PRIVACY POLICY OF OCTOPARK.IO WEBSITE AND OCTOPARK.IO APP

This Privacy Policy is a document related to the Terms of Service of Octopark.io and the OctoPark.io Application (the "Terms of Service"). Definitions of terms used in this Privacy Policy are provided in the Terms of Service. The provisions of the Terms and Conditions shall apply accordingly.

This policy is informative and fulfills the information obligations imposed on the data controller by RODO, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

‍

1. PERSONAL DATA CONTROLLER

1. The administrator of Users' personal data is the Service Provider - Inteligentne Miasta spółka z ograniczoną odpowiedzialnością with its registered seat in Kielce, al. Na Stadion 50, 25-127 Kielce, entered into the National Court Register by the District Court Lublin- Wschód in Lublin, with its seat in Świdnik, VI Economic Department of the National Court Register, under KRS number: 811520, NIP: 7162827733, REGON: 38474564.
2. Contact with the Data Controller can be made in particular by email through the email address administrator@inteligentnemiasta.com

‍

2. METHOD OF DATA PROCESSING

1. The purpose and scope of processed personal data is determined by the scope of data provided by the User in the contact form. The processing of Users' personal data refers to name and surname, telephone number, e-mail address, invoicing data, i.e. company name and address with NIP, vehicle license plate numbers, and data enabling payment, i.e. card number, holder's name, expiration date and CVC code, geolocation. The nature of the Services provided by the Service Provider makes it impossible to provide them anonymously.
2. Users' personal data will be processed for: (a) implementation of the law (Article 6(1)(c) RODO), (b) implementation of contracts with Users (Article 6(1)(b) RODO), (c) promotional and commercial activities of the Service Provider (where the User has given his/her consent Article 6(1)(a) RODO, and in other cases Article 6(1)(f) RODO, i.e. the Administrator's legitimate interest in providing information about the services it provides).
3. Provision of personal data is voluntary, but failure to consent to the processing of mandatory personal data, i.e. the data specified in paragraph 2.1. of this section, will prevent the Service Provider from performing services and executing contracts.
4. The legal basis for the processing of personal data in the case referred to above in paragraph 2.2.(a) is the authorization to process data necessary for the purpose of acting in accordance with the law, while in the case referred to above in paragraph 2.2.(b) is the performance of a contract to which the data subject is a party or to take action at the request of the data subject before entering into a contract. (b) is the performance of a contract to which the data subject is a party or to take action at the request of the data subject prior to entering into a contract, as well as authorization for processing when it is necessary for the purposes of legitimate interests pursued by the Service Provider or by a third party, and in the case of point (c) - the User's consent or the Administrator's legitimate interest in providing information about its services.
5. If the Service Provider becomes aware of the User's use of the Services in violation of the Regulations or applicable laws (unauthorized use), the Service Provider may process the User's personal data to the extent necessary to determine the User's liability.
6. The User's personal data will be processed for a period of 4 years counting from the date of deletion of the Account on the Website and/or Application, after which time it will be deleted, unless its processing is necessary based on another legal basis, e.g. in connection with the running of the period of limitation of claims.
7. The service provider does not transfer personal data to third countries. 

‍

3. DATA RECIPIENTS

1. The Service Provider may entrust the processing of personal data to third parties for the purpose of performing the activities indicated in the Terms of Service and servicing the User. In that case, the recipients of the User's data, may be: the hosting provider for the Website and/or Application, the company technically supporting the Website and/or Application, the Service Provider's accounting office, entities providing services as payment operators, parking operators, as well as entities cooperating with Collaborative Parking.
2. Personal data collected by the Service Provider may also be available: to the relevant state authorities at their request under the relevant legislation, or to other persons and entities - in cases provided for by law.
3. Each entity to which the Service Provider entrusts the User's personal data for processing, based on the entrustment agreement for the processing of personal data (hereinafter "Entrustment Agreement") guarantees an appropriate level in terms of security and confidentiality of personal data processing. The entity processing the User's personal data based on the Entrustment Agreement may process the User's personal data, through another entity, only on the basis of the Service Provider's prior consent. 
4. If the User uses the Parking Service through Collaborative Parking, the entity that processes the User's personal data is the Service Provider, and Collaborative Parking.
5. Sharing of personal data with unauthorized parties according to this Privacy Policy, may only take place with the prior consent of the User to whom the data refers.

‍

4. RIGHTS OF THE DATA SUBJECT

1. Each User has the right to: (a) to delete personal data collected about him/her both from the Platform belonging to the Service Provider and from the databases of entities with which the Service Provider cooperates or has cooperated, (b) to restrict data processing, (c) to transfer personal data collected by the Service Provider about the User, including to receive them in a structured form, (d) to request from the Service Provider access to your personal data and their rectification, (e) to object to the processing, (f) to revoke the Service Provider's consent at any time without affecting the legality of the processing performed on the basis of consent before its revocation; (g) file a complaint against the Service Provider with a supervisory authority.

‍

5. OTHER DATA

1. The Service may store http requests, and therefore some information may be stored in the server log files, including the IP address of the computer from which the request came, the name of the User's station - identification carried out by the http protocol, if possible, the date and system time of registration on the Service and the arrival of the request, the number of bytes sent by the server, the URL of the page previously visited by the User, if he/she entered through a link, information about the User's browser, information about errors that occurred during the execution of http transactions. Logs may be collected as material for the proper administration of the Website. Only persons authorized to administer the computer system have access to the information. Log files may be analyzed to compile statistics of traffic on the Website and errors that occur. Summary of such information does not identify the User.

‍

6. SECURITY

1. The Service Provider shall apply technical and organizational measures to ensure the protection of the processed personal data appropriate to the risks and categories of protected data, and in particular shall technically and organizationally secure the data from being made available to unauthorized persons, from being taken by an unauthorized person, from being processed in violation of the Act, and from being altered, lost, damaged or destroyed, among others, SSL certificates are used. The collection of collected personal data of Users is stored on a secured server and the data is also protected by the Service Provider's internal procedures on personal data processing and information security policy.
2. The Service Provider has also implemented appropriate technical and organizational measures, such as pseudonymization, designed to effectively implement data protection principles, such as data minimization, and to give the processing the necessary safeguards to meet the requirements of the RODO and protect the rights of data subjects. The Service Provider shall implement all necessary technical measures set forth in Articles 25, 30, 32-34, 35-39 of the RODO to ensure enhanced protection and security of the processing of the User's personal data.
3. At the same time, the Service Provider indicates that the use of the Internet and services provided electronically may be at risk of malicious software (malware) entering the User's data communication system and device, as well as unauthorized access to the User's data, including personal data, by third parties. In order to minimize these risks, the User should use appropriate technical safeguards, e.g., using up-to-date antivirus software or protecting the User's identification on the Internet. In order to obtain detailed and professional information regarding the preservation of security on the Internet, the Service Provider recommends seeking it from entities specializing in such IT services.

‍

7. COOKIES

1. For the proper operation of the Website and/or the Application, the Service Provider uses Cookies technology. Cookies are packages of information stored on the User's device through the Service and/or Application, usually containing information in accordance with the purpose of the file, by means of which the User uses the Service. Cookies usually containing the address of the Site and the data of the Application, the date of placement, the expiration date, a unique number and additional information in accordance with the purpose of the file.
2. The service provider uses two types of cookies: session cookies, which are deleted permanently when the user's browser session ends, and persistent cookies, which remain after the end of the browser session on the user's device until they are deleted.
3. Based on Cookies, both session and permanent, it is not possible to determine the identity of the User. The mechanism of Cookies does not allow the collection of any personal data. 
4. Cookies of the Service Provider are safe for the User's device, in particular, they do not allow viruses or other software to enter the device. In turn, External Cookies (i.e. Cookies placed by the Service Provider's partners) can be read by an external server.
5. You may disable the storage of Cookies on your device, in accordance with the instructions of your browser manufacturer, but this may result in the unavailability of some or all of the features of the Website and/or the Application.
6. The following types of Cookies are used within the Service:
   - "necessary" Cookies to enable the use of services available within the Service, such as. authentication Cookies used for services that require authentication within the Website and/or Application;
   - "security" Cookies, such as those used to detect abuse of authentication within the Website and/or Application;
   - "performance" Cookies, enabling the collection of information about the use of the websites;
   - "functional" Cookies, enabling "remembering" the User's selected settings and personalizing the User's interface, such as. in terms of the selected language or region from which the User originates, font size, website design, etc.;
   - "advertising" cookies, enabling the provision of advertising content more tailored to the User's interests.
7. In many cases, web browsing software (web browser) allows the storage of Cookies on the User's terminal device by default. Users may change their settings regarding Cookies at any time. These settings can be changed, in particular, in such a way as to block the automatic handling of cookies in the settings of the web browser or inform about their placement on the User's device each time. Detailed information on the possibility and methods of using Cookies is available in the settings of your software (web browser).
8. Cookies placed on the User's terminal device and may also be used by advertisers and partners cooperating with the operator of the Website and/or Application. The User may individually change the settings concerning Cookies at any time, specifying the conditions for their storage, through the settings of the Internet browser or through the configuration of the service. The User may also independently delete Cookies stored on his/her device at any time, in accordance with the instructions of the browser manufacturer. 
9. Detailed information about the use of Cookies is available in the settings of your web browser.

‍

8. FINAL PROVISIONS

1. This Privacy Policy is effective as of 01/05/2022. 

‍