READY APP - Privacy Policy

TABLE OF CONTENTS:

1. GENERAL PROVISIONS

2. BASIS FOR DATA PROCESSING

3. PURPOSE, BASIS AND PERIOD OF DATA PROCESSING IN THE APPLICATION

4. RECIPIENTS OF DATA IN THE APPLICATION

5. PROFILING IN THE APPLICATION

6. THE DATA SUBJECT’S RIGHTS

7. FINAL PROVISIONS

1. GENERAL PROVISIONS

1.1. The hereby privacy policy of the READY APP Application is informative, which means that it is not a source of obligations for Application Users. The privacy policy contains primarily rules regarding the processing of personal data by the Data Controller in the Application, including the grounds, purposes and period of processing of personal data and the rights of data subjects.

1.2. The Data Controller of personal data collected through the Application is ASPIRA SP. Z O.O. with its registered office in Warsaw (registered office address and correspondence address: ul. Puławska 182, 02-670 Warsaw, Poland); registered in the Register of Entrepreneurs of the National Court Register under the KRS number: 0000518176; company registration files kept by the District Court for the capital city of Warsaw in Warsaw, 13th Commercial Division of the National Court Register; Tax Identification Number: 5213676391, REGON number: 147351688, e-mail address: contact@borntobeready.com and contact phone number: +48 502 626 562 - hereinafter referred to as the "Data Controller" who is also the Owner of the READY APP Application.

1.3. Personal data in the Application are processed by the Data Controller in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as "GDPR" or "GDPR Regulation". The official text of the GDPR Regulation: http://eurlex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.

1.4. Using the READY APP Application is voluntary. Similarly, providing personal data related to the use of the READY APP Application by the User is voluntary, with two exceptions: (1) concluding contracts with the Data Controller – a failure to provide, in cases and to the extent indicated on the READY APP Application website and in the Terms and conditions of the READY APP Application and the hereby privacy policy, personal data necessary to conclude and perform a contract with the Data Controller results in the inability to conclude such contract. Providing personal data is in this case a contractual requirement and if the data subject wants to conclude a given contract with the Data Controller, he is obliged to provide the required data. Each time the scope of the data required to conclude a contract is indicated in advance on the READY APP Application website and in the Terms and conditions of the READY APP Application; (2) the Data Controller's statutory obligations - providing personal data is a statutory requirement resulting from the generally applicable legal provisions imposing an obligation on the Data Controller to process personal data (e.g. data processing for the purpose of bookkeeping) and failure to provide it will prevent the Data Controller from performing these obligations.

1.5. The Data Controller assures diligence in protecting the interests of persons to whom the personal data processed by him relates, and in particular he is responsible and ensures that the data collected by him are: (1) processed in accordance with the law; (2) collected for specified, legitimate purposes and not subject to further processing incompatible with those purposes; (3) factually correct and adequate in relation to the purposes for which they are processed; (4) stored in a form that allows identification of the data subjects, no longer than necessary to achieve the purpose of processing, and (5) processed in a way that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage by appropriate technical or organizational measures.

1.6. Taking into account the nature, scope, context and purposes of processing as well as the risk of violation of the rights or freedoms of data subjects of different probability and severity of threat, the Data Controller implements appropriate technical and organizational measures to process it in accordance with the GDPR Regulation and to be able to demonstrate it. These measures are reviewed and updated as necessary. The Data Controller uses technical measures to prevent unauthorized persons from acquiring and modifying personal data sent electronically.

1.7. All words, expressions and acronyms appearing in the hereby privacy policy and beginning with a capital letter (e.g. Owner, User, Application) should be understood in accordance with their definition contained in the Terms and conditions of the READY APP Application.

2. BASIS FOR THE PROCESSING OF DATA

2.1. The Data Controller is entitled to process personal data in cases where - and to the extent that - at least one of the following conditions is met: (1) the data subject has given consent to the processing of his personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Data Controller is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

2.2. The processing of personal data by the Data Controller requires each time at least one of the grounds indicated in point 2.1 of the privacy policy. The specific grounds for processing personal data of the Users of the READY APP Application by the Data Controller are indicated in the next section of the privacy policy – in relation to the given purpose of processing personal data by the Data Controller.

3. PURPOSE, BASIS AND PERIOD OF DATA PROCESSING IN THE APPLICATION

3.1. Each time the purpose, grounds and period as well as the recipient of personal data processed by the Data Controller result from actions taken by a given User in the Application.

3.2. Due to the nature of the READY APP Application and the purpose of some of its functionalities, the Data Controller informs that the User's personal data processed while using the Application may constitute special categories of personal data (so-called sensitive data) within the meaning of art. 9 of the GDPR Regulation (e.g. data concerning health or sexuality). These data are always provided by the User voluntarily and in order to use certain functionalities of the READY APP Application. The User decides independently to provide such data and of the scope of information he publishes about himself in the Application.

3.3. The Data Controller may process personal data in the Application for the following purposes, on grounds and during the periods indicated as follows: a) purpose of data processing b) legal basis for processing data c) period of data storage:

3.2.1

a) Performance of a contract for the use of the Application, other contract or taking actions at the request of the data subject prior to entering into a contract.

b) Article 6 para. 1 letter b) of the GDPR Regulation (performance of a contract) - processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. Article 6 para. 1 letter a) in connection with art. 9 para. 2 letter a) of the GDPR Regulation (consent to the processing of personal data of a special category) - the data subject has given consent to the processing of his personal data of a special category in order to use some of the functionalities of the Application and voluntarily chooses the scope of personal data provided by him for this purpose.

c) The data is stored for the period necessary to perform, terminate by notice or otherwise end a contract.

3.2.2

a) Direct marketing

b) Article 6 para. 1 letter f) of the GDPR Regulation (legitimate interest of the Data Controller) - processing is necessary for purposes arising from the legitimate interests of the Data Controller - consisting in taking care of the interests and good image of the Data Controller and his Application.

c) The data is stored for the duration of the legitimate interest pursued by the Data Controller, but no longer than for the prescription period of the Data Controller's claims against the data subject. The prescription period is determined by law, in particular the Civil Code (the basic prescription period for claims against the Data Controller is six years). The Data Controller may not process data for direct marketing purposes if the data subject has successfully objected to it.

3.2.3

a) Marketing

b) Article 6 para. 1 letter a) of the GDPR Regulation (consent) - the data subject has given consent to the processing by the Data Controller of his personal data for the purposes of marketing.

c) The data is stored until the data subject withdraws his consent for further processing of his data for this purpose.

3.2.4

a) Bookkeeping

b) Article 6 para. 1 letter c) of the GDPR Regulation in connection with art. 74 para. 2 of the Accounting Act, i.e. from 30th January 2018 (Journal of Laws of 2018, item 395) - processing is necessary to fulfill the legal obligation of the Data Controller

c) The data is stored for the period required by legal regulations requiring the Data Controller to store accounting books (5 years from the beginning of the year following the financial year to which the data relate).

3.2.5

a) Determination, investigation or defense of claims which may be raised by the Data Controller or which may be raised against the Data Controller.

b) Article 6 para. 1 letter f) of the GDPR Regulation (legitimate interest of the Data Controller) - processing is necessary for purposes arising from the legitimate interests of the Data Controller - consisting in establishing, investigating or defending claims that may be raised by the Data Controller or which may be raised against the Data Controller.

c) The data is stored for the duration of the legitimate interest pursued by the Data Controller, but no longer than for the prescription period of claims that may be raised against the Data Controller (the basic prescription period for claims against the Data Controller is six years).

3.2.6

a) Using the Application and ensuring its proper functioning

c) The data is stored for the duration of the existence of a legitimate interest pursued by the Data Controller, but no longer than for the prescription period of the Data Controller's claims against the data subject. The prescription period is determined by law, in particular the Civil Code (the basic prescription period for the Data Controller is six years).

3.2.7

a) Keeping statistics and analyzing traffic in the Application.

b) Article 6 para. 1 letter f) of the GDPR Regulation (legitimate interest of the Data Controller) - processing is necessary for purposes resulting from the legitimate interests of the Data Controller - consisting in keeping statistics and analyzing traffic in the Application in order to improve the functioning of the Application.

c) The data is stored for the duration of the legitimate interest pursued by the Data Controller, however no longer than for the prescription period of the Data Controller's claims against the data subject. The prescription period is determined by law, in particular the Civil Code (the basic prescription period for claims against the Data Controller is six years).

4. RECIPIENTS OF DATA IN THE APPLICATION

4.1. In order to assure proper functioning of the READY APP Application, it is necessary for the Data Controller to use the services of external entities (such as e.g. software supplier, payment processing entity). The Data Controller uses solely the services of such processing entities that provide sufficient guarantees for the implementation of appropriate technical and organizational measures, so that the processing meets the requirements of the GDPR Regulation and protects the rights of data subjects.

4.2. Personal data may be transferred by the Data Controller to a third country (outside the European Union or the European Economic Area), while the Data Controller ensures that in such case it will take place in relation to the country ensuring an adequate level of protection - pursuant to the GDPR Regulation, and the data subject may obtain a copy of his data. The Data Controller transfers the collected personal data only in the case and to the extent necessary to achieve the given purpose of data processing in accordance with the hereby privacy policy.

4.3. The transfer of data by the Data Controller does not occur in every case and not to all recipients or categories of recipients indicated in the privacy policy - the Data Controller transfers data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it.

4.4. Personal data of the READY APP Application Users can be transferred to the following recipients or categories of recipients:

entities that support electronic payments or payments by card - in the case of a User who makes electronic payments or payments by card in the Application, the Data Controller provides the User's collected personal data to the chosen entity supporting the above payments in the Application at the request of the Data Controller to the extent necessary to support payments made by the User.
providers of accounting, legal and advisory services providing the Data Controller with accounting, legal or advisory support (in particular an accounting office, law firm or debt collection company) - the Data Controller provides the User's collected personal data to a chosen supplier acting on his behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with the hereby privacy policy.
service providers that provide the Data Controller with technical, IT and organizational solutions that enable the Data Controller to run and maintain the Application (in particular the computer software provider for running the READY APP Application, the e-mail and hosting providers as well as the software provider for managing the company and providing technical support to the Data Controller) - the Data Controller provides the User's collected personal data to the chosen supplier acting on his behalf only in the case and to the extent necessary to achieve the given purpose of data processing in accordance with the hereby privacy policy.
provider of social plugins implemented in the Application, of scripts and other similar tools enabling a person using the Application to download content from the suppliers of the said plugins (e.g. logging in using social network login details) and for this purpose providing the providers with the personal data of the visitor, including also:
1. Facebook Inc. - the Data Controller uses Facebook social plugins in the Application (e.g. logging in using Facebook login details) and therefore collects and discloses personal data of the User using the Facebook Inc. Application (1 Hacker Way, Menlo Park, CA 94025, USA) to the extent and in accordance with the privacy principles available here: https://www.facebook.com/about/privacy (this data may include information about activities in the Application - including information about the device, the visited websites, purchases, displayed ads and how to use the services).
2. Google Inc. - the Data Controller uses Google plugins in the Application (e.g. logging in using Google login details) and therefore collects and discloses personal data of the User using the Application to Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA) to the extent and in accordance with the privacy principles available here: https://policies.google.com/privacy (this data may include information about activities in the Application - including information about the device, the visited websites, purchases, displayed ads and how to use the services).

5. PROFILING IN THE APPLICATION

5.1. The GDPR Regulation requires the Data Controller to inform about automated decision-making, including profiling, as referred to in art. 22 para. 1 and 4 of the GDPR Regulation, and - at least in these cases - relevant information about the decision-making rules, as well as about the significance and anticipated consequences of such processing for the data subject. With this in mind, the Data Controller provides information on possible profiling in this section of the privacy policy.

5.2. The Data Controller may use profiling for the purposes of direct marketing in the Application, but the decisions made on its basis by the Data Controller do not relate to the conclusion or refusal to conclude a contract or the possibility of using the functionality in the Application. The effect of using profiling can be, for example, granting a given person a discount, sending them a rebate code, reminding of unfinished activities, sending an offer that may correspond to the interests or preferences of a given person or proposing better conditions compared to the standard offer of the Application. Despite profiling, a given person makes a free decision whether they want to take advantage of the discount or offer received in this way and make purchases in the Application.

5.3. Profiling in the Application consists in the automatic analysis or forecast of a given person's behavior as part of the READY APP Application, e.g. by analyzing the previous history of activities undertaken in the Application. The condition of such profiling is that the Data Controller possesses personal data of a given person in order to be able to subsequently send them e.g. a rebate code or a better offer compared to a standard one.

5.4. The data subject has the right not to be subject to a decision that is based solely on automated processing, including profiling, and produces legal effects on that person or similarly significantly affects him.

6. THE DATA SUBJECT’S RIGHTS

6.1. The right to access, rectify, limit, delete or transfer - the data subject has the right to request the Data Controller to access his personal data, rectify it, delete it ("right to be forgotten") or limit processing and has the right to object to processing, and also has the right to transfer his data. Detailed conditions for exercising the abovementioned rights are indicated in art. 15-21 of the GDPR Regulation.

6.2. The right to withdraw consent at any time - a person whose data is processed by the Data Controller on the basis of expressed consent (pursuant to art. 6 para. 1 letter a) or art. 9 para. 2 letter a) of the GDPR Regulation), has the right to withdraw consent at any time without affecting the lawfulness of the processing that was carried out on the basis of his consent before its withdrawal.

6.3. The right to lodge a complaint to the supervisory body - a person whose data is processed by the Data Controller has the right to lodge a complaint to the supervisory body in the manner and according to a procedure specified in the provisions of the GDPR Regulation and Polish law, in particular the Personal Data Protection Act. The supervisory body in Poland is the President of the Personal Data Protection Office.

6.4. The right to object - the data subject has the right to object at any time - for reasons related to his particular situation - to the processing of personal data concerning him based on art. 6 para. 1 letter e) (public interest or tasks) or f) (legitimate interest of the Data Controller), including profiling based on these provisions. In such a case, the Data Controller may no longer process this personal data, unless he demonstrates the existence of valid legitimate grounds for processing, overriding the interests, rights and freedoms of the data subject, or interests for establishing, investigating or defending claims.

6.5. The right to object to direct marketing - if personal data is processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning him for the purposes of such marketing, including profiling, to the extent in which processing is associated with such direct marketing.

6.6. In order to exercise the rights referred to in this article of the privacy policy, you can contact the Data Controller by sending an appropriate message in writing or by e-mail to the Data Controller's address indicated at the beginning of the privacy policy.

7. FINAL PROVISIONS

7.1. The Application may contain links to other websites or applications. The Data Controller urges that after switching to other pages please read the privacy policy set out for a given page. The hereby privacy policy applies exclusively to the Data Controller's Application.

READY APP - Privacy Policy

1. GENERAL PROVISIONS

​

​

​

​

​

​

​

1.7. All words, expressions and acronyms appearing in the hereby privacy policy and beginning with a capital letter (e.g. Owner, User, Application) should be understood in accordance with their definition contained in the Terms and conditions of the READY APP Application.

​

2. BASIS FOR THE PROCESSING OF DATA

​

​

3. PURPOSE, BASIS AND PERIOD OF DATA PROCESSING IN THE APPLICATION

3.1. Each time the purpose, grounds and period as well as the recipient of personal data processed by the Data Controller result from actions taken by a given User in the Application.

3.3. The Data Controller may process personal data in the Application for the following purposes, on grounds and during the periods indicated as follows: a) purpose of data processing b) legal basis for processing data c) period of data storage:

​

3.2.1

4. RECIPIENTS OF DATA IN THE APPLICATION

​

​

​

​

4.4. Personal data of the READY APP Application Users can be transferred to the following recipients or categories of recipients:

5. PROFILING IN THE APPLICATION

​

​

​

​

5.4. The data subject has the right not to be subject to a decision that is based solely on automated processing, including profiling, and produces legal effects on that person or similarly significantly affects him.

​

6. THE DATA SUBJECT’S RIGHTS

​

​

​

​

​

​

6.6. In order to exercise the rights referred to in this article of the privacy policy, you can contact the Data Controller by sending an appropriate message in writing or by e-mail to the Data Controller's address indicated at the beginning of the privacy policy.

​

7. FINAL PROVISIONS

​

7.1. The Application may contain links to other websites or applications. The Data Controller urges that after switching to other pages please read the privacy policy set out for a given page. The hereby privacy policy applies exclusively to the Data Controller's Application.