SATIS GPS Privacy Policy

§ 1

1. Your personal data controller is SATIS GPS Spółka z ograniczoną odpowiedzialnością, with its registered office in Warsaw, at Al. Jerozolimskie 176, 02-486 Warsaw, entered into the Business Register of the National Court Register by the District Court for the capital city of Warsaw in Warsaw, the 13th Commercial Division of the National Court Register, under KRS (National Court Register) number 0000658031, NIP (Tax ID no.) 701-04-03-996, REGON (Business ID no.) 146982783, hereinafter referred to as the Controller; the Controller processes your personal data.

2. The Controller may be contacted in writing using traditional mail at the following address: Al. Jerozolimskie 176, 02-486 Warsaw, or by email at the following address: rodo@satisgps.com.

3. The Controller has appointed a Data Protection Officer, who may be contacted in writing using traditional mail at the following address: Al. Jerozolimskie 176, 02-486 Warsaw or by email at the following address: rodo@satisgps.com.

4. The basis for processing your personal data is:

1) your consent for personal data processing and receiving marketing communication, in particular expressed through the form available on the webpages used by the Controller to conduct business activity,
2) necessity arising from legitimate interests pursued by the Controller, such as providing information on the business activity of the Controller and products offered by the Controller, meeting the Controller’s obligations, in particular performing agreements which cover the provision of services related to locating and managing fleet vehicles using the SATIS System, offering products/services of the highest quality, and sharing information on the Controller, modifications and features introduced to the systems used to provide services, and on the business activity of the Controller. Personal data processing in the above-mentioned scope falls within the business activity conducted by the Controller and is necessary to provide customers with information, products and services related to locating and managing fleet vehicles.

5. Your personal data will be processed for the following purposes:

1) to present the offer of products or services provided by the Controller and to share information on the introduced modifications and new solutions,
2) to share marketing information and messages, including those about features offered by the systems used by the Controller to provide services,
3) to share information on meetings, special offers and other matters related to the business activity of the Controller,
4) in the case that you and the Controller enter into an agreement which covers the provision of services, your data will be used to properly perform such agreement, for example for accounting purposes, as well as to process complaints and provide warranties.

6. Your personal data may be made available to recipients who directly perform actions as part of the provided services (e.g. people who install the devices in vehicles) or recipients whose services the Controller uses to carry out marketing and information activities.

7. Your personal data may also be transferred to the entity which provides hosting services to the Controller, i.e. to Beyond.pl Spółka z o. o. with its registered office in Poznań, which has appropriate safeguards that prevent third party access to stored data.

8. Your personal data will not be transferred to recipients with registered offices in third countries, i.e. outside of the European Economic Area.

9. You have the right to:

– request that the Controller give you access to your personal data, rectify or erase your data, or limit the processing of your data,
– object to such processing,
– data portability,
– lodge a complaint with a supervisory authority.
The above rights may be exercised by sending a request using information referred to in Point 3, above.

10. Your personal data will be used in automated decision-making, including profiling.

11. Your personal data will be processed:

1) on the basis of your consent – until it is revoked or until the purpose for which they were gathered ceases to exist. You may withdraw your consent at any time and the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal,
2) in relation to the performance of the agreement concluded with the Controller – until the expiry of the period in which the Controller or you may seek claims related to the concluded agreement, or until the expiry of the period in which public bodies may initiate proceedings concerning the performance of the agreement,
3) in relation to carrying out marketing and information activities – until the Controller ceases to carry out activities which consist in offering products and services and running marketing campaigns.

§ 2

1. The Controller has identified specific purposes related to personal data security and has taken actions necessary to implement them in its company:

1) to ensure that personal data are processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’),
2) to ensure that personal data are collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’),
3) to ensure that the collected personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’),
4) the Controller takes steps to ensure that personal data are accurate and, where necessary, kept up to date; every reasonable step is taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’),
5) the Controller takes steps to ensure that personal data are kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’),
6) the Controller takes steps to ensure that personal data are processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

2. The purposes referred to in Point 1 are achieved by taking appropriate actions and using effective safeguards, which in particular include:

1) appropriately safeguarding IT systems in which personal data are processed,
2) constantly raising the awareness and knowledge of employees/business partners with regard to personal data security,
3) informing employees/business partners about the consequences, including disciplinary measures, which follow a breach of personal data security,
4) giving access to documents, materials and systems which contain personal data only to authorised persons,
5) securing documents, materials or systems against the loss or destruction of the personal data included in them,
6) implementing detailed rules governing the manner of managing users’ permissions and authorisation principles in all systems used by the Controller,
7) running thorough tests in the course of preparing new software,
8) reporting information security incidents,
9) regularly analysing risk in the field of information security and designing actions which minimise potential risks,
10) sharing personal data solely with third parties that provide sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of applicable legal provisions and this document and protect the rights of data subjects.

3. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons arising from processing, the Controller has implemented – both when determining the manners of processing and during processing itself – appropriate technical and organisational measures, designed to effectively follow the principles of personal data protection in order to meet the requirements of applicable legal provisions and protect the rights of data subjects.