Polityka Prywatności

This Privacy Policy governs how Proget Sp. z o.o. collects, uses, maintains, and discloses information collected from users (each, a “User”) of the Proget System and Proget mobile applications (“Apps”). This privacy policy applies to the Apps and all products and services offered by Proget Sp. z o.o. Apps are part of the Proget Mobile Device Management solution (“Proget System or Software”). Its main purpose is to protect business areas, company property, and the end users’ data (if allowed).

DEFINITIONS

  • License – the right to use the Software. The License is granted per Device for a period, depending on its type. There are two types of licenses:
    • Subscription – for a definite period, including Technical Support, which expires automatically after its validity period expires;
    • Lifetime – for an indefinite period with the additional option of extending it with Technical Support provided for a definite period.
  • Buyer – a natural person, legal person, or organization that purchased the Proget System for purposes related to conducting business, statutory, or other activities.
  • Personal Data Administrator (ADO) – The Buyer of the Proget System who specifies the purposes for which he will process personal data (as defined in Article 4 (7) of the GDPR) in the Proget System.
  • System User – an employee or co-employee of the Buyer who uses the Software on a mobile device in connection with their legal relationship ( employment contract, mandate contract, B2B contract, etc.).
  • GDPR – Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Regulation on Data Protection).
  • Personal data means any information about an identified or identifiable natural person (“data subject”) – personal data within the meaning of art. 4 point 1 GDPR.
  • Processor (Processing Entity within the meaning of Article 4 (8) of the GDPR) – a natural or legal person, public authority, unit, or other entity that processes personal data on behalf of the Personal Data Administrator – supplier of the Proget System (Licensor).
  • Proget System or Software – Software created by Proget operating by the Documentation. The Software consists of a Proget server, Proget mobile application, Proget Remote mobile application, Proget Backup mobile application, Proget Geofencing mobile application, Proget Gateway, Proget Connector, and other applications and parts of the Software described in the Documentation, for which Proget grants a license to the Purchaser by provisions of these License Terms.
  • Server – a server installed and running in the Purchaser’s infrastructure or a server in the Proget Cloud by the Documentation, allowing for the proper functioning of the Proget System.
  • Device – a mobile device compliant with the requirements described in the Documentation, on which the Software is installed and connected to the Software in the Proget Cloud or on the Server.
  • Wsparcie techniczne – technical assistance and the right to update the Software provided to the Buyer by Proget. In the Fixed Term License, Technical Support is integral to the License. In the License for an indefinite period, the Buyer, after one year of using the Software, is obliged to purchase Technical Support separately. The validity period of Technical Support is included in the License Certificate. The provision of technical support for a Server installed and running in the Buyer’s infrastructure requires meeting the requirements described in the Documentation. Proget reserves the right to refuse to provide a service if it is determined that it does not fall within the scope of the Technical Support services offered

PERSONAL DATA PROTECTION

  1. Proget, as a Processor, processes personal data on behalf of the Personal Data Administrator.
  2. Personal data processed by the Proget System are entered or made available by the Personal Data Administrator, and then they are generated by Devices or entered by System Users.
  3. The Personal Data Administrator defines the purpose and scope of processing personal data processed by the Proget System.
  4. The Personal Data Administrator specifies what data will be aggregated by the Proget System.
  5. The Personal Data Administrator declares that the Devices on which the Software will be installed are company devices or have a legal title to use them, e.g., consent to use private equipment for weddings.
  6. The Personal Data Administrator declares that he is aware of his obligations towards System Users using the Proget System in terms of meeting information requirements, obtaining appropriate consent, etc.

PERSONAL DATA PROCESSING

  1. The Personal Data Administrator entrusts the Processor ( Proget) with processing personal data pursuant to art. 28 sec. 3 GDPR.
  2. The Personal Data Administrator entrusts the Processor with processing all data processed by the Software and other data on devices for which technical support will be provided. In particular, the Processor will process:
    • data related to the Device (on which the Software is installed), its parameters, and configuration – a complete list available in the document “Proget Functionality”;
    • data of System Users _ ( employee, co-employee of the Buyer), contacts, SMS/MMS, device location, audit logs, call log, and Geofencing;
    • logs of Users of the Software System ( Proget System);
    • other data (files) saved on the Device, such as text files, spreadsheets, presentations, photos, video recordings, email, etc. NOTE: These data are available to Proget (technical support department ) only on request of the Purchaser and each time the System User grants access to the Device.
  3. As part of the acceptance of these License Terms of Use, the Processor will, in particular, perform the following operations on personal data: viewing, entering, modifying, deleting, collecting, organizing, ordering, adapting, and making backup copies.
  4. The Processor will process personal data using IT systems.
  5. The contract for entrusting the processing of personal data is valid to the full extent for the Software’s use period – the duration of the License. After the commercial use of the Software, processing will be limited to maintaining data on servers for up to 3 months from the termination of commercial use.
  6. The processed personal data may be of the nature of ordinary and unique data ( a particular category of personal data).
  7. The entrusted personal data includes, in particular, information about natural persons who are employees, clients, contractors, and other persons with whom communication will be carried out using Devices using the Proget System.
  8. The Processor undertakes to process data by applicable law.
  9. During data processing, Proget is responsible for any damage resulting from personal data processing inconsistent with the license terms or the law.
  10. The Processor undertakes to process the personal data entrusted for processing only and exclusively to perform the contract, the terms of which are defined in the terms of the License. In particular, personal data will be processed to ensure the functioning of the supplied Software, maintain the necessary infrastructure, and provide technical support.
  11. The Processor undertakes to exercise due diligence when processing the entrusted personal data.
  12. The Processor undertakes to secure them by using appropriate technical and organizational measures ensuring an adequate level of security corresponding to the risk associated with processing personal data referred to herein. Referred to in art. 32 of the Regulation.
  13. The Processor undertakes to ensure confidentiality (referred to in Article 28(3)(b) of the Regulation) of the processed data by persons he authorizes to process personal data to implement these Terms and Conditions use of the License, both during and after employment.
  14. The Processor declares that it has implemented an information security management system (taking into account the protection of personal data) compliant with the requirements of the ISO 27001 standard. An accredited certification body audited the information security management system. Proget obtained a certificate confirming the proper implementation of the information security management system by the requirements of the ISO 27001 standard.
  15. The information security management system ( including personal data) consists of policies and procedures relating in particular to the following:
    • security of personal data;
    • information security;
    • physical security;
    • using cryptographic security;
    • rules for securing personal computers;
    • rules for the use of computer equipment outside the workplace;
    • ensuring business continuity;
    • making backups.
  16. Proget employees:
    • undergo cyclical training on personal data protection and information security;
    • have been authorized to process personal data;
    • have undertaken to maintain the confidentiality of the information they come into contact with;
    • are aware of responsibility for breach of confidentiality obligations.
  17. The Processor (Proget) declares that it does not transfer personal data to a third country or international organization located outside the European Economic Area (“EEA”). Data transfer outside the EEA is possible only for customers outside the European Union (upon request).
  18. As far as possible, the Processor helps the Personal Data Administrator to the extent necessary to fulfill the obligation to respond to the data subject’s request and to satisfy the duties specified in the art. 32-36 GDPR.
  19. The Processor is obliged to notify the Personal Data Administrator of immediately:
    • any detection of a breach of personal data protection (e.g., unauthorized access to personal data), if possible, within 24 hours of the event;
    • any legally mandated request to provide personal data to a competent state authority, unless the prohibition of notification results from the law, in particular the provisions of criminal procedure, when the prohibition is intended to ensure the confidentiality of the investigation initiated;
    • each request received from the person whose data is processed, and the Processor has no right to respond to this request.
  20. The Personal Data Administrator has the right to control the implementation of these License Terms by carrying out announced and timely agreed, jointly with the Processor, ad hoc controls regarding processing personal data and requesting written explanations.
  21. The established inspection date may be 14 business days from the date proposed by the Personal Data Administrator.
  22. Carrying out the inspection referred to in section 20 is confirmed by the Processor’s representative with an action report signed by representatives of both parties.
  23. The Processor undertakes to comply with post-audit recommendations aimed at removing deficiencies in the processing of personal data within seven days from the date of their discovery.
  24. The personal data administrator has the right to request from the Processor an immediate, substantive answer to any question regarding the processing of personal data entrusted under these License Terms.
  25. The Processor subcontracts the processing of personal data to the following entities:
    • Amazon Web Services for maintaining virtual servers on which the Software is installed – if such a solution is selected. It does not apply to the installation of the Software in the infrastructure provided by the Purchaser;
    • Microsoft for maintaining virtual servers on which the Software is installed – if such a solution is selected. It does not apply to the installation of the Software in the infrastructure provided by the Purchaser;
    • Microsoft in the scope of communication with the Buyer ( its representatives) through the following services: e-mail, sharing resources, teleconferences or technical support;
    • Zoho Corporation in the field providing technical support, conducting sales, settling receivables, and verifying the services provided;
    • Atlassian in terms of providing technical support and the manufacturing process;
    • Google Firebase in the field of ensuring the collection of application critical errors;
    • Google Analytics in the scope of handling the collection of Proget System statistics, data on the use and use of the Proget System;
    • TeamViewer for technical support (remote session).
  26. The Processor may entrust the implementation of the services covered by this document to other subcontractors, provided that the Personal Data Administrator is informed about this fact using the accepted communication channels (e.g., by letter, email, SMS). No objection on the part of the Personal Data Administrator to further entrusting the processing of personal data within 14 days is tantamount to consent to such actions on the part of the Processor.
  27. The Processor is responsible to the Personal Data Administrator for the actions of its subcontractors – entities sub-entrusted with processing personal data.
  28. The entity to which the Processor entrusts further processing of personal data should meet the exact requirements and the same guarantees and obligations imposed on the Processor in these License Terms.
  29. These License Terms of Use are terminated after the end of the Software’s use period.
  30. The Personal Data Administrator has the right to terminate these License Terms with immediate effect if the Processor:
    • used personal data in a manner inconsistent with this document;
    • entrusted the processing of personal data to subcontractors without the consent of the Personal Data Administrator;
    • has not stopped the improper processing of personal data;
    • despite being obliged to remove the deficiencies found during the inspection, he did not remove them within the prescribed period.
  31. Within three months from the date of completion of the commercial use of the Software, the Processor undertakes to remove all personal data and all copies thereof from the Proget System. The Processor is released from the above obligation only if the Union Law or the law of the Republic of Poland allows or requires it to store such personal data further.
    • The Personal Data Administrator may apply to the Processor for earlier removal of personal data from the Proget System. Such a request will be implemented as soon as possible, considering Proget ‘s organizational capabilities;
    • about removing personal data from the Proget System using the communication channels accepted so far (e.g., by letter, email, SMS).
  32. The Processor immediately informs the Personal Data Administrator of any proceedings, mainly administrative or court proceedings, regarding personal data processed on behalf of the Personal Data Administrator and specified in the contract entrusting personal data. About any executive decision or ruling regarding the processing of this data, addressed to the Processor, as well as any planned, if known, or implemented controls and inspections regarding the processing of personal data. The Processor is released from the above obligation only if the Union law or the law of the Republic of Poland prohibits informing the Personal Data Administrator about the pending proceedings.
  33. The provisions of a point personal data entrustment agreement do not apply if a separate personal data entrustment agreement is concluded.

What are my opt-out rights?

You can stop all collection of information by the Application easily by uninstalling the Application. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network. If you can’t uninstall the Application contact with IT administrator in your company. IT administrator can allow you to uninstall managed applications. You can also request to opt-out via email, at iod@proget.pl.

Data Retention Policy, Managing Your Information

We will retain User Provided data for as long as you use the Application. If you’d like us to delete Automatically Collected Information that you have provided via the Application, please uninstall Application. You can also contact us at iod@proget.pl and we will respond in a reasonable time. Please note that some or all of the Automatically Collected Information may be required in order for the Application to function properly.

Children

We do not use the Application to knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should uninstall the Application to delete Automatically Collected Information. You can also contact us at iod@proget.pl. We will delete such information from our files within a reasonable time.

Bezpieczeństwo

We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. For example, we limit access to this information to authorized employees and contractors who need to know that information in order to operate, develop or improve our Application. Please be aware that, although we endeavor provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.

Changes

This Privacy Policy may be updated from time to time for any reason. We will notify you of any changes to our Privacy Policy by posting the new Privacy Policy here and informing you via notification inside the Application. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes. You can check the history of this policy by clicking here.

Your Consent

By using the Application, you are consenting to our processing of your information as set forth in this Privacy Policy now and as amended by us. “Processing” means using cookies on a computer/hand held device or using or touching information in any way, including, but not limited to, collecting, storing, deleting, using, combining and disclosing information, all of which activities will take place in the European Union. If you reside outside the European Union your information will be transferred, processed and stored there under European Union privacy standards. 

Skontaktuj się z nami

If you have any questions regarding privacy while using the Application, or have questions about our practices, please contact us via email at iod@proget.pl.