Principles of data processing of visitors

Privacy Policy and Cookies

 

This Privacy Policy sets out the principles of personal data processing and protection in connection with the use of the service available at https://softpos.eu/ (hereinafter the "Service").

 

If this document refers to GDPR, it should be understood as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.

The Administrator shall make every effort to protect the privacy of the users of the Website and any data and information that have been obtained in connection with the use of the Website. The Administrator selects and applies protection measures with due diligence, both programming and organisational, thus ensuring protection against their disclosure, loss, destruction, unauthorized modification or processing in violation of the applicable laws.

The data collected by the Administrator shall be processed in accordance with the law, respecting the principles of fairness and transparency, shall be collected to the minimum extent necessary for the specified purposes and processed in accordance with them, shall not be subject to further processing incompatible with those purposes, shall be adequate and correct in relation to the purpose, and shall be stored in a manner enabling the identification of data subjects.

 

  1. The controller

 

The administrator of personal data processed in connection with the use of the Website is SoftPos S.A. with its registered office in Warsaw, Prosta Street 68, 08-838 Warsaw, entered in the Register of Entrepreneurs of the National Court Register under KRS number 0000773538, holding the following tax identification number (NIP): PL9462686806

 

In all matters concerning personal data, please contact the Administrator at his e-mail address: [email protected].

 

  1. Processed data

 

When using the Service, the Administrator collects information concerning the user's device in order to ensure the correct functioning of the Service: IP address of the computer, information contained in cookies or other similar technologies, session data, web browser data, device data, data concerning activity in the Service, including on individual subpages; if the user has consented to this, the Administrator also collects geolocation information in order to provide more tailored offers of products and services.

 

The above information collected in the course of using the Service does not include data concerning the identity of natural persons, however, in combination with other information, it may constitute personal data, and therefore the Administrator shall fully protect it.

 

Through the Service or by using the contact data available in the Service, the Administrator may be contacted by means of requests concerning cooperation and employment. In such a case, the Administrator processes the data provided in the application, including first name(s) and surname(s); first names of parents; date of birth; place of residence (mailing address); education; course of previous employment, contact details such as the telephone number or e-mail address provided.

 

  1. The purpose and legal basis of data processing.

 

Personal data collected in connection with the use of the Service or transferred through the Service or using the contact data available on the Service shall be processed for the following purposes:

 

In order to ensure the correctness of the operation of the Service, to inform about the Administrator's activity, for analytical and statistical purposes, to ensure the information and communication security of the Service, to consider complaints, to defend against claims and to establish and enforce claims. The legal basis for the processing of personal data for these purposes is Article 6(1)(f) of the TCO, i.e. the legally justified interest of the Administrator.

In order to conduct the recruitment of persons interested in working or cooperating with the Administrator. The legal basis for the processing of personal data for this purpose is Article 6(1)(c) and Article 6(1)(a) of the TOP.

 

In order to fulfill the legal obligations incumbent on the Administrator, such as tax, accounting or statistical obligations - resulting from the applicable regulations. The legal basis for the processing of personal data for this purpose is Article 6(1)(c) of the PCO.

 

  1. Is it obligatory to provide data?

 

Providing personal data is voluntary. The User is not obliged to provide data, however, depending on the circumstances, refusal to provide them may prevent or hinder the use of the Website or contact with the User.

 

  1. Powers related to the processing of personal data

 

The data subject has the right to obtain confirmation from the Administrator whether his or her personal data are being processed. If such a person's data are processed, he or she is entitled to access them and obtain the following information: the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the data have been or will be disclosed, the period of storage of the data or the criteria for their determination, the right to request the rectification, erasure or restriction of the processing of personal data to which the data subject is entitled and to object to such processing, information about the right to lodge a complaint with the supervisory authority; if the personal data have not been collected from the data subject, all available information about the source of the data; information about automated decision making, including profiling; information about adequate safeguards for the transfer of personal data to a third country or international organisation. (Article 15(1) and (2) of the COB);

The data subject has the right to obtain a copy of the data to be processed, the first copy being free of charge, and for subsequent copies the controller may impose a reasonable charge resulting from the administrative costs (Article 15 (3) RBO);

 

A data subject has the right to request the rectification of personal data concerning him/her that are incorrect or to supplement incomplete data (Article 16 of the GPC);

 

The data subject has the right to request the erasure of his/her personal data in the cases indicated in Article 17 (1) of the GCRL, in particular if the controller no longer has a legal basis for their processing or the data are no longer necessary for the purposes of processing.

 

The data subject has the right to demand a restriction of personal data processing by the controller (Article 17(1) of the GDPR). 18 of the TRO), where: the controller contests the accuracy of personal data - for a period of time allowing the controller to verify the accuracy of such data; or the processing is unlawful and the data subject opposes their erasure by demanding the restriction of their use; or the controller no longer needs the data, but the data subject needs the data to establish, pursue or defend his/her claims; or the data subject has objected to the processing - until it is established whether the legitimate grounds on the part of the controller take precedence over those of the data subject

 

The data subject has the right to receive in a structured, commonly used machine-readable format personal data concerning him/her which he/she has provided to the controller and to request that the data be sent to another controller, if the data are processed on the basis of the data subject's consent or an agreement concluded with him/her and if the data are processed by automated means (Article 20 of the GPC);

 

The data subject has the right to object to the processing of his/her personal data for the legitimate purposes of the Controller, for reasons related to his/her particular situation, including profiling. In such a case, the Controller may no longer process these personal data, unless the Controller demonstrates that there are compelling legitimate grounds for processing overriding the interests, rights and freedoms of the data subject or grounds for establishing, pursuing or defending claims. (Article 21(1) of the GDPR);

 

Where personal data are processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning him/her for the purposes of such marketing, including profiling, in so far as the processing is related to such direct marketing. Where the data subject objects to the processing of personal data relating to him/her for the purposes of direct marketing, personal data may no longer be processed for such purposes. (Article 21(2) and (3) GDPR)

 

Where data are processed on the basis of consent, it may be revoked at any time.  The withdrawal of consent shall not affect the lawfulness of the processing of personal data carried out on the basis of consent prior to its withdrawal.

 

The data subject has the right to lodge a complaint with the supervisory authority in the Member State of his or her habitual residence, place of work or place of establishment if he or she believes that the processing of personal data concerning him or her violates the TCO.

 

  1. Disclosure of data to other parties

 

Data may be disclosed to entities indicated in the legislation providing for the obligation to disclose certain data (e.g. administrations, tax authorities, courts, etc.).

The data may be disclosed to entities providing services to the Administrator to whom the Administrator has entrusted the processing of personal data on the basis of agreements concluded with these entities. This applies, for example, to entities providing accounting, legal, marketing, postal, courier, technical, IT, etc. services.

 

  1. Transfer of data to third countries or international organisations

 

The controller shall not provide for transfers to third countries or to international organisations. However, the controller may use services related to the use of analytical tools, e-mail services, IT tools, providers of IT solutions including hosting services of entities from third countries (e.g. Google, Microsoft, Facebook, Twitter etc.).  Insofar as such use would involve the transfer of data to third countries, this will only be possible if adequate safeguards are in place and if there are enforceable data subjects' rights and effective legal remedies. Adequate safeguards shall be provided by means of the standard data protection clauses referred to in Article 46(2)(c) TODO.  In addition, the controller shall apply additional technical safeguards such as data encryption both during the transfer and in the so-called 'state of rest'.

 

  1. Data retention period

 

The storage period depends on the purpose of the processing and is limited to the time when the intended purpose is achieved.

The data processed in order to ensure the correctness of the Service's operation, for analytical and statistical purposes, as well as to ensure the Service's ICT security, shall be stored until the legally justified interest of the Administrator is realised.

The data processed for the purpose of conducting information and marketing activities of the Administrator's products or services shall be stored until the withdrawal of consent for processing, and when such data is processed on a basis other than consent, until an objection is raised.

The data processed for the purpose of recruitment of persons interested in working for or cooperating with the Administrator shall be stored until the recruitment process is completed or consent to the processing of such data is withdrawn.

The data processed for the purpose of fulfilling the Administrator's obligations, such as tax, accounting or statistical obligations shall be stored for the period resulting from the applicable regulations imposing such obligations on the Administrator.

The data processed for the purpose of processing complaints, defending against claims and determining and asserting claims shall be stored until the statute of limitations expires or claims are asserted.

 

  1. Data processing in an automated manner

 

The controller shall not process the data by automated means, including in the form of profiling, in such a way that any decisions may be taken, other legal effects may arise or would otherwise affect the data subject as a result of such automated processing.

During the use of the Service, information related to browsing the content of the Service is automatically collected, such as the number and source of visits, the time of the visit, the content viewed, the number and type of subpages opened, references used, or the IP number of the computer. This information is not combined with personal data of the Users. We use this information exclusively for the purposes of market research and Internet traffic within the Service and for statistical purposes.

 

  1. Cookies

 

The Website uses small files called cookies. These files are saved and stored on the computer or other end user's device. Cookies are installed if the browser settings allow it. Cookies usually contain the name of the domain they come from, the time of their storage on the Device and the assigned value.

Cookies are used in order to optimize the process of using the Website, to collect statistical data that allow to identify the use of the users of the Website. They are also necessary to maintain the user's session after he or she leaves the Service.

The Service uses two basic types of cookie files:

Session (temporary) cookies: they are stored on the terminal device and remain there until the end of a browser session. The stored information is then permanently deleted from the device memory. The mechanism of session cookies does not allow for downloading any personal data or any confidential information from the terminal device.

Permanent cookies: they are stored on the terminal device and remain there until they are deleted. Ending a session of a given browser or switching off the device does not cause their deletion. Permanent Cookies do not allow the collection of any personal data or any confidential information from the terminal device.

At any time, it is possible to change the settings concerning cookies, including blocking cookies. However, such action may hinder or prevent the use of the Service.

The change of settings concerning cookies is made in the Internet browser. Already installed cookies can be removed manually at any time. Detailed instructions and information concerning cookies are contained in the help menu of the Internet browser currently used by the user.

Cookie files placed in the final device of the Service User and may also be used by partners cooperating with the Administrator, such as Google Analytics, Facebook, Twitter, Youtube.

More information about cookies is available in the "Help" section of the Internet browser menu.

 

  1. Changes

 

Changes to the Privacy Policy and Cookies will be published on the Website. These changes will be effective only for the future and will come into force upon acceptance of the modified privacy policy, of which the User will be notified via the so-called pop-up.

Not now
Accept

Recent news

Read about our achievements, successes and plans!

17.04.2024

SoftPos with PCI Secure SLC certificate!

28.12.2023

2023: another great year for SoftPos!

Last 12 months summed up

01.06.2023

Another trophy for SoftPos!

30.12.2022

2022: A breakthrough year for SoftPos.eu!

A brief summary

20.12.2022

Grzegorz Nowakowski named "CEO of the Year"

The title was presented by European CEO Magazine

26.10.2022

Worldline announces the acquisition of a majority stake in SoftPos.eu

Read the official press release

17.10.2022

Fintech Summit Poland 2022 - SoftPos among the nominees

Our solution has been placed in "Paytech" category

01.08.2022

SoftPos nominated for FF Awards

Our solution is present in "Mobile Payments" category

30.06.2022

Awards and nominations summary

First six months of 2022 in review

07.06.2022

Golden Banker: SoftPos with honorable mention

Our solution among two laureates

17.05.2022

PCI DSS Certificate renewed

11.05.2022

Next nominations for industry awards

Our solution has been recognized by cashless.pl

10.05.2022

SoftPos in ING Poland

"eTerminal" service is now up and running

02.05.2022

SoftPos in ING Romania

Romanian media are noticing the implementation

30.03.2022

SoftPos in Credit Agricole Poland

Implementation is a part of cooperation with Elavon

28.03.2022

SoftPos named "Payment Innovation Platform of the Year"!

Awards were presented by "Finance Monthly" Magazine

15.02.2022

Grzegorz Nowakowski with "CEO of the Year" award!

Awards were presented by europeanceo.com

31.01.2022

Live transactions in 14 countries!

SoftPos is being used or tested by thousands of merchants

29.12.2021

SoftPos 2021: A short story about our achievements this year

2021 recap

22.12.2021

SoftPos in BiznesInfo.pl

Article about our solution

14.12.2021

SoftPos in Łódź Metropolitan Railway

All of the railway's conductors are using our solution

02.11.2021

SoftPos in Payments Cards & Mobile

Interview with Grzegorz Nowakowski

02.09.2021

SoftPos with PIN is live and used by first merchants!

First merchants in Poland have started to use the new version of their app, which allows to accept contactless transactions requiring PIN, including those abov…

30.06.2021

SoftPos on CPoC list!

The information was confirmed on June 30th

31.05.2021

SoftPos on El Mundo top 100!

Our solution is among the best ideas chosen by the Spanish newspaper

02.03.2021

We're looking for programmers!

Join SoftPos team!

23.02.2021

Transactions in new countries!

We have registered live transactions i Romania and Spain

19.02.2021

SoftPos with PCI DSS certificate

Another milestone achieved

18.01.2021

SoftPos in "Outsourcing & More"

The latest issue of the magazine is out now

22.12.2020

Best wishes from SoftPos!

18.12.2020

2020 recap

Our achievements during the last 12 months

26.11.2020

New SoftPos offices!

We're in United Arab Emirates and Spain

23.11.2020

More satisfied SoftPos users!

Warsaw's "W Liściach" is among the new merchants

13.11.2020

Animated video and a new website!

New promo video and a completely redesigned web page

12.11.2020

We're entering Hungarian market!

It's time to reveal our cooperation with Fizetési Pont.

05.11.2020

SoftPos in Food Service

Check the latest issue of HoReCa magazine

29.10.2020

More merchants are using SoftPos

Warsaw's Deliver Team is among the companies using our solution

05.10.2020

Cashless Congress recap

See the entire presentation by Grzegorz Nowakowski

29.09.2020

The "Best Payment Solution" award is ours!

We've won the award together with SIX Payments during FinTech & InsurTech Digital Congress

28.09.2020

FinTech & InsurTech Digital Congress begins in Warsaw today

We're nominated for "Best Payment Solution" award

25.09.2020

End merchants are using SoftPos!

First retailers, taxi drivers and couriers use our solution!

14.09.2020

Cashless Congress begins tomorrow!

Grzegorz Nowakowski among the speakers

01.09.2020

First merchants' training

We're starting to teach first merchants how to use our app!

11.08.2020

What is SoftPos? Interview

Biser Jorgow and Grzegorz Nowakowski talk to Piotr Pietrzak

23.07.2020

First live transactions!

22.06.2020

SoftPos on the "Map of Polish Fintech"

Cashless.pl revealed the map during an online show

18.06.2020

Payment meeting starts next Wednesday!

Grzegorz Nowakowski is among the speakers

12.06.2020

Our essay in POSItivity Magazine

How does the pandemic affect the payments market?

22.02.2020

SoftPos pulled it off at Berlin's MPE with our POS app live on the main stage!

07.01.2020

New Contactless Payments on Commercial off-the-shelf devices (CPoC) requirements

10.12.2019

SoftPos on a meeting with the Polish Ministry of Digital Affairs

05.12.2019

SoftPos among support partners of #Impact Fintech '19 event

Get in touch with us!

SoftPos enables acceptance of contactless payments made with plastic card and any of its virtual equivalents.

Let's talk!