Privacy Policy UseCrypt S.A.

Download PDF

Introduction

The protection of personal data has always been prioritized by UseCrypt S.A (hereinafter: “UC”). Our goal was and still is to promote and provide the data privacy, including personal data. Therefore, we not only meet the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), but we also meet your expectations and inform you about the legal grounds for personal data collection, processing, and about the rights you are entitled to as well.

Basic information

Personal data means any information relating to an identified or identifiable natural person (‘data subject’). Processing means any operation or set of operations which is performed on personal data or on sets of personal data. Controller of personal data is any body which processes personal data. Processing means e.g collection, alteration, transmission and disclosure of personal data.

There is no doubt, that the GPDR treats personal data very widely and comprehensively.

UC as the personal data controller

UC processes personal data to deliver efficient services in accordance with your expectations.

In case you give separate and voluntary consent, UC will process your personal data in order to present information about events and news in the field of data and privacy protection, as well as about the goods and services offered by UC, including promotions.

UC processes your personal data ensuring their security through the use of appropriate organizational and technical measures.

UC ensures that your personal data will be subject to access control within UC, as well as within transmission to third parties, according to the purposes of the processing.

Full data of UC: UseCrypt S.A. with its headquarters in Warsaw, ul. Twarda 18, 00 - 105 Warsaw, entered in the Register of Entrepreneurs of the National Court Register maintained by the District Court for the capital city of Warsaw, 12th Economic Department under the number 0000577049, share capital PLN 229,400.00 (paid in full), Tax ID: 5272745461.

Functioning of the privacy policy

The document is applicable in situations where UC is the controller of personal data, what means that it processes personal data obtained from natural persons, including users of services offered by the company.

The privacy policy covers situations in which the UC processes personal data obtained directly from the data subject or personal data obtained through delegation.

In the case of a separate agreement between UC and the natural person or the person entrusting data (personal data processing agreement), the provisions contained in this agreement take precedence over the provisions of the privacy policy.

UC ensures the fulfillment of notification obligations in accordance with art. 13 and art. 14 of the GDPR.

The purposes and grounds for the processing

UC processes data to provide you with services at the highest level, at the minimum extent of personal data processing.

In order to provide the UseCrypt Safe service and support in usage, we process the following data, which may be considered as personal data: first name (names) and surname (s), e-mail addresses and telephone numbers of the users of UseCrypt Safe services. These data are processed particularly for the following purposes:

personalization (assignment) of the user account of the UseCrypt Safe service within this service and enabling its use in accordance with the functionalities;

verification of a natural person and assigning one to the account in the UseCrypt Safe service in case of the contact of this person or the entrusting party in connection with the need for support in service usage.

In order to provide the UseCrypt Messenger service and support in the usage of service, we process data that may be considered as personal data, i.e. a telephone number. Temporarily, due to the functionality of the UseCrypt Messenger service, we may process data,

which may be considered as personal data, i.e., an IP address. These data are processed particularly for the following purposes:

personalization (assignment) of the user account of the UseCrypt Messenger service within this service and enabling its use in accordance with the functionalities;

verification of a natural person and assigning one to the account in the UseCrypt Messenger service in case of the contact of this person or the entrusting party in connection with the need for support in service usage.

Data related to the provision of services and ensuring their functionalities are processed due to the fact that they are necessary for the performance of the obligations of UC to you. These data may also be processed in individually justified cases on the basis of the legitimate interest of CU.

In order to make settlements related to the provision of services, UC processes the data provided by the users, which are necessary to issue and deliver VAT invoices recording these services. These data may, in particular, include: name and surname // company, place of residence / address of the registered office, tax identification number, bank account number / credit card number.

Settlement data are processed as necessary to fulfill the legal obligation incumbent upon UC, which, in particular, results from the Accounting Act. These data may also be processed in individually justified cases on the basis of the legitimate interest of CU.

UC, in the case of data processing on the basis of a legitimate interest, each time thoroughly analyzes and balances the interest of UC and, the interest and potential impact on the data subject. The rights of a natural person related to personal data protection regulations are also analyzed.

For marketing purposes, on the basis of separate and voluntary consent, UC will process your personal data in order to present information about events and news in the field of data and privacy protection, as well as about the goods and services offered by UC, including goods and services promotions.

Data related to the marketing purpose are processed on the basis of the explicit and voluntary consent of a natural person who has given his/her consent. Consent can be withdrawn at any time.

In addition to the data referred to above, natural persons interested in cooperation with UC or purchasing services, that contact with UP and provide their personal data and contact details in order to obtain information on the offer and services or to conclude a contract, may provide the UC with their personal data such as: name and surname, telephone number, e - mail address. Contact that provides personal data through e-mail or by phone is voluntary. We ask you, in the first forms of contact, not to provide extensive data, including specific data (e.g. on race or

ethnic origin, political views, religious or philosophical beliefs, trade union membership, information on physical or mental health, genetic data, biometrics, information on sexual life or sexual orientation and the criminal past). In the case of establishing a contact, depending on its type, UC takes adequate actions related to ensuring compliance of personal data processing with the law.

In the case of the intention to entrust the processing of personal data, e.g. by a collective entity (company, foundation, association) concluding a contract with UC, regarding users of the service (employees, members of this entity), it follows the conclusion of the data processing contract. We ask you not to provide data before entering into a data processing contract.

Data processed by users in UseCrypt Safe

UC informs and ensures that, due to the use of the Hybrid Virtual Key Management technology in the encrypted cloud of UseCrypt Safe, does not have any access to the data entered by users in UseCrypt Safe, does not hold knowledge if data are personal data, and does not have any possibility to read them.

Data processed by users in UseCrypt Messenger

UC informs and ensures that, due to the use of the encryption technology does not have any access to the data entered by users in UseCrypt Messenger, does not hold knowledge if data are personal data, and does not have any possibility to read them.

Personal data protection

UC, in the scope of personal data protection, ensures the use of appropriate organizational and technical measures.

UC ensures the use of measures that verify the control of access to personal data. UC informs that personal data may be made available to third parties on the basis of the data processing contract. UC ensures that personal data entrusted to third parties will be adequately protected.

UC ensures the use of technical measures to protect personal data.

Extent and time of personal data processing

UC processes the minimum amount of personal data which is necessary to achieve purposes related to business activity.

UC processes personal data only for the time which is necessary to achieve the purpose and which results from the legal basis of the processing. For example, if UC ceases to provide the services to you, the data relating to the service purposes performance are removed. UC is not able to delete your data if they are necessary for the performance of statutory obligations, e.g. keeping and archiving accounting books.

UC never processes personal data for longer period which that which would result form the legal basis for their processing. Therefore

in the case of processing personal data in order to perform the contract, the processing period lasts until the contract is terminated;

in the case of processing personal data on the basis of consent, the processing period lasts until a natural person withdraws consent;

in the case of processing personal data on the basis of a legitimate interest of the data controller, the processing period lasts until the cessation of the above mentioned interest (e.g. the limitation period of civil claims) or the moment of opposition of the data subject to further processing - in situations where such an objection is in accordance with the law;

in the case of personal data processing, when it is necessary due to the applicable law, the periods of data processing for this purpose are determined by these provisions.

Disclosure personal data to third parties.

We transfer personal data to other entities only if such a transfer is permitted by the law. In this case, in the data processing agreement we conclude provisions ensuring the security of personal data at a level that we use ourselves. Recipients of personal data, including those on the basis of data processing agreements, may in particular be:

-entities keeping accounting books;

-advisers and auditors, including business, legal and financial ones;

-entities providing hosting services;

-subcontractors;

-debt collection companies.

In the event that we are obliged to do so by law, we provide personal data to public administration bodies, law enforcement authorities, general and administrative courts as well.

However, we transfer only data in necessary extent which is determined on the basis of the transfer purpose.

Rights of natural persons.

UC ensures natural persons with the performance of their rights relating to personal data.

UC ensures the right, according to GDPR provisions, to:

access to personal data;

change and complete personal data;

remove personal data;

limit the processing of personal data;

object to the processing personal data

transfer personal data;

, which are processed by the controller.

The rights shall be exercised by delivery of a relevant request in writing to the address of the registered office of UC, i.e.: ul. Twarda 18, 00 - 105 Warsaw, or by e-mail to the following address: rodo@usecrypt.com.

Due to the fact that the exercise of the above-mentioned rights may be, according to mandatory provisions, subject to additional conditions or in certain circumstances, we encourage you to contact us by e-mail to the following address: rodo@usecrypt.com in order to determine the best way and scope of exercising rights which are entitled to you, so that the goals you intend to achieve are efficiently and comprehensively met.

UC stipulates that if the user’s right to remove the data will prevent the provision of the service, which the user acquired for a fee and for a definite period of time, UC may refuse, due to data’s necessity for the purposes for which they were collected or processed in a different way, or may cease to provide the service due to the fault of the user, which will not affect the obligation to pay remuneration for the service.

We are also at your disposal in person at the registered office of UC at the abovementioned address or at the telephone number +48 22 213 96 44.

We stipulate that the exercise of rights may follow a positive verification of the identity of the person applying for the action, which also constitutes an element of protection of your interests.

All requests, application forms, and complaints will be considered and you will receive a reply without undue delay.

Persons whose personal data are processed by UC may also file a complaint to the President of the Office for Personal Data Protection (formerly: Inspector General for Personal Data Protection), ul. Stawki 2, 00-193 Warsaw.

Validation and changes

This document is effective from May 25, 2018.

UC ensures a regular review of this document and changes, in order to ensure compliance with the law and the most efficient performance of your rights.

Changes to the document will take place by replacing the current version with a new version of the document on the website www.usecrypt.com/privacy.

The document is a general outline of the rules introduced by UC as part of the protection of personal data.

The document is prepared in order to ensure the transparency of data processing by UC. UC provides additional information by the forms of contact indicated in the document.

The last update of this document took place on May 24, 2018.