XERALL PRIVACY POLICY XERALL.COM

This Privacy Policy is a document related to the Xerall Terms of Service (“Terms of Service”). Definitions of the terms used in this Privacy Policy were included in the Terms of Service. The provisions of the Terms of Service apply accordingly.

The Policy is for information purposes and serves satisfaction of information obligations imposed on the data controller under GDPR, i.e. Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

1. PERSONAL DATA CONTROLLER

1.1. The Controller of Clients’ personal data is the Seller, i.e. B-Technology Spółka z o.o. with its registered office in Jasionka, Jasionka 954E, 36-002 Jasionka, entered in the register of entrepreneurs of the National Court Register kept by the District Court in Rzeszów, 12th Commercial Division of the National Court Register (KRS) under number KRS 0000616005, Tax Identification Number NIP 5170375003, National Business Registry Number REGON 364334549.

1.2. You may contact the Personal Data Controller in particular via e-mail at [email protected]

2. DATA PROCESSING METHOD
2.1. The purpose and scope of the processed personal data is determined by the scope of consents and provided data sent by means of a relevant form. The processing of Clients’ personal data concerns first and last name, phone number, e-mail address, delivery address, invoice address, Tax Identification Number NIP, computer IP address and other data necessary for provision of services in accordance with the Terms of Service. Due to the nature of services provided by the Seller, they cannot be provided anonymously.
2.2. Personal data of Clients will be processed for the following purposes: (a) execution of legal provisions, (b) execution of Orders and performance of sales agreements, creation of the Account and performance of other agreements for provision of services by electronic means, in particular Newsletter service, in this examination of filed complaints and optimisation of Seller’s performances, (c) promotional and commercial actions of the Seller.
2.3. Providing the personal data is voluntary, but the lack of consent to process personal data marked in the form as obligatory will prevent performance of services and execution of Orders by the Seller.
2.4. The legal basis of the processing of personal data in the case referred to in clause 2.2(a) above is authorisation to process data necessary to act in accordance with the law, while in the case referred to in clauses 2.2(b) and 2.2.(c) above it is performance of an agreement to which the data subject is a party, or undertaking actions upon request of the data subject prior to conclusion of the agreement, as well as authorisation to processing, if this is necessary for purposes resulting from legitimate interests satisfied by the Seller or a third party, or Client’s consent.
2.5. If the Seller is advised that the Client uses the services in violation of the Terms of Service or applicable provisions of law (unauthorized use), then the Seller may process User’s personal data in a scope required for establishing the liability of the User.
2.6. Client’s personal data will be processed: until the Account is deleted or for the period of 5 years from filing the last Order (whichever takes place later) and will be deleted upon the lapse of the said period, unless their processing is necessary on the basis of another legal basis, e.g. in connection with the running of the period of limitation.
2.7. The Seller does not transfer personal data to third countries.

3. RECIPIENTS OF DATA
3.1. The Seller may entrust the processing of personal data to third parties for the purpose of execution of the activities indicated in the Terms of Service and service of the Client. In such cases, recipients of Client’s data may include: a provider of hosting for the Store, a company providing technical support for the Store, a company providing online payment systems, an invoice management system, Seller’s accounting firm and a carrier.
3.2. Personal data collected by the Seller may also be disclosed to: competent state bodies upon their request on the basis of relevant provisions of law, or other persons and entities—in the cases prescribed in the provisions of law.
3.3. Each entity to which the Seller transfers Client’s personal data for processing on the basis of a personal data transfer agreement (hereinafter referred to as Transfer Agreement) guarantees an adequate level of security and confidentiality of the processing of personal data. The entity processing Client’s personal data on the basis of the Transfer Agreement may process Client’s personal data through another entity only upon prior written consent of the Seller.
3.4. Disclosing personal data to unauthorized entities under this Privacy Policy may take place only upon prior consent of the Client to whom such data refer.

4. RIGHTS OF DATA SUBJECT
4.1. Each Client has the right to (a) delete the collected personal data referring to him/her both from the system belonging to the Seller as well as from bases of entities which have co-operated with the Seller, (b) restrict the processing of data, (c) portability of the personal data collected by the Seller and referring to the Client, in this to receive them in a structured form, (d) request the Seller to enable him/her access to his/her personal data and to rectify them, (e) object to processing, (f) withdraw the consent towards the Seller at any time without affecting the legality of processing carried out on the basis of the consent before it is withdrawn, (g) lodge a complaint about the Seller to the supervisory authority.

5. OTHER DATA
5.1. The Store may store http enquiries, therefore the files containing web server logs may store certain data, including the IP address of the computer sending the enquiry, the name of Client’s station—identification through http protocol, if possible, date and system time of registration on the Store website and receipt of the enquiry, number of bytes sent by the server, the URL address of the site visited by the user before if the Client has entered the Website through a link, information concerning user’s browser, information concerning errors occurred during realization of the http transaction. Web server logs may be collected as material for the purposes of proper administration of the Store. Only persons authorized to administer the IT system have access to data. Files containing web server logs may be analyzed for the purposes of preparing statistics concerning traffic on the Store website and occurring errors. Summary of such details does not identify the Client.

6. SECURITY
6.1. The Seller applies technological and organizational means in order to secure the processed personal data corresponding to the threats and category of data to be secured, in particular, through technical and organizational means B-Technology secures data against being published to unauthorized persons, taken over by an unauthorized person, processed in violation of the law and changes, lost, damaged or destroyed; among others the SSL certificates are applied. The set of collected Clients’ personal data is stored on a secured server; moreover, the data are secured by Seller’s internal procedures related to the processing of personal data and information security policy.
6.2. In order to log in to the Account, it is necessary to provide a relevant username and password. In order to ensure an adequate level of security, the password to the Account exists only in an encrypted form. Furthermore, the operation on the Store proceeds within a secure https connection. Communication between Client’s device and the servers, in particular, while making payments, is encoded using the SSL (Secure Socket Layer) protocol.
6.3. The Seller has also implemented appropriate technical and organizational means, such as pseudonymisation, designed to effectively enforce the data protection principles, such as data minimisation, and for the purpose of providing the processing with necessary safeguards, so as to meet the GDPR requirements and protect the rights of data subjects. The Seller implements all necessary technical measures as specified in Articles 25, 30, 32-34, 35–39 of GDPR, providing for enhanced protection and security of the processing of Client’s personal data.
6.4. At the same time, the Seller states that using the Internet and services provided by electronic means may pose a threat of malware breaking into Client’s teleinformatic system and device, as well as unauthorized access to Client’s data, including personal data, by third parties. In order to minimize such threats, the Client should use appropriate technical safeguards, e.g. using up-to-date antivirus programs or programs securing identification of the Client on the Internet. In order to obtain detailed and professional information related to security on the Internet, the Seller recommends taking advice from entities specializing in such IT services.

7. COOKIES
7.1. For the purposes of correct operation of the website, the Seller uses Cookies support technology. Cookies are packages of information stored on the Client’s device through the Website, usually containing information corresponding to the intended use of a particular file, by means of which the Client uses the Website—these are usually: address of the Internet service, date of publishing, lifetime of a Cookie, unique number and additional information corresponding to the intended use of a particular file.
7.2. The Seller uses two types of Cookies: session cookies, which are permanently deleted upon the closing of the session of the Client’s browser, and permanent cookies, which remain on the Client’s device after closing the session until they are deleted.
7.3. It is not possible to identify the Client on the basis of Cookie files, whether session or permanent. The Cookie mechanism prevents collecting any personal data.
7.4. Cookies used on the Website are safe for the Client’s device, in particular, they prevent viruses or other software from breaking into to the device.
7.5. Files generated directly by the Website may not be read by other websites. Third-Party Cookies (i.e. Cookies provided by associates of the Seller) may be read by an external server.
7.6. The Client may disable storing Cookies on his/her device in accordance with the instructions of the browser producer, but this may disable certain parts of or the entire operation of the Website.
7.7. The Seller uses own Cookies for the following purposes: authenticating the Client on the Website and preserving Client’s session; configuration of the Website and adjusting the content of pages to Client’s preferences, such as: recognizing Client’s device, remembering settings set up by the Client; Cookies ensuring security of data and use of the Website; analyses and researches of views; advertisement services.
7.8. The Seller uses third-party Cookies for the following purposes: preparing statistics (anonymous) for the purposes of optimizing the functionality of the Website, by means of analytic tools such as Google Analytics [other?]; using interactive functions by means of social networks: tumblr.com, facebook.com, pinterest.com, google.plus.com, twitter.com, linkedin.com.
7.9. The Client may individually change the Cookies settings at any time, stating the conditions of their storage, through the Internet browser settings or configuration of the service. The Client may also individually delete Cookies stored on his/her device at any time in accordance with the instructions of the browser producer.
7.10. Details concerning Cookies support are available in the settings of the browser used by the Client.

8. FINAL PROVISIONS
8.1. This Privacy Policy comes into effect as of 25 May 2018.

XERALL APPLICATION

This Privacy Policy is a document related to the Xerall Application Terms of Service (“Terms of Service”). Definitions of the terms used in this Privacy Policy were included in the Terms of Service. The provisions of the Terms of Service are applied accordingly.

The Policy is for information purposes and serves satisfaction of information obligations imposed on the data controller under GDPR, i.e. Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

1. PERSONAL DATA CONTROLLER
1.1. The Controller of personal data of Xerall Application users (hereinafter referred to as Users) is B-Technology Spółka z o.o. with its registered office in Jasionka, Jasionka 954E, entered in the register of entrepreneurs of the National Court Register kept by the District Court in Rzeszów, 12th Commercial Division of the National Court Register (KRS) under number KRS 0000616005, Tax Identification Number NIP 5170375003, National Business Registry Number REGON 364334549 (hereinafter referred to as B-Technology).
1.2. You may contact the Personal Data Controller in particular via e-mail at [email protected]

2. DATA PROCESSING METHOD
2.1. The purpose and scope of the processed personal data are determined by the scope of consents and provided data sent by means of a relevant form, including the scope of consents given by the User while installing the Xerall Application. The processing of Users’ personal data concerns first and last name, phone number, e-mail address and other data necessary for the provision of services in accordance with the Terms of Service. Due to the nature of services provided by B-Technology, they cannot be provided anonymously.
2.2. Personal data of Users will be processed for the following purposes: (a) execution of legal provisions, (b) performance of agreements for the provision of functionalities of the Xerall Application, in this examination of filed complaints and optimisation of B-Technology’s performances, (c) promotional and commercial actions of B-Technology.
2.3. Providing the personal data is voluntary, but the lack of consent to process personal data marked in the form as obligatory will prevent the performance of services and execution of Orders by B-Technology.
2.4. The legal basis of the processing of personal data in the case referred to in clause 2.2(a) above is authorisation to process data necessary to act in accordance with the law, while in the case referred to in clause 2.2 letter (b) above it is performance of an agreement to which the data subject is a party, or undertaking actions upon request of the data subject prior to conclusion of the agreement, as well as authorisation to processing, if this is necessary for purposes resulting from legitimate interests satisfied by B-Technology or a third party, while in the case referred to in clause 2.2(c) above it is User’s consent.
2.5. If B-Technology is advised that the User uses the services in violation of the Terms of Service or applicable provisions of law (unauthorized use), then B-Technology may process User’s personal data in a scope required for establishing the liability of the User.
2.6. User’s personal data will be processed: until the Xerall Application is removed and for a period appropriate for proving correct performance of such agreement (corresponding to the period of limitation) and will be deleted upon the lapse of the said period, unless their processing is necessary on the basis of another legal basis, e.g. in connection with the running of the period of limitation.
2.7. B-Technology does not transfer personal data to third countries.

3. RECIPIENTS OF DATA 
3.1. B-Technology may entrust the processing of personal data to third parties for the purpose of execution of the activities indicated in the Terms of Service and service of the User. In such cases, recipients of User’s data may include a provider of hosting for the Xerall Application, a company providing technical support for the Xerall Application _______.
3.2. The personal data collected by B-Technology may also be disclosed to competent state authorities upon their request on the basis of relevant provisions of law or other persons and entities—in the cases prescribed in the provisions of law.
3.3. Each entity to which B-Technology transfers User’s personal data for processing on the basis of a personal data transfer agreement (hereinafter referred to as Transfer Agreement) guarantees an adequate level of security and confidentiality of the processing of personal data. The entity processing User’s personal data on the basis of the Transfer Agreement may process User’s personal data through another entity only upon prior written consent of B-Technology.
3.4. Disclosure of personal data to unauthorized entities under this Privacy Policy may take place only upon prior consent of the User to whom such data refer.

4. RIGHTS OF DATA SUBJECT
4.1. Each User has the right to (a) delete the collected personal data referring to him/her both from the system belonging to B-Technology as well as from bases of entities which have co-operated with B-Technology, (b) restrict the processing of data, (c) portability of the personal data collected by B-Technology and referring to the User, in this to receive them in a structured form, (d) request B-Technology to enable him/her access to his/her personal data and to rectify them, (e) object to processing, (f) withdraw the consent towards B-Technology at any time without affecting the legality of processing carried out on the basis of the consent before it is withdrawn, (g) lodge a complaint about B-Technology to the supervisory authority.

5. OTHER DATA
5.1. The Xerall Application may store http enquiries, therefore the files containing web server logs may store certain information, including the IP address sending the enquiry, name of User’s station—identification through http protocol, if possible, date and system time of registration and receipt of the enquiry, information concerning errors which occurred while executing the http transaction. Web server logs may be collected for the purpose of proper administration of the Application. Only persons authorized to administer the IT system have access to data. The files containing web server logs may be analyzed for the purposes of preparing statistics concerning traffic in the Xerall Application and occurring errors. Summary of such details does not identify the User.
5.2. B-Technology may also collect data concerning a drone controlled by means of the Application, such as its model, location, flight path, speed, height, temperature and other information identifying the drone or pertaining to a flight.

6. SECURITY
6.1. B-Technology applies technological and organizational means in order to secure the processed personal data corresponding to the threats and category of data to be secured, in particular, through technical and organizational means B-Technology secures data against being published to unauthorized persons, taken over by an unauthorized person, processed in violation of the law and changes, lost, damaged or destroyed; among others the SSL certificates are applied. The filing system comprising Users’ personal data is stored on a secured server, furthermore, the data are secured by B-Technology’s internal procedures related to the processing of personal data and information security policy.
6.2. In order to log in to the Xerall Application, it is necessary to provide a relevant username and password. In order to ensure an adequate level of security, the password to the Xerall Application exists only in an encrypted form. Furthermore, the operation on the Xerall Application proceeds within a secure https connection. Communication between User’s device and the servers, in particular, while making payments, is encoded using the SSL (Secure Socket Layer) protocol.
6.3. B-Technology has also implemented appropriate technical and organizational means, such as pseudonymisation, designed to effectively enforce the data protection principles, such as data minimisation, and for the purpose of providing the processing with necessary safeguards, so as to meet the GDPR requirements and protect the rights of data subjects. B-Technology implements all necessary technical measures as specified in Articles 25, 30, 32-34, 35-39 of GDPR, providing for enhanced protection and security of the processing of User’s personal data.
6.4. At the same time, B-Technology states that using the Internet and services provided by electronic means may pose a threat of malware breaking into User’s teleinformatic system and device, as well as any other unauthorized access to User’s data, including personal details, by third parties. In order to minimize such threats, the User should use appropriate technical safeguards, e.g. using up-to-date antivirus programs or programs securing identification of the User on the Internet. In order to obtain detailed and professional information related to the security in the Internet, B-Technology recommends taking advice from entities specializing in such IT services.

7. FINAL PROVISIONS
7.1. This Privacy Policy comes into effect as of 25 May 2018.