PRIVACY POLICY OF THE STAMPER APPLICATION

WHAT IS THIS DOCUMENT ABOUT?

This document sets out the privacy policy of the Stamper Application ("Privacy Policy"). It is for informational purposes only and is intended to inform the Users about their Personal Data collected in connection with their use of the Application, how this data is used and protected, as well as what rights are granted to the User to whom the Personal Data relates.

The Privacy Policy aims to ensure the protection of the Personal Data and privacy of the Users by regulating the rules of processing of the Personal Data of the Users by Semble8 LTD with its registered office in London (86-90 Paul Street, London, England, EC2A 4NE, registered with Companies House under number 11391700) to ensure that the Personal Data fully complies with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as: “GDPR”) and the Act of 10 May 2018 on the Protection of Personal Data and the principles of providing Users with commercial information by electronic means in accordance with the Act of 18 July 2002 on the Provision of Electronic Services, as well as the principles of using telecommunications terminal equipment and automatic calling systems for the purposes of direct marketing in accordance with the Act of 16 July 2004 – Telecommunications Law.

This document is a supplement to the Stamper Mobile Application Terms of Use available in the Application. All terms appearing in this document should be understood in accordance with their definition contained in the Stamper Mobile Application Terms of Use. In particular, the Personal Data referred to in this document should be understood in accordance with the Stamper Mobile Application Terms of Use, and therefore as:

  1. personal data provided during registration in the Application, i.e. data provided during completing the Registration Form or used for logging on to Facebook or Google, i.e. nickname, password and e-mail address,
  2. personal data provided on an optional basis during the use of the Application by supplementing the Individual User Account, i.e. name and surname,
  3. personal data edited by the User in the Application,
  4. information about the User’s logging, User’s activity in the Application, the Premises where the User purchased the Product and User's preferences.

All the above mentioned personal data of the User will be hereinafter referred to as: "Personal Data”.

The Privacy Policy set forth herein is intended to be supplemental to the privacy policy of Google Play Store and Apple App Store.

This document is available in the Application.

In case of doubts or contradictions between the Privacy Policy and the consents granted by the User, regardless of the provisions of the Privacy Policy, the basis for undertaking any activities and determining the scope of these activities by the Data Controller are always voluntarily granted consents or legal regulations. In the event of such a contradiction between the Privacy Policy and the content of the information clause provided by the Data Controller, priority will be given to the information made available to the Data Controller under the aforementioned information clause.

It is recommended that you read this document carefully.

TO WHOM IS THIS DOCUMENT APPLICABLE?

The Privacy Policy set forth herein applies to all Users who have installed the Application on their Mobile Devices.

WHO IS THE CONTROLLER OF PERSONAL DATA?

The Controller of Personal Data (hereinafter the “Controller") collected from Users through the Application is Semble8 LTD with its registered office in London (86-90 Paul Street, London, England, EC2A 4NE, entered into the Companies House register under number 11391700), which is the owner of the Application.

The Controller can be contacted by e-mail: legal@getstamper.com or in writing to the address indicated above.

The Controller attaches great importance to the protection of Personal Data of Users and respect for the privacy of the Users and will therefore take all necessary steps to comply with its Privacy Policy.

The Controller undertakes to protect and respect the Personal Data of Users and their privacy.

HOW AND WHAT PERSONAL DATA IS COLLECTED BY THE CONTROLLER?

In connection with the use of the Application, some Personal Data is collected from the User and some is provided by the User to the Controller.

Upon completion of the registration procedure in the Application, the Controller collects Personal Data provided by the User, i.e. a nickname, password and e-mail address, which were provided during the completion of the Registration Form or used to log in to Facebook or Google.

The provision of such Personal Data by the User, as well as the choice of the method of registration in the Application, i.e. completing the Registration Form or using a previously created account on Facebook or Google, are voluntary but necessary for the use of the Application.

After having registered in the Application, the User may supplement their Individual User Account by entering additional Personal Data, i.e. name and surname, into the Application. When the data is introduced to the Application, it is acquired by the Controller. Providing this Personal Data is voluntary and is not necessary for the use of the Application. You may remove it from the Application at any time and your use of the Application will not be affected in any way.

You may edit your Personal Data in the Application at any time. Upon completion by the User of the procedure for editing his/her Personal Data, the Controller will obtain the newly entered Personal Data of the User.

The Controller will obtain Personal Data of the User, if they have not been previously provided by the User, also in the event that the User addresses a complaint or a question by sending an e-mail to the Controller's e-mail address. The content of such a message as well as the scope of Personal Data provided by the User is voluntary and is at the sole discretion of the User.

Moreover, when the User uses the Application, the Controller automatically collects information about the manner in which the User uses the Application, including the information about the User's logging in to the Application, his/her activity, the premises where the User purchased the Product and the User's preferences, for the purpose of its possible future automated processing (automated profiling) in the event of ordering the Newsletter service. Collection of such Personal Data by the Controller requires prior consent given by the User upon registration in the Application, and this consent is required, although voluntary, for the use of the Application.

FOR WHAT PURPOSE AND ON WHAT BASIS DOES THE CONTROLLER PROCESS THE PERSONAL DATA OF THE USER?

The Personal Data of the User obtained by the Controller will be processed exclusively for the purposes and on legal grounds as follows:

  1. for the purpose and to the extent necessary for the organisation and functioning of the Application, in particular to the extent necessary to conclude and perform an agreement for the provision of electronic services through the Application, as well as to process complaints and answer the User's questions about the Application (pursuant to Article 6(1)(b) or (f) of the GDPR),
  2. in order to possibly identify, assert, enforce claims or defend against claims pursuing a legitimate interest of the Controller (pursuant to Article 6(1)(f) of the GDPR),
  3. for the purpose of direct marketing of own services (pursuant to Article 6(1)(f) of GDPR), and in the event that the User gives an appropriate consent (in particular by ordering the Newsletter service), on the principles set forth in § 11 of the Stamper Mobile Application Terms of Use – also for the purpose of sending, via electronic means of communication, differentiated commercial information constituting materials containing informational, promotional or advertising content concerning the Controller and the Application, as well as concerning Partners and their Products (pursuant to Article 6(1)(a) or (f) of GDPR),
  4. to monitor the correctness and security of the operation of the Application and to provide technical and service support to its Users, including notification of failures and risks associated with the operation of the Application (pursuant to Article 6(1)(b) or (f) of GDPR),
  5. for statistical purposes and analytical research, i.e. better selection of services to meet the User's needs, optimisation of service processes, ensuring IT security of the Application, detection of cases of unauthorized use of services, financial analysis of the Controller, constituting the realization of the Controller's legally justified interest (pursuant to Article 6(1)(f) of GDPR),
  6. to store data for archiving purposes and to ensure accountability (pursuant to with Article 6(1)(c) or (f) of GDPR),
  7. in order to get to know the needs and preferences of the User and to create his/her profile within the scope of the Controller's legitimate interest consisting in to provide the User with information about offers adjusted to his/her needs in case of ordering the Newsletter service, if the User grants a respective consent (pursuant to Article 6(1)(a) or (f) of GDPR).

DOES THE PROCESSING OF THE USER’S PERSONAL DATA INVOLVE AUTOMATED PROCESSING OF HIS/HER PERSONAL DATA, INCLUDING PROFILING?

Profiling consists in processing personal data in an automated manner. It involves, among other things, the use of collected personal data for analysis or forecasting personal preferences or interests, and in such a way creating a customer profile. Using the profiling process enables more detailed personalisation of advertisements and content presented to the User, i.e. adjusting them to the Users.

In this case, automated decisions are taken in the processing of personal data. These decisions are based on an automated assessment of the personal data collected, in particular the analysis of personal preferences.

The Controller, despite the automated acquisition of information of the User’s logging in to the Application, activity in the Application, Premises where the User purchased the Product and the User's preferences will not subject this data and other Personal Data to automated processing, including profiling, unless the User orders the Newsletter service pursuant to the rules set forth in § 11 of the Terms of Use.

If the User orders the Newsletter service, the User's Personal Data, including information on how the User uses the Application, and in particular information on his or her logging in to the Application, activity in the Application, Premises where he or she purchased the Product and User preferences will be subject to automated profiling by the Controller in order to adapt this service to User preferences and interests, i.e. based on the Personal Data of the User, decisions will be made automatically by the Controller in order to prepare and send, via electronic means of communication, personalised commercial information constituting materials containing informational, promotional or advertising content concerning the Controller and the Application, as well as concerning Partners and Products offered by them.

Profiling of Personal Data by the Controller will amount to creating by the Controller groups of User profiles based on the criterion of the type of Product purchased, which will allow the Controller to propose that the User make use of other commercial offers of similar types of Products.

As a result of profiling performed by the Controller, commercial information will not be sent to the User, which in the opinion of the Controller is not consistent with the User’s interests.

If the User does not agree with the Controller's assessment of his or her interests and preferences based on profiling, he or she may contact the Controller at the contact address indicated above. In such a case, it is necessary to provide information which, in the User’s opinion, justifies the fact that the Controller's assessment is inaccurate.

The automated decision making described above as well as profiling will be based on the consent given by the User when ordering the Newsletter service.

The User may resign from the Newsletter service at any time, as a result of which his or her Personal Data will no longer be subject to automated processing, including profiling.

HOW DOES THE CONTROLLER PROTECT PERSONAL DATA?

The Controller will process Personal Data in compliance with the requirements of GDPR, the Act of 10 May 2018 on Personal Data Protection and the Act of 18 July 2002 on the Provision of Electronic Services.

The Controller will ensure the application of appropriate technical and organizational measures ensuring the security of Personal Data processing, in particular preventing access to it by unauthorized third parties or its processing in violation of generally applicable law, preventing the loss of personal data, its damage or destruction.

In addition, the Controller will take special care to protect the interests of Users, and in particular will ensure that the Personal Data collected by the Controller is:

  1. processed in a reliable and transparent way for the Users,
  2. processed for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes,
  3. processed exclusively in places where measures were taken to guarantee protection of Personal Data against unauthorized access by third parties,
  4. processed exclusively with the use of appropriately secured work tools – electronic equipment (computer, telephone, tablet), server, main operating system, e-mail box and other devices,
  5. adequate, relevant and limited to what is necessary for the purposes for which it is processed,
  6. correct and, if necessary, updated,
  7. stored in a form enabling identification of the User to whom the data refer for a period not longer than it is necessary for the purposes for which the data is processed,
  8. not transferred without adequate protection.

To this end, the Controller will implement and improve internal procedures.

The Controller will also take all necessary steps to ensure that its employees, persons cooperating with it and its Partners and their employees and persons cooperating with them guarantee the application of appropriate security measures in each case, when it comes to processing Personal Data at the request of the Controller.

TO WHOM CAN PERSONAL DATA BE TRANSFERRED?

In some situations, the Controller may transfer Personal Data of the User to third parties. The catalogue of recipients of Personal Data results primarily from the scope of services used by the Controller.

The recipients of Personal Data may be:

  1. authorised employees and associates of the Controller to whom Personal Data will be disclosed in order to enable them to perform their duties,
  2. Partners and their employees and associates,
  3. entities providing services to the Controller, in particular IT, accounting, postal, courier, advisory, consulting, analytical, advertising, legal services.

In addition, Personal Data may be made available to competent public authorities, including the Police, Customs, law enforcement bodies, if required by applicable law.

WILL PERSONAL DATA BE TRANSFERRED TO COUNTRIES OUTSIDE THE EUROPEAN ECONOMIC AREA?

The Controller does not envisage that Personal Data will be transferred to countries outside the European Economic Area.

FOR WHAT PERIOD OF TIME WILL PERSONAL DATA BE PROCESSED?

Personal Data will be processed by the Controller for a period of:

  1. validity of the agreement for provision of electronic services concluded by the Controller with the User, and after its termination for a period of 6 years from the end of the year in which the agreement for provision of electronic services has been terminated,
  2. necessary to assert claims by the Controller in connection with the conducted business activity or to defend from claims against the Controller on the basis of generally applicable law, taking into account the periods of limitation of claims specified in generally applicable law,
  3. in the case of processing for the purposes of direct marketing – for the duration of the agreement for the provision of electronic services, until the User objects to such processing, depending on which of these events occurs first,
  4. in order to monitor the correctness and security of the operation of the Application, throughout the period of the use of the Application by the User,
  5. in the case of consent to the processing of data for a given purpose – until the withdrawal of consent or no longer than it is necessary to achieve the purpose for which the consent was given,
  6. in order to be accountable, i.e. to prove compliance with the regulations concerning personal data processing, it will be stored for a period in which the Controller is obliged to store the data or documents containing it in order to document compliance with legal requirements and to enable control of their fulfilment by public authorities,
  7. for the purpose of collecting data on the manner in which the User uses the Application – for the period of using the Application by the User,

no longer than 6 years from the end of the year in which the agreement for the provision of electronic services was terminated.

WHAT RIGHTS DOES THE USER HAVE?

Each User is at any time entitled to:

  1. access (inspect and copy) the Personal Data,
  2. rectify (correct) the Personal Data,
  3. supplement the Personal Data,
  4. delete the Personal Data, in the cases indicated in GDPR (in particular, when the Personal Data is no longer necessary for the purposes for which it was collected, its processing would be unlawful, the User withdraws his or her consent to its processing, and the basis for its processing is removed, unless its processing is necessary to assert or defend claims by the Controller),
  5. limit the processing of Personal Data in the cases indicated in GDPR (in particular when the User questions the correctness of the Personal Data, the processing is illegal, but the User opposes the deletion of the Personal Data, the Controller no longer needs the Personal Data, but it is necessary for the User, or the User has objected to the processing of the Personal Data),
  6. transfer of the Personal Data,

and moreover, the User is entitled to:

  1. object to the processing of the Personal Data in the cases specified in GDPR (this applies to the processing of the Personal Data for the purposes of direct marketing and profiling),
  2. withdraw his or her consent to the processing of the Personal Data at any time, if the processing of the data is based on the User’s consent,
  3. lodge a complaint with the supervisory authority (the President of the Office for Personal Data Protection) in the cases specified in GDPR,
  4. in the scope of profiling of the Personal Data – obtaining human intervention by the Controller, expressing the User's opinion and questioning the decision issued on the basis of profiling by the Controller.

In order to exercise these rights, the User should contact the Controller in writing or by e-mail, at the above mentioned contact address. If the Controller is unable to identify the User, the Controller will request additional information from the person submitting the request. The Controller's answer will be given in the same form as the form in which the User contacted the Controller.

WHAT ARE THE OBLIGATIONS OF THE USER?

The actions taken by the Controller aimed at the protection of the Personal Data may not always be sufficient, in particular if the User does not observe the rules of security. In particular, the User must keep the login and password for the Application confidential and not make them available to third parties. The Controller will not ask the User to provide such information, except when logging in to the Application.

In order to maintain the principles of safe use of the Application and processing of the Personal Data, the User must also ensure adequate protection of the Mobile Device, in particular prevent its loss or theft. It is recommended that the User log out of the application each time after he or she stopped using the Application.

HOW THE COMMERCIAL INFORMATION WILL BE TRANSFERRED TO THE USER?

The Controller has a technical possibility to communicate with the User remotely, in particular by e-mail messages.

If the User orders the Newsletter service in accordance with the rules specified in § 11 of the Terms of Use, thereby giving his/her consent, the User will receive, at various dates, to the e-mail address provided, various commercial information constituting materials containing informational, promotional or advertising content concerning the Controller and the Application, as well as concerning Partners and their Products.

The condition of ordering the Newsletter service will be that the User expresses his/her consent referred to in Article 10, Section 2 of the Act of 18 July 2002 on the Provision of Electronic Services and Article 172, Section 1 of the Act of 16 July 2004 – Telecommunications Law, as well as in Article 6, Section 1, letter a) of GDPR.

Ordering of the Newsletter service, and in particular granting the consent by the User is voluntary. The Newsletter may be ordered at any time, and the User may resign from the Newsletter service at any time. In case of cancellation of the Newsletter service, the User will not receive any further commercial information.

Ordering or cancelling the Newsletter service is possible with the use of the Application.

The Newsletter service will be provided by the Controller free of charge.

WHO ARE THE PARTNERS?

The Controller cooperates closely with the Partners. The cooperation is based on the fact that the Controller enables the Partner to organize, with the use of the Application, the Loyalty Program which the User can join by adding the appropriate Loyalty Program Participation Card. The Partners are therefore responsible for the organization, conduct and execution of the benefits from participation in the Loyalty Program for the User. The list of Partners is available in the Application and will be updated on a regular basis.

The User has the opportunity to contact the Partner in the manner indicated in the Loyalty Program Terms and Conditions prepared by the Partner.

In order to carry out particular Loyalty Programs, the Controller will transfer, applying the necessary security measures, the Users' Personal Data, limiting its scope only to the nickname and, in connection with the User’s accession to a particular Loyalty Program, the individual number of the Loyalty Program Participation Card.

IS PRIVACY POLICY SUBJECT TO CHANGE?

The Controller reserves that the Privacy Policy will be subject to its verification from time to time and adaptation to the Controller’s capabilities and the Users’ needs, as well as to requirements resulting from generally applicable laws. It may therefore be subject to change, in particular for important reasons such as:

  1. an amendment to generally applicable laws (in particular concerning the personal data protection, provision of electronic services or telecommunication law, as well as consumer rights) having a direct impact on the content of this document and resulting in the need to amend it,
  2. change in the interpretation of legal regulations by courts or public authorities having a direct impact on the content of this document and resulting in the need to amend it,
  3. a ruling or decision by a court or public authority directly affecting the content of this document and resulting in the need to amend it,
  4. development of features or electronic services resulting from the progress of Internet technology, including the use / implementation of new technological or technical solutions affecting the content of this document and resulting in the need to amend it,
  5. introduction of new features in the Application, and in particular extension of the scope of services provided through the Application,
  6. lack of possibility to provide services through the Application on the existing conditions,
  7. removing any ambiguities or doubts as to the interpretation of the content of this document,
  8. change of the Controller's data.

The Controller will notify the User about the amendment to the Privacy Policy by sending the amended (including the list of amendments) or new document setting forth the new Privacy Policy via the Application/e-mail (to the address provided at the User’s registration) at least one month in advance, unless the legal provisions require prior entry into force. The notification will indicate the date of entry into force of the amendments to the Privacy Policy.