Selmo fortrolighedspolitik- og cookiepolitik

§ 1. Subject

This privacy and cookie policy (hereinafter: Policy) has been drawn up according to the obligations provided for by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: GDPR) and Article 173 of the Act of 16 July 2004 Telecommunications Act, in connection with the functioning of the Selmo application (hereinafter: Selmo) and the www.selmo.io website (hereinafter: Website).

§ 2. Personal data controller

  1. The controller of your personal data is: Selmo spółka z ograniczoną odpowiedzialnością, with its registered seat in Kraków (31-503), Lubicz 27/40, entered into the Register of Entrepreneurs of the National Court Register under KRS number: 0000942376, NIP: 6751756693, REGON: 520149870, whose registration files are kept by the District Court for Kraków-Śródmieście in Kraków, XI Economic Division of the National Court Register, share capital: PLN 5150.

  2. In addition to the address indicated in paragraph 1, you can also contact the controller via e-mail: kontakt@selmo.io.

§ 3. Information on purposes and legal basis of processing

  1. If you are our customers (i.e. persons who have or have had an account at Selmo) your data will be processed for the purpose of entering into and performing the contract concluded with you for the use of Selmo (the legal basis for processing in this case is article 6(1)(b) of the GDPR), for the purpose of performing our legal obligations, in particular with regard to tax law (e.g. in order to collect the documentation required by tax law and to make settlements in respect of taxes and fees) (the legal basis for processing in this case is article 6(1)(c) GDPR), as well as in order to fulfil our legitimate interest which should be understood as: establishment, exercise or defence of mutual claims, conducting internal reporting and administration, and conducting marketing activities regarding our own services (the legal basis for processing in this case is article 6(1)(f) GDPR). This data will be processed until the end of this cooperation and for the period necessary for the statute of limitations for any mutual civil law claims and tax liabilities (this will normally be a period of five years from the end of the year in which the contract was terminated).

  2. If you have consented via our website to the use of cookies for marketing, advertising and analytical purposes, your data will be processed in order to pursue our legitimate interest which should be understood as marketing our own services (the legal basis in this case is article 6(1)(f) GDPR). Your data will be processed until you withdraw these consents or object to further processing, but for no longer than two years from the date of your last visit to the Website. However, normally this data will not allow us to identify you, although it may be treated as personal data under the GDPR.

  3. If you are persons employed by our (also potential) customers (including their employees, subcontractors, attorneys, representatives) and perform tasks related to our cooperation with them, your personal data will be processed for the purpose of entering into and performing contracts with these entities, for the establishment, exercise or defence of possible mutual claims, and conducting marketing activities regarding our own services. The legal basis will be the pursuit of our legitimate interest within the meaning of article 6(1)(f) of the GDPR. This data will be processed until the end of this cooperation and for the period necessary for the statute of limitations for any mutual civil law claims and tax liabilities (this will normally be a period of five years from the end of the year in which the contract ceased).

  4. If you contact us by email and there is no other case as mentioned above, your data will be processed in order to pursue our legitimate interest in responding to this enquiry (the legal basis in this case is article 6(1)(f) GDPR). This data will be stored at the latest until the end of the year following the year in which the correspondence was completed.

  5. If you use Selmo or the Website, your data will be processed for our legitimate interest that should be understood as ensuring that Selmo and the Website can be administered and that unauthorised access is detected and protected against. The legal basis for this is article 6(1)(f) GDPR. This data will be automatically collected, i.a. the IP address of your computer, the subpages visited, the time of access, the type of browser, any transmission errors, the address of the previously visited page (if entered through a link). In most cases, this data does not identify you as an individual, although it may be regarded as personal data under the GDPR. They are stored for an indefinite period of time.

  6. We run the following social networks:

    for the purpose of contacting their users and presenting on these platforms the content prepared by Selmo and promoting its own activity, as well as for analytical and statistical purposes, which is the legitimate interest of the Company which should be understood as ability to contact the users of the portals, promoting our activity and informing about it. Through these networks, we may also run competitions in which the user participates voluntarily. We process the personal data of users of these platforms when they visit our profiles or interact with them (likes, comments, messages sent). If you like or comment on our posts, please note that this is visible to other users. We store your personal data until you object to further processing by: clicking "dislike", withdrawing your liking of a post or deleting your comment on a post and then for the period required by the obligations imposed by law and/or until the expiry of the limitation period for any claims related to the purposes of the processing.
    Social networks have their own privacy policies, terms and conditions for data processing, which bind their users and which we are obliged to comply with. If you are a user of such a platform, the processing of your personal data is also subject to such rules and policies and you may exercise your rights under them.

§ 4. Data recipients

  1. Your personal data may be disclosed to the following categories of persons and entities:

    1. persons employed by us and our subcontractors,

    2. entities providing hosting services for the Website and Selmo app,

    3. providers of analytical, advertising and other tools that support online marketing (in particular those described in § 8),

    4. operators of social networking sites with which Selmo is integrated,

    5. entities providing accounting, legal, IT support and consulting services to us,

    6. tax authorities, courts and other offices,

    7. banks and payment service providers.

  2. Your personal data may be transferred outside the European Economic Area when this is necessary for the proper provision of services, due to technical conditions or legal obligations. However, this will always be done on the basis of legal instruments providing an adequate level of protection, in particular standard contractual clauses approved by the European Commission.

§ 5. Your rights related to processing personal data

  1. You have the right:

    1. to access to your personal data (art. 15 GDPR), and to obtain a copy of your data undergoing processing (art. 15(3) GDPR),

    2. to rectification and to have incomplete personal data completed (art. 16 GDPR),

    3. to erasure of your personal data in the cases provided by law (art. 17 GDPR),

    4. to restriction of processing your personal data (art. 18 GDPR),

    5. to receive your personal data in a structured, commonly used and machine-readable format and to data portability when processing is based on your consent and is is carried out by automated means (art. 20 GDPR),

    6. to object, on grounds relating to your particular situation, at any time to processing of personal data which is based on our legitimate interest (art. 21 GDPR),

    7. where the processing is based on your consent, you have the right to withdraw the consent at any time, but without affecting the lawfulness of the processing before withdrawal. You can withdraw your consent by sending a message to: Selmo Sp. z o.o., ul. Lubicz 27/40, 31-503 Kraków, or email: kontakt@selmo.io.

    8. if you think processing your personal data violates the provisions of GDPR, you have the right to lodge a complaint with a supervisory authority, i.e. the President of the Personal Data Protection Office with its registered seat in Warsaw. Details related to lodging a complaint you can find of the website of the Office available here: https://uodo.gov.pl/pl/83/155.

§ 6.Information on whether or not the provision of personal data is voluntary or obligatory

If we process personal data that you have provided to us yourself, the provision of such data is voluntary, but may be necessary to fulfil the purpose for which the personal data are processed (e.g. conclusion of a contract).

§ 7. Cookies

  1. Cookies are small text files that are stored on your computer or mobile device and are retrieved from it on subsequent visits to our website and the application. Cookies usually contain the name of the website from which they originate, the time they are stored on your device and a unique number. In general, the use of cookies does not lead to us identifying you as a specific person.

  2. Cookies that are essential for the operation of the website and the application are saved automatically. With regard to other types of cookies, your consent is required. We use the following types of cookies:

    1. essential - to enable the use of services available on Selmo and the Website, e.g. authentication cookies used for services requiring authentication,

    2. analytical – they allow us to collect statistical data on user behaviour, including measuring the number of visits and gathering information on traffic sources, so we can improve the performance of the website and the application,

    3. advertising - they allow us to display personalised advertising on other sites.

  3. The Website uses session cookies, which are deleted when you close your web browser window, as well as persistent cookies, which are stored for a limited period of time on the devices through which you use the Website and the application.

  4. Cookies are managed through a tool provided on the Website, which is automatically displayed when you first visit the Website, where you can give your consent to the use of specific categories of cookies.

  5. You also have the option of managing cookies via your browser settings. Further information can be found on the website of the respective browser operator:

    1. Edge - https://support.microsoft.com/en-gb/windows/microsoft-edge-browsing-data-and-privacy-bb8174ba-9d73-dcf2-9b4a-c582b4e640dd 

    2. Firefox -  https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop 

    3. Google/Chrome/Android - https://support.google.com/chrome/answer/95647?hl=en-GB 

    4. Opera - https://help.opera.com/en/latest/web-preferences/ 

    5. Safari - https://support.apple.com/en-gb/guide/safari/sfri11471/mac 

    6. Safari (wersja iOS) - https://support.apple.com/en-gb/HT201265 

§ 8. Analytical and marketing tools

  1. We use the Facebook Custom Audiences tool, part of which is the so-called Pixel, a tracking code installed on our Website. The tool is provided by companies in the Meta group (i.e. primarily Meta Platforms Inc., 1 Hacker Way, Menlo Park, California 94025, USA and Meta Platforms Ireland Limited, Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland), which automatically collects data on users' use of the portal in order for us to target them with personalised Facebook and Instagram advertisements (i.e. based on analysis of their behaviour). The Pixel tool is used by the portal to display advertising to those users of Facebook and Instagram (as well as of other services participating in the Facebook Audience Network) who have expressed an interest in our Website (as part of so-called remarketing) or who have characteristics that may indicate a potential interest in the Website (e.g. specific interests). Using the tool, we can also create groups of similar audiences (people with statistically similar characteristics to our existing audiences or portal users), to which we display our adverts. The tool also allows us to measure the effectiveness of ads placed on Facebook. Facebook may also use the above-described data (e.g. about your visit to our Website) independently of us for its own purposes, and may also associate your usage data with previously collected data about you. Within the framework of the cookie settings of your browser, you may decide not to use the tool in your case. It is also possible to manage your privacy settings within your Facebook profile. You can read about the detailed scope of data processing at: https://www.facebook.com/privacy/explanation and https://www.facebook.com/business/help/651294705016616. You can manage your Facebook ad settings at: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

  2. We use Hotjar. This is a tool provided by a company (Hotjar Ltd, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta) which allows us to analyse your behaviour on the Website by creating heatmaps, recording user movements on the site, conversion paths, surveys and user feedback. Hotjar compiles information about how users use the Website and this information is generated through tracking code and cookies and is then transferred to and stored on Hotjar's servers. The Hotjar code may collect the following types of data: the IP address in encoded form, the email address and the first name and family name of the user, the type of device with its parameters, the type of browser and the country from which the visit to the Website or Application took place. The cookies used by Hotjar are stored for a maximum of 1 year. To deactivate the use of the Hotjar tool towards you, visit: https://www.hotjar.com/opt-out.

  3. We use the Splitbee tool provided by Tobias Lins e.U., (Alserbachstraße 10, 1090 Vienna, Austria). This is an analytical tool that allows us to understand the behaviour of our users by creating statistics. It automatically collects data on how visitors behave on our Website (e.g. how long they spend on individual pages, which links they click on, etc.), as well as data on language, location, operating system used, etc. The tool operator does not combine the data collected on our Website with other data it may have on you due to your use of other websites using Splitbee. For more information, please visit: https://splitbee.io/privacy

§ 9. Processing the personal data entrusted to Selmo

  1. If you are a person who purchases from our customers using Selmo and we do not have any direct legal relationship, this data is processed in connection with the entrustment of processing the personal data by our customers to us on the basis of the relevant contracts or other legal instruments.

  2. If, in the case referred to in paragraph 1, you send us inquiries in matters relating to your personal data, we will forward your request to the entity that has entrusted us with the data and is the data controller within the meaning of the GDPR, informing you of this.