Smart Target Mobile Application Privacy Policy

Smart Target Mobile Application Privacy Policy

  1. Data Controller and Definitions

The Controller of the personal data of the Application Users, also referred to as the Controller, is: Smart Target Sp. z o.o., ul. Koperkowa 47D, 81-589 Gdynia Phone: +48 536 989 636, NIP (Tax ID): 9581728221, REGON: 52335963800000.

The Data Controller can be contacted:

  • at the correspondence address: Koperkowa 47D, 81-589 Gdynia;
  • at the email address: app@smart-target.pl (example address for the application, adjusted to the domain).

Definitions:

User – a natural person using the Smart Target mobile Application. Application – the Smart Target mobile application, made available on mobile devices, through which the User can use specific functionalities or services. Account – a collection of data stored in the Controller’s ICT system, concerning a given User and their use of the Application, by means of which the User can use the full functionalities of the Application. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

  1. Purposes, Legal Bases, and Retention Period for Data Processing

To provide the services offered via the Application, the Controller processes:

  • Information regarding the User’s device and activity in the Application to ensure the correct functioning of the services and for analytical purposes: device IP address, device advertising identifiers, session data, operating system and device data, data on activity within the Application.
    • Legal Basis: Art. 6(1)(b) of the GDPR (performance of a contract for the provision of services by electronic means – Application Terms and Conditions) and Art. 6(1)(f) of the GDPR (legitimate interest of the Controller – ensuring the security and correct functioning of the Application).
  • Diagnostic Data (e.g., via Sentry): To monitor the Application’s performance, identify and resolve errors, and ensure its stable operation, we collect diagnostic data such as information about crashes, errors, device and operating system configuration, and data on interactions with the Application. This data is collected anonymously or pseudonymously, depending on the tool’s configuration.
    • Legal Basis: Art. 6(1)(f) of the GDPR (legitimate interest of the Controller – ensuring the security, stability, and correct functioning of the Application and continuous improvement of services).
  • Geolocation information (GPS coordinates), if the User has consented to the Application’s access to geolocation. This information is used to provide services strictly related to location (e.g., displaying nearby targets, offers).
    • Legal Basis: Art. 6(1)(a) of the GDPR (User’s consent).
  • Personal data of Account Users: name, surname, email address, phone number, and other personal data required for using specific Application functions and whose provision is required by the Controller during the registration or service use process.
    • Legal Basis: Art. 6(1)(b) of the GDPR (performance of a contract for the provision of services by electronic means – Account maintenance).

This information does not contain data related to the User’s identity, but when combined with other information, they may constitute personal data, and thus the Controller grants them full protection under the GDPR.

Retention Period: Data is processed until the User stops using the Application and the Account is deleted, or until consent for data processing is withdrawn, if processing is based on consent.

The Controller commits to taking all technical and organizational measures required by Art. 32 of the GDPR to ensure a level of security corresponding to the risk of data processing.

  1. Controller’s Marketing Activities

The Controller may place marketing information about its products or services in the Application. The display of this content is performed by the Controller in accordance with Art. 6(1)(f) of the GDPR (legitimate interest of the Controller), consisting of publishing content related to the services provided and promotional actions.

  1. Recipients of User Data

The Data Controller discloses Users’ personal data only to processors based on concluded data processing agreements for the purpose of providing services to the Controller, e.g.: Application hosting services, IT services, analytical and statistical tools, marketing services.

  1. Transfer of Personal Data to Third Countries

Personal data will not be processed in third countries (outside the EEA), unless the Controller uses the services of entities that ensure an adequate level of protection (e.g., based on standard contractual clauses approved by the European Commission).

  1. Rights of Data Subjects

Every data subject has the right to:

  • Access their data (Art. 15 of the GDPR).
  • Receive a copy of the data (Art. 15(3) of the GDPR).
  • Rectification of the data (Art. 16 of the GDPR).
  • Erasure of the data („right to be forgotten,” Art. 17 of the GDPR).
  • Restriction of data processing (Art. 18 of the GDPR).
  • Data portability (Art. 20 of the GDPR).
  • Object to processing (Art. 21 of the GDPR), including against profiling.
  • Withdraw consent at any time without affecting the lawfulness of processing carried out before its withdrawal.

To exercise these rights, the User should contact the Data Controller using the contact details provided in section 1.

  1. President of the Personal Data Protection Office

The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), with its seat in Warsaw, ul. Stawki 2.

  1. Data Protection Officer

In any case, the User may also contact the Controller’s Data Protection Officer directly via email or in writing to the Data Controller’s address provided in section 1.

  1. Changes to the Privacy Policy

The Privacy Policy may be supplemented or updated in line with the Controller’s current needs, in order to ensure current and reliable information for the Application Users.

  1. Tracking Technologies in the Application

The Application, similarly to cookies on websites, may use internal mechanisms and device identifiers (e.g., Advertising ID, Vendor ID, Local Storage) for the purpose of:

  • Creating statistics regarding the use of the Application.
  • Maintaining the User’s session (after logging in).
  • Defining the User’s profile to display tailored content.
  • Collecting diagnostic data and monitoring errors; the Application may also use tools such as Sentry, which may utilize these identifiers to ensure stable operation and continuous improvement of the Application.

The legal basis for processing data originating from these mechanisms is the Controller’s legitimate interests (Art. 6(1)(f) of the GDPR) consisting of ensuring high quality and security of services, and in the case of identifiers used for analytical/advertising purposes – the User’s consent (Art. 6(1)(a) of the GDPR), obtained upon first launch of the Application or in its settings, in accordance with legal requirements and guidelines of mobile system manufacturers.

The User can at any time manage the Application’s access to permissions (e.g., location, notifications) and reset advertising identifiers in their mobile device settings. These restrictions may affect some functionalities available in the Application.

  1. Account

The User gains access to the Account after registering in the Application. Account registration requires providing personal data (name, date of birth, email address, password) and is equivalent to concluding a service agreement for the provision of services by electronic means for an indefinite period. The User may terminate the Account service agreement at any time, with immediate effect, by informing the Controller via email or in writing.