Privacy Policy - Serwico.com

GDPR Information Clauses

This policy contains information on the processing of personal data by DMSI. The principles of personal data processing have been divided according to participants and categories of processes in connection with which data processing takes place.

DMSI means:
DMSI Software Sp. z o.o. with its registered office in Warsaw (02-699), at ul. Kłobucka 23c lok. 119, Tax ID (NIP): 7952492770, REGON: 180529910, entered in the register of entrepreneurs of the National Court Register maintained by the District Court for the Capital City of Warsaw, 13th Commercial Division in Warsaw, under KRS number 0000539147 (hereinafter: DMSI Software).

Contact DMSI regarding questions or concerns about data processing:

e-mail: privacy@dmsi.pl or
in writing to the registered office address: ul. Kłobucka 23c/119, 02-699 Warsaw.

Below we present the principles of data processing by DMSI for individual participants and processes:

Processing of data of entities that are parties to service agreements.
The controller of your personal data is DMSI Software. The controller conducts processing operations of your personal data. Regarding the processing of your personal data, you can contact the controller via e-mail or in writing to the controller’s registered office address provided above.

With regard to the personal data of customers, employees, or collaborators entered by you into the SERWICO system, you are directly the controller of such data as a Client of DMSI Software. This data is processed on your behalf and solely on your documented instructions, and without such instructions only if required by law.
In case of any doubts regarding such a situation, please direct all questions to the contact details indicated above.

Personal data will be processed to enable the provision of the service and for archival purposes to secure information for the purpose of demonstrating legally relevant facts, which is our legitimate interest. The legal basis for processing your personal data for the purpose mentioned in the first sentence is Article 6(1)(b) and (f) GDPR, i.e., processing is necessary for the performance of services in accordance with the terms and conditions to which the data subject is a party, or to take steps at the request of the data subject prior to performing the service, and processing is necessary for the purposes of the legitimate interests pursued by the controller.

In accordance with the above paragraph, the following categories of personal data are processed:

first name, last name, position held, business telephone/fax number, business e-mail address,
REGON, Tax ID (NIP), PESEL, identity card;
login, password, and account operation history;
information about having read this information clause;
payment data;
telephone conversations, e-mail correspondence recorded in connection with the provision of technical support services as part of the services provided.
As a rule, we process data obtained directly from you; however, it may happen that we have your data from our Client and it was made available to us in connection with the provision of services based on acceptance of the Terms and Conditions. If you have any questions, please direct them to the contact details indicated at the beginning of the document. Your personal data will be made available to other recipients to the extent that these entities perform tasks related to the provision of services, i.e.:

the controller’s accounting service providers,
the controller’s legal and advisory service providers,
companies providing courier and postal services,
banks and other financial and payment institutions,
providers of software for technical support, e-mail and mailing, telecommunications operators used by the controller.
Providing the personal data mentioned above is voluntary, but necessary to provide the services.

You have the right to request from the controller access to your personal data, their rectification, erasure, or restriction of processing, and to object to such processing. At the same time, we inform you that you have the right to lodge a complaint with the President of the Personal Data Protection Office if you believe that the processing of your personal data violates the GDPR.
Your data will not be transferred outside the EEA to third countries or to an international organization. Your personal data will not be used for automated decision-making, including profiling.

Your personal data will be stored during the period of active service provision, and for archival purposes to secure information for the purpose of demonstrating legally relevant facts, which is our legitimate interest, but no longer than until the expiry of limitation periods for claims arising from the agreements concluded between you and the controller.

Newsletter

The controller of personal data provided by you for the purpose of sending the newsletter is DMSI Software (contact details at the beginning of the Policy). Personal data collected for the purpose of sending the newsletter includes: e-mail address, first name, last name, telephone number, position, IP address (stored temporarily). The personal data listed above will be processed by DMSI Software to send so-called newsletters, the purpose of which is to provide information about:

functionalities and development of the Serwico system and mobile applications integrated with it,
training and industry events,
promotions on services offered by DMSI.
Access to your data may be granted to entities related to DMSI and providers of digital services, such as e-mail or webinar and mailing systems, entities involved in hosting (storing) the portal and personal data for DMSI, providers of marketing tools (including analytical tools).

The legal basis for processing your data is consent to receive the information indicated above from DMSI Software (Article 6(1)(a) GDPR) and the necessity of processing data for the purposes of the legitimate interests pursued by the controller, which include conducting marketing, including analyzing whether marketing messages sent by DMSI are read and which content interests you most (Article 6(1)(f) GDPR).
If you consent to receiving marketing communications at the indicated e-mail address, the legal basis will also be Article 10 of the Act of July 18, 2002 on the provision of services by electronic means and Article 172 of the Act of July 16, 2004 – Telecommunications Law.

You have the right to request from the controller access to your personal data, their rectification, erasure, or restriction of processing, and to object to such processing. At the same time, we inform you that you have the right to lodge a complaint with the President of the Personal Data Protection Office if you believe that the processing of your personal data violates the GDPR. Your data will not be transferred outside the EEA to third countries or to an international organization.

Your personal data will be stored until you withdraw your consent to receive the newsletter or effectively object. You can withdraw your consent at any time by sending an appropriate statement to the DMSI Software address indicated at the beginning of the Policy or by clicking the appropriate link included in the newsletter message.
Please note that withdrawing consent to the processing of your personal data prevents us from performing the services described above on your behalf and that withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.

Contact Forms

DMSI enables interested parties (customers or other interested entities) to contact us using electronic contact forms posted on DMSI websites or on social media. Using the form requires providing the following personal data: first name, last name, e-mail address, telephone number, name of the company the person represents. Providing the above data is voluntary, but necessary to contact the sender and respond to the inquiry.

The controller of personal data is DMSI Software (contact details at the beginning of the Policy).
Personal data collected via the contact form is processed to identify the sender and handle their inquiry (Article 6(1)(b) GDPR) and for analytical purposes, as part of the controller’s legitimate interest (Article 6(1)(f) GDPR).

Data collected via the form may be entrusted by the controller to entities related to the controller, in particular DMSI Trade (to handle the inquiry), and processed by entities providing IT tools used by DMSI.

Unless cooperation is established between the person using the contact form and the controller, personal data is processed on a voluntary basis and will be processed only as long as necessary to achieve the purposes described above or until the interested party effectively objects to the processing of their data. You can object by sending an appropriate statement to the DMSI Software address indicated at the beginning of the Policy. Withdrawal of consent to the processing of personal data provided in the contact form does not render unlawful the processing of data carried out before the objection was raised.

Serwico Mobile Applications

DMSI mobile applications are available through online application stores (Google Play and App Store, respectively). Downloading the application may require the user to register in the relevant online store. DMSI has no influence on the processing of user data in connection with registration and use of these stores.

Mobile applications are available to entities that are parties to service agreements via the Serwico System.
To use the mobile application, the user is required to have appropriate access credentials in the Serwico System. Accordingly, the principles of personal data processing specified in section 1. Processing of data of entities that are parties to service agreements apply to mobile application users. Processing of personal data of mobile application users begins when the mobile application is paired with the user’s account in the Serwico System.

Using mobile applications additionally involves processing user data in the manner described below. The functions of the Serwico application use the user’s device location services to collect location data. If the user allows the application to access location services, their location will be regularly transmitted to the Serwico system. Applications may notify the user in the form of push messages about specific events, even if the application is not active at that moment. Push messages are a form of messaging specific to mobile applications, through which the System can directly contact the user.

As part of certain functions, DMSI Software mobile applications must have access to specific interfaces and data on the user’s device. Depending on the operating system the user is using, their explicit consent may be required.

Below is information about what permissions (if they are necessary for processing user data) the applications may request and what type of functions depend on these permissions:

user login and password – enable use of the mobile application;
location services / location data: permission to access the user’s device location services is necessary for the application to determine the user’s device location. If the user does not allow this access, displaying location-related content may be impossible or will be available only to a limited extent.
notifications / push messages: permission necessary to use push services. On some devices, this permission is active by default for all applications.
access to saved photos: this permission is necessary for the application to access saved photos (read access) or for photos generated by the application to be saved on the user’s device (write access).
camera: this permission is necessary for the application to use the user’s camera function, for example to take photos. The application will have access to the camera only when the appropriate function is selected in the application.
mobile data (iOS) or access to all services and connections to services (Android): when using or installing certain applications, a request for these permissions appears to allow the application to transmit data via the user’s device internet connection (Wi-Fi or data transmission). This permission may be required to transmit data entered in the application, e.g., as part of a search, to the System servers.

Participants in Training, Webinars, Surveys, etc.

The controller of personal data of participants in training, webinars, surveys, etc. (hereinafter: Event) is DMSI Software. For matters related to data processing, please contact the controller (contact details at the beginning of the document).

The participant’s personal data that may be processed by the controller in connection with participation in the Event includes: first name, last name, e-mail address, telephone number, name of the entity the participant represents.

The participant’s data will be processed for the purpose of participation in the Event (Article 6(1)(b) GDPR), receiving marketing information based on consent given (Article 6(1)(a) GDPR), and based on the controller’s legitimate interest (Article 6(1)(f) GDPR).

Consent to the processing of personal data can be withdrawn at any time without affecting the processing that took place before its withdrawal. In the case of events organized free of charge, consent to receive marketing information is voluntary, but necessary to participate in the Event.

Recipients of the Event participant’s personal data may be entities related to the controller. Personal data of participants may also be made available to providers of online tools intended for organizing Events used by the controller and entities acting on behalf of the controller.

The Event participant’s personal data will be stored until the controller’s legal obligations cease. Data processed on the basis of consent will be stored until its withdrawal or until the purpose ceases.

The Event participant has the right to request access to their personal data, as well as their rectification (correction). The participant also has the right to request erasure or restriction of processing, as well as to object to processing, although this right is available only if further processing is not necessary for the controller to fulfill a legal obligation and there are no other overriding legal grounds for processing. The Event participant has the right to lodge a complaint regarding the processing of their data with the President of UODO (uodo.gov.pl).

Users of DMSI Fanpages on Social Media

DMSI has profiles on the social media platforms Facebook, LinkedIn, and YouTube (hereinafter: Fanpage). On its Fanpages, DMSI regularly publishes and shares content. DMSI Software is the controller of personal data of users using specific Fanpages.

Social media administrators record user behavior using cookies and other similar technologies with each user interaction with DMSI Fanpages. DMSI Software, as the controller of social media Fanpages, has access to general statistics regarding the interests and demographic data (age, gender, geographic region) of users visiting the Fanpages. As part of using social media, the scope and purposes of data processing on social media are determined by the administrators of these platforms (Facebook, LinkedIn, YouTube, respectively).

DMSI Software provides content to its Fanpages. In the case of direct communication between the user and DMSI or when the user shares content of their choice with DMSI, DMSI Software is responsible for processing the user’s data. The exception concerns processing data for the purpose of usage analysis (page statistics) – the administrators of the respective social media platforms are also responsible for this. DMSI has no influence on the data processing policy of social media administrators.

Processing of data of DMSI Fanpage users on social media is based on user consent (Article 6(1)(a) GDPR) or is necessary for the purposes of the legitimate interests pursued by DMSI Software (Article 6(1)(f) GDPR).

User data, to the extent determined by DMSI Software as the data controller, will be processed until the user withdraws consent. The user can withdraw consent by submitting an appropriate statement to DMSI Software (DMSI Software contact details at the beginning of the Policy).

The user has the right to request from the controller access to their personal data, their rectification, erasure, or restriction of processing, to object to such processing, and the right to lodge a complaint with the President of the Personal Data Protection Office if the user believes that the processing of their personal data violates the GDPR.

Job Candidates

The controller of the candidate’s personal data is DMSI Software (contact details at the beginning of the Policy).

Data of persons submitting their candidacy for employment at DMSI is processed for the purpose of conducting the recruitment process, based on labor law provisions (Article 6(1)(c) GDPR). With regard to information indicated in the announcement as necessary, in accordance with the Labor Code – providing data is mandatory and necessary to participate in the recruitment process. Data not required by law, provided by the candidate in the submitted documents, will be processed on the basis of consent, which will be treated as their provision (Article 6(1)(a) GDPR). Providing data other than those indicated in the announcement as required has no impact on the recruitment process and is not necessary.

The candidate may withdraw consent to the processing of personal data at any time without affecting the processing that took place before its withdrawal.

Recipients of the candidate’s personal data may only be entities authorized to receive them under the law. In addition, the candidate’s data may be made available to providers of IT systems intended for communication or conducting the recruitment process used by DMSI.

The candidate’s personal data will be stored for the period necessary to complete the recruitment process for the given position. Additionally, personal data may be processed for purposes related to future recruitment processes, based on separate consent given by the candidate. After this period, the candidate’s data is deleted. DMSI reserves the right to contact only selected candidates.

A candidate who applied for recruitment has the right to request access to their personal data, as well as their rectification. The candidate also has the right to request erasure or restriction of processing, as well as to object to processing, although this right is available only if further processing is not necessary for the controller to fulfill a legal obligation and there are no other overriding legal grounds for processing. The candidate has the right to lodge a complaint regarding the controller’s processing of their data with the President of UODO. The candidate’s data will not be made available to a third country, nor will it be subject to profiling or automated decision-making.