PRIVACY POLICY
This Privacy Policy sets out the rules for the processing and protection of the Customer’s personal data.
If you have any questions about your personal data, please contact us at: office@cyberuslabs.com.
Contact details of the Data Protection Inspector: office@cyberuslabs.com
I. DEFINITIONS
1. CL – means Cyberus Labs Sp. o.o. with its registered office in Katowice (40-006 Katowice, ul. Warszawska 6), entered into the Register of Entrepreneurs of the National Court Register kept by the Katowice-Wschód District Court in Katowice, VIII Commercial Department of the National Court Register, based on KRS number 0000565252, NIP: 9442248670, REGON: 361957043, e-mail: office@cyberuslabs.com, which provides services by electronic means.
2. Services – means services provided by CL by electronic means, including via website: www.cyberuslabs.com, as well as through systems or applications owned by CL, including: “ELIoT Pro”, “Cyberus Key” and “CyberusHealthKey”.
3. Customer – means any person for whom the Services may be provided.
4. Operator – an entity that is an entrepreneur whose services the Customer uses or intends to use by gaining access to the Operator’s services using mobile systems or applications owned by CL.
5. GDPR – means the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
II. PERSONAL DATA
1. The Privacy Policy applies if you use CL Services, i.e. use CL systems or applications, register in systems or applications and use their functionality, contact us e.g. via email, via form available on the CL website or by phone, if you receive messages from us via electronic means of communication, including push notifications from the application in connection with the use of their functionality.
2. Depending on the Services you use, CL processes the following personal data:
a) when registering in CL systems or applications: e-mail address, Name and Surname;
b) when using the functionality of CL systems or applications: email address, Name and Surname, application ID and token used to communicate with the server, device identifier for push notifications, encrypted custom PIN and encryption key, phone model name, name and version of the telephone system (e.g. iOS 13.1, Android 8.0), data regarding confirmation of a given operation (e.g. login);
c) when using the contact form on the website and electronic correspondence: Name, Surname, company name, telephone number, e-mail address, correspondence content, including the content of the message freely added by the Customer;
3. CL uses personal data to provide Customers with CL Services, manage the account in the system or application and use their functionality, handle complaints, for accounting and tax purposes, as well as receive and send e-mail and correspondence in connection with the performance of the contract or before its conclusion. The basis for data processing is the processing necessary for the performance of the contract or to take action at the request of the data subject before the conclusion of the contract (the basis of art.6 par.1 lit.b GDPR), and in some cases a specific provision may also be the legal basis that allows CL to process data in order to comply with a legal obligation – e.g. accounting and tax regulations (the basis of Article 6 (1) (c) of the GDPR).
4. CL uses personal data to contact Customers, for example, by email, as well as responding to posts on social media that have been addressed to CL, in order to better perform of the Services, inform about changes and provide explanations and information. The basis for data processing is the legitimate interest of CL (the basis of Article 6 paragraph 1 letter f of the GDPR).
5. If, as part of the services provided by the Operator, the Operator provides the option of registering or logging into the Operator’s services (e.g. to the website, application, etc.) via the CL system or application, in the event of the Customer’s consent to the transfer of data Operator, CL will provide the Operator with the Customer’s personal data provided during registration in the system or application, i.e.: Name, Surname, e-mail address. The basis for CL to provide the Operator with the Customer data indicated above is the Customer’s consent.
6. CL requires the Customer to provide personal data that is necessary for the performance of the contract – performance of the Services. In the event that this information is not provided by the Customer, CL will not be able to provide the Services. If required by law, e.g. tax, CL may also require providing other necessary data. Apart from the above cases, providing personal data by the Customer is voluntary.
7. CL entrusts personal data for processing to service providers who perform certain duties and functions on behalf of CL. CL provides data to service providers: website support, IT services related to technical support for systems and applications, payment services related to Service orders, Microsoft Azure cloud computing service (West Europe Region), accounting services for CL. CL entrusts to the service providers listed above only such data that is necessary for the proper performance of services for or on behalf of CL.
In the case of data transmission, CL ensures that the service provider processes data in compliance with security requirements, and does not use the data for purposes other than providing services to CL.
8. CL does not transfer personal data to entities other than the service providers described above, except when it is necessary in connection with legal regulations or a decision of authorities, as well as in the case of the need to establish, exercise or defend CL rights.
9. CL does not transfer personal data outside the European Union.
10. CL processes Customer’s personal data only for such a period as is necessary for the proper performance of contracts with Customers, i.e. the provision of Services, as well as the handling of the complaint process, pursuing claims in connection with the performance of the contract, as well as for the period resulting from the obligations imposed at CL by law (e.g. in the area of tax and accounting obligations, in accordance with the relevant provisions for a period of 5 years), only in a necessary scope. For marketing purposes, the data is stored for the duration of the contract or until the
Customer objects to such processing.
11. CL ensures the use of appropriate technical and organizational security for personal data to ensure an adequate level of security of the personal data being processed.
12. Customers have the right to access their personal data, including requesting information about their data or providing a copy of this data processed by CL.
13. Customers have the right to amend their personal data if the data is incomplete, out of date or incorrect.
14. Customers have the right to object to the processing of personal data by CL. “Marketing” objection – the Customer has the right to object to the processing of his data for the purpose of direct marketing. Objection due to a special situation – the Customer also has the right to object to the processing of his data on the basis of a legitimate interest for purposes other than direct marketing, as well as when the processing is CL necessary to perform a task carried out in the public interest. You should then indicate the specific situation that justifies CL ceasing the opposition processing. CL will cease to process the Customer’s data for these purposes, unless it shows that the grounds for CL processing of data prevail over the rights of the Customer or that the data is CL necessary to establish, assert or defend claims.
15. Customers have the right to request the restriction of personal data processing by CL.
16. Customers have the right to request the removal of personal data.
17. Customers have the right to request the transfer of personal data to the Customer or an indicated third party.
18. Customers have the right to lodge a complaint to the competent supervisory authority for the protection of personal data, in Poland: Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland, website: http://www.uodo.gov.pl/