If this document refers to GDPR, it should be understood as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
The Administrator shall make every effort to protect the privacy of the users of the Website and any data and information that have been obtained in connection with the use of the Website. The Administrator selects and applies protection measures with due diligence, both programming and organisational, thus ensuring protection against their disclosure, loss, destruction, unauthorized modification or processing in violation of the applicable laws.
The data collected by the Administrator shall be processed in accordance with the law, respecting the principles of fairness and transparency, shall be collected to the minimum extent necessary for the specified purposes and processed in accordance with them, shall not be subject to further processing incompatible with those purposes, shall be adequate and correct in relation to the purpose, and shall be stored in a manner enabling the identification of data subjects.
The administrator of personal data processed in connection with the use of the Website is SoftPos S.A. with its registered office in Warsaw, Prosta Street 68, 08-838 Warsaw, entered in the Register of Entrepreneurs of the National Court Register under KRS number 0000773538, holding the following tax identification number (NIP): PL9462686806
In all matters concerning personal data, please contact the Administrator at his e-mail address: firstname.lastname@example.org.
When using the Service, the Administrator collects information concerning the user's device in order to ensure the correct functioning of the Service: IP address of the computer, information contained in cookies or other similar technologies, session data, web browser data, device data, data concerning activity in the Service, including on individual subpages; if the user has consented to this, the Administrator also collects geolocation information in order to provide more tailored offers of products and services.
The above information collected in the course of using the Service does not include data concerning the identity of natural persons, however, in combination with other information, it may constitute personal data, and therefore the Administrator shall fully protect it.
Through the Service or by using the contact data available in the Service, the Administrator may be contacted by means of requests concerning cooperation and employment. In such a case, the Administrator processes the data provided in the application, including first name(s) and surname(s); first names of parents; date of birth; place of residence (mailing address); education; course of previous employment, contact details such as the telephone number or e-mail address provided.
Personal data collected in connection with the use of the Service or transferred through the Service or using the contact data available on the Service shall be processed for the following purposes:
In order to ensure the correctness of the operation of the Service, to inform about the Administrator's activity, for analytical and statistical purposes, to ensure the information and communication security of the Service, to consider complaints, to defend against claims and to establish and enforce claims. The legal basis for the processing of personal data for these purposes is Article 6(1)(f) of the TCO, i.e. the legally justified interest of the Administrator.
In order to conduct the recruitment of persons interested in working or cooperating with the Administrator. The legal basis for the processing of personal data for this purpose is Article 6(1)(c) and Article 6(1)(a) of the TOP.
In order to fulfill the legal obligations incumbent on the Administrator, such as tax, accounting or statistical obligations - resulting from the applicable regulations. The legal basis for the processing of personal data for this purpose is Article 6(1)(c) of the PCO.
Providing personal data is voluntary. The User is not obliged to provide data, however, depending on the circumstances, refusal to provide them may prevent or hinder the use of the Website or contact with the User.
The data subject has the right to obtain confirmation from the Administrator whether his or her personal data are being processed. If such a person's data are processed, he or she is entitled to access them and obtain the following information: the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the data have been or will be disclosed, the period of storage of the data or the criteria for their determination, the right to request the rectification, erasure or restriction of the processing of personal data to which the data subject is entitled and to object to such processing, information about the right to lodge a complaint with the supervisory authority; if the personal data have not been collected from the data subject, all available information about the source of the data; information about automated decision making, including profiling; information about adequate safeguards for the transfer of personal data to a third country or international organisation. (Article 15(1) and (2) of the COB);
The data subject has the right to obtain a copy of the data to be processed, the first copy being free of charge, and for subsequent copies the controller may impose a reasonable charge resulting from the administrative costs (Article 15 (3) RBO);
A data subject has the right to request the rectification of personal data concerning him/her that are incorrect or to supplement incomplete data (Article 16 of the GPC);
The data subject has the right to request the erasure of his/her personal data in the cases indicated in Article 17 (1) of the GCRL, in particular if the controller no longer has a legal basis for their processing or the data are no longer necessary for the purposes of processing.
The data subject has the right to demand a restriction of personal data processing by the controller (Article 17(1) of the GDPR). 18 of the TRO), where: the controller contests the accuracy of personal data - for a period of time allowing the controller to verify the accuracy of such data; or the processing is unlawful and the data subject opposes their erasure by demanding the restriction of their use; or the controller no longer needs the data, but the data subject needs the data to establish, pursue or defend his/her claims; or the data subject has objected to the processing - until it is established whether the legitimate grounds on the part of the controller take precedence over those of the data subject
The data subject has the right to receive in a structured, commonly used machine-readable format personal data concerning him/her which he/she has provided to the controller and to request that the data be sent to another controller, if the data are processed on the basis of the data subject's consent or an agreement concluded with him/her and if the data are processed by automated means (Article 20 of the GPC);
The data subject has the right to object to the processing of his/her personal data for the legitimate purposes of the Controller, for reasons related to his/her particular situation, including profiling. In such a case, the Controller may no longer process these personal data, unless the Controller demonstrates that there are compelling legitimate grounds for processing overriding the interests, rights and freedoms of the data subject or grounds for establishing, pursuing or defending claims. (Article 21(1) of the GDPR);
Where personal data are processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning him/her for the purposes of such marketing, including profiling, in so far as the processing is related to such direct marketing. Where the data subject objects to the processing of personal data relating to him/her for the purposes of direct marketing, personal data may no longer be processed for such purposes. (Article 21(2) and (3) GDPR)
Where data are processed on the basis of consent, it may be revoked at any time. The withdrawal of consent shall not affect the lawfulness of the processing of personal data carried out on the basis of consent prior to its withdrawal.
The data subject has the right to lodge a complaint with the supervisory authority in the Member State of his or her habitual residence, place of work or place of establishment if he or she believes that the processing of personal data concerning him or her violates the TCO.
Data may be disclosed to entities indicated in the legislation providing for the obligation to disclose certain data (e.g. administrations, tax authorities, courts, etc.).
The data may be disclosed to entities providing services to the Administrator to whom the Administrator has entrusted the processing of personal data on the basis of agreements concluded with these entities. This applies, for example, to entities providing accounting, legal, marketing, postal, courier, technical, IT, etc. services.
The controller shall not provide for transfers to third countries or to international organisations. However, the controller may use services related to the use of analytical tools, e-mail services, IT tools, providers of IT solutions including hosting services of entities from third countries (e.g. Google, Microsoft, Facebook, Twitter etc.). Insofar as such use would involve the transfer of data to third countries, this will only be possible if adequate safeguards are in place and if there are enforceable data subjects' rights and effective legal remedies. Adequate safeguards shall be provided by means of the standard data protection clauses referred to in Article 46(2)(c) TODO. In addition, the controller shall apply additional technical safeguards such as data encryption both during the transfer and in the so-called 'state of rest'.
The storage period depends on the purpose of the processing and is limited to the time when the intended purpose is achieved.
The data processed in order to ensure the correctness of the Service's operation, for analytical and statistical purposes, as well as to ensure the Service's ICT security, shall be stored until the legally justified interest of the Administrator is realised.
The data processed for the purpose of conducting information and marketing activities of the Administrator's products or services shall be stored until the withdrawal of consent for processing, and when such data is processed on a basis other than consent, until an objection is raised.
The data processed for the purpose of recruitment of persons interested in working for or cooperating with the Administrator shall be stored until the recruitment process is completed or consent to the processing of such data is withdrawn.
The data processed for the purpose of fulfilling the Administrator's obligations, such as tax, accounting or statistical obligations shall be stored for the period resulting from the applicable regulations imposing such obligations on the Administrator.
The data processed for the purpose of processing complaints, defending against claims and determining and asserting claims shall be stored until the statute of limitations expires or claims are asserted.
The controller shall not process the data by automated means, including in the form of profiling, in such a way that any decisions may be taken, other legal effects may arise or would otherwise affect the data subject as a result of such automated processing.
During the use of the Service, information related to browsing the content of the Service is automatically collected, such as the number and source of visits, the time of the visit, the content viewed, the number and type of subpages opened, references used, or the IP number of the computer. This information is not combined with personal data of the Users. We use this information exclusively for the purposes of market research and Internet traffic within the Service and for statistical purposes.
The Website uses small files called cookies. These files are saved and stored on the computer or other end user's device. Cookies are installed if the browser settings allow it. Cookies usually contain the name of the domain they come from, the time of their storage on the Device and the assigned value.
Cookies are used in order to optimize the process of using the Website, to collect statistical data that allow to identify the use of the users of the Website. They are also necessary to maintain the user's session after he or she leaves the Service.
The Service uses two basic types of cookie files:
Session (temporary) cookies: they are stored on the terminal device and remain there until the end of a browser session. The stored information is then permanently deleted from the device memory. The mechanism of session cookies does not allow for downloading any personal data or any confidential information from the terminal device.
Permanent cookies: they are stored on the terminal device and remain there until they are deleted. Ending a session of a given browser or switching off the device does not cause their deletion. Permanent Cookies do not allow the collection of any personal data or any confidential information from the terminal device.
At any time, it is possible to change the settings concerning cookies, including blocking cookies. However, such action may hinder or prevent the use of the Service.
The change of settings concerning cookies is made in the Internet browser. Already installed cookies can be removed manually at any time. Detailed instructions and information concerning cookies are contained in the help menu of the Internet browser currently used by the user.
Cookie files placed in the final device of the Service User and may also be used by partners cooperating with the Administrator, such as Google Analytics, Facebook, Twitter, Youtube.
More information about cookies is available in the "Help" section of the Internet browser menu.
There it is at last! In December last year PCI SSC has published new program requirements: Contactless Payments on Commercial off-the-shelf devices, aka CPoC. Together with the earlier SPoC program, this step marks the beginning of a new acceptance trend, i.e. allowing standard mobile devices to become secure and trusted financial POS terminals. Current CPoC rules allow for transactions not verified by PIN and we are looking forward to the next, inevitable step: PIN-on-glass security guidelines. Our solution is currently undergoing CPoC certification with an external lab and we hope to be able to offer a PCI compliant solution to the market within the upcoming two quarters. We are also technically ready to process PIN.