GDPR general information clause
regarding the processing of personal data
This clause implements the Controller's information obligation, as provided for in Article 13 GDPR.⇽ Get Back
We care about the privacy of the Users of our Services and in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Regulation on Data Protection) (OJ L 119, p. 1) (“GDPR”), we inform that:
I. Personal data controller
The controller of Users' personal data is AR Generation Sp. z o. o. with the seat in Warsaw (Aleja Gen. Antoniego Chruściela “Montera”, nr 88A, 04-412 Warszawa, Poland) entered in the KRS Business Register with no. 000874920, NIP 9522211918.
II. Contact regarding the protection of personal data
The User may contact the Controller regarding the protection of his personal data by email email@example.com or in writing, at the following address: Aleja Gen. Antoniego Chruściela “Montera”, nr 88A, 04-412 Warszawa, Poland.
III. Legal basis and purpose of personal data processing
We process Users' personal data on the following basis:
Article 6(1)b) GDPR: - processing is necessary to perform the contract to which the User is a party or to take action at the User's request before concluding the contract;
Article 6(1)c) GDPR: - processing is necessary to fulfil the legal obligation of the Controller;
Article 6(1)f) GDPR: - processing is necessary for the purposes of the legitimate interests pursued by the Controller or a third party.
The legal basis for the processing of personal data may also be the User's consent [Article 6(1)a) GDPR], expressed for a specific purpose.
Purposes of personal data processing:
The User's personal data are processed for the following purposes:
- enabling the User to download, launch a mobile application, use a mobile application (registration and authentication), enable the Controller to provide services related to a mobile application, ensuring the technical possibility of using the service by the User [Article 6(1)b) GDPR];
- fulfilment of legal obligations, protection of the rights and interests of the User and/or Controller [Article 6(1)c) GDPR];
- detection of any malicious or fraudulent activity, as well as analytics, interaction with external networks and social platforms, contact with the user [Article 6(1)f) GDPR].
When using the services, the Controller may collect certain data, eg phone number of the User (for registration in the application), email address (for registration on the Controller's forum), cookies (for analytical purposes). We do not receive or store payment or health data of Users.
IV. Recipients of personal data
Users' personal data may be transferred only to entities that are entitled to receive them on the basis of applicable provisions of the law (eg at the request of authorized bodies) or external entities that have been hired by the Controller in the provision of services (eg data storage, server hosting, technical support, analytical support). These entities may require access to data on behalf of the Controller. These entities are selected by the Controller with the greatest care and undertake to comply with Article 28 GDPR. There are appropriate contractual arrangements with these service providers to protect your data.
You have the option of sharing your personal data with other parties, in which case it will be governed by their own privacy policies [the Controller recommends reading these policies].
VI. Processing of data outside the EEA
The Data/Information will be mainly stored and processed in the EU (eg servers in Germany), but there may be circumstances in which the Controller will cooperate with trusted third parties outside the EU to provide a fully professional service (eg servers in the USA).
The controller transfers personal data outside the European Economic Area only when it is necessary and with an adequate level of protection, primarily through cooperation with professional data processors, using standard industry procedures and security standards, and applying the rules set out by the European Union institutions. By submitting your personal data, you expressly consent to such transfer, storage or processing outside the EU.
Note that depending on the User's location, data transfers may involve User’s data transfer to a country other than his/her own.
VII. The period of personal data processing (personal data retention)
Personal data will be processed and stored for as long as required by the purpose for which they were collected, in accordance with applicable law. Therefore, personal data will be processed as long as it is necessary to provide services to Users, prevent fraud, provide Users with IT and legal security, or longer if it is permitted by law. After removing the application by the User, the Controller is entitled to retain information necessary to fulfil his legal obligations, resolve disputes, protect his rights [as a rule, for a period of 5 years]. The personal data provided by the User directly to third parties are processed for a period separately specified by the third party.
VIII. Voluntary data provision
Providing personal data is voluntary, but necessary to use the services. Consents to the processing of personal data are given by the User voluntarily.
IX. Automated decision making
Some decisions may be made in an automated manner, ie based on automatic data analysis. With automated decision-making, the service can be adjusted to the manner in which the User uses them.
X. User rights
The User has rights regarding the use of his personal data. If you have any questions, contact the Controller at firstname.lastname@example.org.
The User has: the right to information: what personal data the Controller processes and why; the right of access: you can request access to your data; the right to rectification: if the data are incorrect, the right to correct them; the right to delete data in certain circumstances; the right to restriction of processing: in limited cases, you have the right to request the cessation of processing; the right to transfer personal data: you can request a copy of your data in a machine-readable form; the right to object in certain circumstances (including when the data are processed on the basis of legitimate interests); the right to lodge a complaint with the competent supervisory authority in the field of personal data protection. The above rights are implemented subject to Articles 15 to 22 GDPR.
The Controller indicates that any communication that the User makes with the help of the service may reveal detailed information about the User. In addition, any information that the User publishes will be available to other Users. The Controller is not responsible for the User's use of any private personal data that the User provides, or for the actions of other Users or other third parties to whom the User provides or shares his information or content.