Privacy Policy

§1. General Provisions

1. The personal data controller, as defined in Art. 4 point 4 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter GDPR), is Dawid Skąpski, conducting business activity under the name Dawid Skąpski SM Freight, located at ul. Wojska Polskiego 119a, 98-200 Sieradz, NIP: 8272330997, REGON: 522263936.

2. The data controller’s email address: [email protected].

3. The controller, in accordance with Art. 32(1) of GDPR, observes the principles of personal data protection and applies appropriate technical and organizational measures to prevent accidental or unlawful destruction, loss, modification, unauthorized disclosure, or unauthorized access to personal data processed in connection with the conducted activity.

4. Providing personal data by the user is voluntary.

5. The scope of data processed by the data controller in each case remains adequate to the purpose for which the data was collected.

6. With the user’s consent, the mobile application may access the following permissions on the mobile device, including:

   • technical data,
   • device location data,
   • access to photo gallery or other files,
   • access to camera,
   • access to contacts,
   • displaying notifications.

§2. Purpose and Legal Basis for Personal Data Processing

The controller processes personal data for the following purposes:

• providing services electronically through the Application, based on the concluded agreement (Art. 6(1)(b) GDPR);
• handling the complaint process, based on the obligation incumbent on the data controller in connection with applicable law (Art. 6(1)(c) GDPR);
• contacting users, particularly in response to inquiries directed to the data controller, which is a legitimate interest of the data controller (Art. 6(1)(f) GDPR);
• sending technical information regarding the functioning of the Application and services used by the user, which is a legitimate interest of the data controller (Art. 6(1)(f) GDPR).

§3. Data Recipients. Transfer of Data to Third Countries

1. Recipients of personal data processed by the data controller may be subcontractors – entities whose services the data controller uses when processing data, e.g., hosting service providers, technical caretakers of the Application.

2. Personal data will not be transferred to entities located outside the European Economic Area.

§4. Personal Data Retention Period

The data controller stores personal data for the period of the user’s use of the Application, i.e., until the User is removed from the Application.

§5. Rights of the Data Subject

1. Every data subject has the right to:

• access – obtain confirmation from the controller whether their personal data is being processed. If data about a person is processed, they are entitled to gain access to it and obtain the following information: about the purposes of processing, categories of personal data, information about recipients or categories of recipients to whom the data has been or will be disclosed, about the period of data storage or the criteria for determining it, about the right to request rectification, erasure or restriction of processing of personal data concerning the data subject, and to object to such processing (Art. 15 GDPR);
• receive a copy of data – obtain a copy of the data subject to processing, where the first copy is free, and for subsequent copies, the controller may impose a reasonable fee resulting from administrative costs (Art. 15(3) GDPR);
• rectification – request rectification of personal data concerning them that is incorrect or completion of incomplete data (Art. 16 GDPR);
• erasure of data – request erasure of their personal data if the controller no longer has a legal basis for processing or the data is no longer necessary for the purposes of processing (Art. 17 GDPR);
• restriction of processing – request restriction of personal data processing (Art. 18 GDPR), when:
  • the data subject questions the accuracy of personal data – for a period allowing the controller to verify the accuracy of this data,
  • the processing is unlawful and the data subject opposes the erasure of the data, requesting the restriction of their use instead,
  • the controller no longer needs the data, but they are required by the data subject for the establishment, exercise or defense of legal claims,
  • the data subject has objected to processing – pending the verification whether the legitimate grounds of the controller override those of the data subject;
• data portability – receive in a structured, commonly used and machine-readable format personal data concerning them, which they have provided to the controller, and request that this data be sent to another controller, if the data is processed based on the consent of the data subject or a contract concluded with them and if the data is processed in an automated manner (Art. 20 GDPR);
• objection – object to the processing of their personal data for the controller’s legitimate purposes, for reasons related to their particular situation, including profiling. The controller then assesses the existence of valid legally justified grounds for processing, overriding the interests, rights and freedoms of data subjects, or grounds for the establishment, exercise or defense of claims. If, according to the assessment, the interests of the data subject will be more important than the interests of the controller, the controller will be obliged to cease processing data for these purposes (Art. 21 GDPR).

2. To exercise the above-mentioned rights, the data subject should contact the controller using the provided contact details and inform which right and to what extent they want to exercise.

3. The data subject has the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office in Warsaw.

§6. Automated Data Processing. Profiling

1. The controller may process user data regarding the frequency of the user’s use of the Application and the functionalities used by them.

2. The controller processes the data referred to in paragraph 1 to improve the Application.

3. A user who disagrees with the processing of their data in the manner specified in paragraph 1 may object to automated data processing, which may, however, result in the inability to use the Application.

§7. Advertisements in the Application

1. The Application uses systems to monitor actions taken in the application and measure the effectiveness of advertising campaigns.

2. Data such as user activity, device identifier, and geolocation are used to provide personalized advertising services.

3. Advertisers may be provided with information about the effectiveness of their ads, but without disclosing any personal data of the user.

§8. Cookies

1. The Service Provider collects data concerning the User in the form of so-called “cookies”. Cookies are created during the use of the Application and are small text files that are stored on the Device.

2. The cookie files store data of a technical nature, related solely to the User’s use of the Application, such as: the date of the Application’s connection to its servers, the IP address of the Device, dates of using the Application and its individual functions. This data is used solely for the purposes specified in paragraph 3 and does not allow for the identification of individual Users. Cookie files do not store data entered by the User in other applications of the Device.

3. The Service Provider has access to cookie files and uses them to facilitate the provision of services available in the Application, as well as to improve and develop these services and the Application itself by analyzing the User’s behavior in the Application. The Service Provider processes the data contained in cookie files automatically.

4. The User does not have to accept cookies (by making appropriate settings on the Device), but this may cause the Application to not function fully correctly.

5. Cookie files are not malicious software (so-called viruses, Trojan horses), do not change the hardware configuration of the Device, and can be deleted by the User at any time.