If any of the above requests are submitted to the Administrator, without undue delay - and in any case within one month of receiving the request - the Administrator will provide information on the actions taken in connection with the submitted request.

If necessary, the Administrator may extend the monthly period by another two months due to the complex nature of the request or the number of requests. In each case, the Administrator will inform the Administrator within one month of receiving the request about the extension of the period and provide the reasons for the delay.

Right to withdraw consent

The User may withdraw the consent granted to the processing of their Personal Data at any time. Withdrawal of consent to the processing of Personal Data does not affect the lawfulness of the processing carried out by the Administrator on the basis of consent granted before its withdrawal.

Requests to delete data should be sent electronically from the address assigned to the account in the application to the e-mail address: support@tipark.app

Complaint to the supervisory authority

The User has the right to lodge a complaint with the supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement.

In Poland, the supervisory authority within the meaning of the GDPR is the President of the Office for Personal Data Protection.

Cookies

1. Cookies are computer data saved in files and stored on the User's end device.

2. The Administrator uses various types of cookies, in particular these are files:
technical: ensure the correct operation of the basic functions of the Application
functional: used for analytical and statistical purposes

3. Detailed information on the possibilities and methods of handling Cookies is available in the software (internet browser) settings.

4. Most internet browsers accept the saving of Cookies by default. The user can specify the terms of use of Cookies using the settings of their own internet browser.

5. To change the scope of use of Cookies, it is enough to configure the internet browser appropriately.

Data security

The Administrator:
a. ensures an appropriate level of security of Personal Data,
b. protects Data against loss, disclosure, use in an inappropriate manner or access by unauthorized persons, makes every effort to ensure their best possible security,
c. has implemented procedures that ensure that only authorized persons have access to the Data to the extent necessary to perform their tasks,
d. thanks to the organizational and technical solutions used, only authorized persons can perform specific operations on the Data,
e. takes action to ensure that its subcontractors and other cooperating persons guarantee appropriate security of the Data when they process it on behalf of the Administrator.