Privacy Policy

Effective as of July 1, 2021

Dear User and Client,

Tres Comas Ltd., the owner of the Moniti service (hereinafter referred to as “the Service”), is committed to ensuring the security and confidentiality of your personal data. We take your privacy seriously, whether you are visiting our website at https://moniti.app, reading articles on our blog, using our Services, or contacting us via phone, email (including through our contact form), online chat, as well as when you visit our social media channels.

We operate in accordance with the law, including the European Parliament and Council Regulation (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (known as “GDPR”). Furthermore, we use modern technical and organizational measures to ensure the best possible protection of your personal data against unauthorized access.

In this document, we present the most important information regarding the principles of processing your personal data. For simplicity, we have defined individual terms and compiled key issues in a question-and-answer format. This is to inform you about the purposes, legal basis, and duration of processing your data, who has access to it, and what rights you have.If something seems unclear to you, you can always ask us by sending a message to: [email protected].

For the purpose of developing this Privacy Policy, we have adopted the following definitions:

  1. Application – Moniti Terminal RCP application and/or Moniti Personal application for mobile devices with Android and iOS systems, being functionalities of the System, enabling among others, the use of employee time tracking and recording functions for the Client’s Employee or the Client himself;
  2. Client – a natural person conducting business or professional activities in their own name, a legal person or an organizational unit not being a legal person, to which special provisions grant legal capacity, using the System (including the Application) based on the Agreement;
  3. Client’s Account – a collection of resources and rights within the System assigned to a specific Client, available after registering and logging into the account;
  4. Client’s Employee Account – a collection of resources and rights within the System assigned to a specific Employee of the Client, available after registering and logging into the account;
  5. User Account – a collection of resources and rights within the System assigned to a specific User, available after registering and logging into the account;
  6. Policy – this Privacy Policy document defining the principles of processing and protection of personal data of Users and Clients;
  7. Client’s Employee – a natural person employed by the Client under an employment contract or cooperating with them based on a civil law contract;
  8. Processor – an entity processing data within the meaning of Article 28 of the GDPR on behalf of the data controller under a data processing agreement, where in this document it will be the Service Provider in relation to the personal data of the Client’s Employees, for whom the Client is the data controller within the meaning of the GDPR
  9. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
  10. Service – the website available under the domains moniti.app and admin.moniti.app administered by the Service Provider;
  11. System – an IT solution available through the Service or Application, with appropriate functionalities for the Client – within the access via the Client’s Account, for the Client’s Employee – within the access via the Client’s Employee Account, and for the User – within the access via the User Account;
  12. Provision of services electronically – the performance of a service provided without the simultaneous presence of the parties (remotely) by transmitting data at the individual request of the User or Client, sent and received using electronic processing devices, including digital compression, and data storage, which is entirely transmitted, received, or transmitted via a telecommunications network within the meaning of the Act of 16 July 2004 – Telecommunications Law;
  13. Agreement – an agreement concluded between the Service Provider and the Client via the Service, the subject and content of which are determined by the provisions of the Terms and Conditions and any separate agreements and arrangements between the Parties;
  14. Services – free services provided electronically by the Service Provider through the Service for the User or Client (including: the possibility of registering and maintaining a User Account or Client’s Account, newsletter) and paid services provided electronically by the Service Provider through the System for the Client (including: using the Application within the subscription fee);
  15. Service Provider – Tres Comas limited liability company located in Warsaw at al. Jana Pawła II 80, 00-175 Warsaw, registered in the National Court Register kept by the District Court for the Capital City of Warsaw, XII Commercial Division under the number KRS: 0000880619, NIP: 5252850692, REGON: 388144190;
  16. User – visitor of the website https://moniti.app/;

Who is the Administrator of Your Personal Data (hereinafter referred to as “Data Controller”)?

The Administrator of Your Personal Data is Tres Comas sp. z o.o., located in Warsaw at al. Jana Pawła II 80, 00-175 Warsaw, registered in the National Court Register kept by the District Court for Warsaw, XII Commercial Division under the number KRS: 0000880619, NIP: 5252850692, REGON: 388144190, with a share capital of PLN 10,000.00.

In case of any questions, doubts, and for any complaints or requests, you can contact the Data Controller in writing at the address: Tres Comas sp. z o.o., al. Jana Pawła II 80, 00-175 Warsaw, or electronically at the following email address: [email protected].

What Personal Data Do We Process as the Data Controller, and How Do We Obtain It?

While using our Service and the Services offered through it, you may be asked to provide your personal data. Providing this data is voluntary, but in certain situations, it may be necessary to use the Services. For example, without your email address, we cannot send you information about the latest blog posts (newsletter) or respond to your queries submitted through the contact form or via email. We will also ask for information such as your name and/or company name, contact details (business address, phone number, email address), and billing information (tax identification number) if you decide to use our paid Services for contract fulfillment.

We assure you that each time we ask for your personal data, we consider the principles of data minimization and purposefulness. This means we do not collect excessive or unnecessary data.

Some data are collected automatically through cookies during your visit to our Service or on our managed social media channels (e.g., IP address, browser type, operating system type) and are used solely for Service administration, providing hosting services, or creating appropriate marketing content. You always have the option to block and restrict the installation of cookies at your discretion through your browser settings or with other available (free) programs and tools.

Therefore, we obtain your data directly from you – as a result of your actions on our Service, System, and managed social media channels.

What Personal Data Do We Process as a Processor, and How Do We Obtain It?

Based on the Terms of Service and any separate agreements with the Client, we also act as a Processor, processing personal data of the Client’s Employees who use the System. These data are collected and then recorded in the System directly by the Client.

As a Processor, we process data only upon the documented instructions of the data controller, committing to their proper protection by applying appropriate technical and organizational measures and ensuring an adequate level of security corresponding to the risk associated with processing personal data (in accordance with Article 32 of the GDPR). We also ensure that the individuals authorized by us to process data have committed to keeping it confidential. Upon the completion of the Services related to the processing of the entrusted personal data, we will return all such data to their controller (the Client) and delete existing copies, unless the law obliges us to store personal data.

For What Purpose, On What Legal Basis, and For How Long Do We Process Your Personal Data as the Data Controller?

 

ACTIVITY and DATA

PURPOSE

LEGAL BASIS

DURATION

PROVISION OF SERVICES:

  1. Paid Services within the System: processed data include name and/or company name, business address, phone number, email address, tax identification number (NIP);
  2. Free Services within the Service (e.g., User Account management, newsletter, contact form): processed data include name, email address;
  3. Sending individual offers in response to inquiries made by phone or electronically before entering into an Agreement: processed data include phone number, email address.

Necessity of processing to perform a contract or to take actions at the request of the data subject before entering into a contract.

Article 6(1)(b) GDPR.

The period necessary for the performance and settlement of the Agreement (including complaints and their handling) and for the duration of talks and negotiations preceding the conclusion of the Agreement.

FULFILLING LEGAL OBLIGATIONS:

  1. Tax obligations (including issuing invoices, storing accounting documentation): processed data include name and/or company name, business address, tax identification number (NIP);
  2. Obligations related to personal data protection: processed data include name and/or company name, business address, email, phone number.

Necessity of processing related to fulfilling legal obligations.

Article 6(1)(c) GDPR.

The period required by applicable law, but not longer than the statute of limitations for tax obligations and until the expiration of limitation periods for claims arising from the violation of personal data protection regulations.

OPERATION OF THE SERVICE:

  1. Ensuring proper functioning of the Service: processed data include IP address, date and time of logging into the server, type of internet browser, and operating system;
  2. Analyzing User activity in the Service (statistics): processed data include date and time of visit, device IP number, type of device operating system and browser, approximate location, time spent on the Service and actions taken in the Service.

Necessity of processing for purposes arising from our legitimate interests, which include:

  1. Running and maintaining the Service (including ensuring its security);
  2. Conducting statistics and analyzing traffic in the Service in connection with work on improving and raising the quality of provided Services.

Article 6(1)(f) GDPR.

Until the data becomes outdated, loses its usefulness, or until an effective objection is raised.

MARKETING:

  1. Direct marketing of Services;
  2. Other marketing activities: processed data include email address, phone number, first name.

Necessity of processing for purposes arising from our legitimate interests which we have in maintaining business relations with Clients and researching their satisfaction, as well as in taking care of our interests and image;

or

Voluntary consent of the person who expressed it for a specific purpose.

Article 6(1)(f) GDPR

or

Article 6(1)(a) GDPR.

Until an effective objection is raised or the purpose of processing is achieved; in case the basis for processing is consent – until the consent is withdrawn (withdrawal of consent does not affect the legality of processing data before its withdrawal).

SOCIAL MEDIA ACTIVITIES:

Managing profiles on platforms: Facebook, YouTube, LinkedIn;

Processed data: data left by people visiting our social media profiles (comments, likes, IP).

Necessity of processing for purposes arising from our legitimate interests, which include promoting the Service’s activities;

or

Consent (e.g., joining a group).

Article 6(1)(f) GDPR

or

Article 6(1)(a) GDPR.

Until an effective objection is raised or the purpose of processing is achieved; and in case the basis for processing is consent – until the consent is withdrawn (withdrawal of consent does not affect the legality of processing data before its withdrawal).

ESTABLISHING, PURSUING, OR DEFENDING LEGAL CLAIMS:

Processed data: name and/or company name, business address, email address, tax identification number (NIP).

Necessity of processing for purposes arising from our legitimate interests, which include pursuing our claims and defending against claims.

Article 6(1)(f) GDPR.

The period of pursuing and defending claims related to the respective contract, as determined by the applicable legal provisions.

Do We Transfer Personal Data to Other Entities?

Please be informed that the recipients of your data may include our authorized employees and collaborators, for whom access to your data is necessary for the proper performance of their official duties.

In some situations, transferring personal data to third parties may be necessary for us to properly and professionally perform our Agreements, adequately administer the Service, and conduct business activities. However, each time before transferring, we require the recipient to guarantee appropriate data protection and ensure confidentiality. Such processing occurs only for the purposes and duration specified by us.

We may transfer your personal data to:

  1. Entities co-participating in the execution of our Agreements, which provide us with accounting, HR, legal, and advisory services (e.g., accounting offices, law firms, PR agencies, and copywriting agencies);
  2. Providers of server and IT services (e.g., hosting, domain, backup copies, System maintenance services, technical support);
  3. Providers of tools for analyzing activity on the Service and direct marketing (e.g., tools for analyzing website statistics, newsletter sending system) or providers of tools for creating landing pages and collecting leads;
  4. Providers of other tools and software that improve the functioning of the Service and support the Service Provider’s business activities (e.g., CRM systems, Marketing Automation);
  5. Entities handling electronic payments – in case the Client uses the option of making electronic payments.

Furthermore, we may transfer your data to authorized state authorities (e.g., tax offices, law enforcement agencies) and other entities if their request is justified under applicable laws.

Do We Transfer Personal Data to Third Countries?

Our servers are located within the European Economic Area (EEA), specifically in the following countries: France and Poland.

As a general rule, we do not transfer your personal data to third countries. However, in operating our Service, we use services and technologies offered by entities such as Facebook, Microsoft, Google. These entities may process personal data using servers located outside the European Economic Area (EEA). We assure you, however, that these entities apply compliance mechanisms provided for by the GDPR (e.g., certifications) or standard contractual clauses adopted by the European Commission (Article 46(2)(c) of the GDPR). More information about the data processing principles of these entities can be found on the websites of these service providers.

If, in connection with the operation of our Service and the provision of our Services, it becomes necessary to transfer personal data outside the EEA to other entities than those mentioned above, we will assess the circumstances and ensure an appropriate level of data security, so that processing is in accordance with applicable legal regulations.

Do We Profile Personal Data and Make Automated Decisions?

Within our Service and through the use of cookies, User data may be profiled to tailor advertising content to the interests of the Users. However, this profiling is anonymous and statistical in nature (processed data includes gender, age, approximate location, behavior on the Service, etc.) and does not affect the terms of Services provided through the Service.

We do not make automated decisions, particularly those that could have legal effects on individuals or similarly significantly impact them.

Do We Use Cookies?

On our website, we use so-called cookies, which are short text information stored on a computer, phone, tablet, or other user’s device. They can be read by our system as well as by the systems belonging to other entities whose services we use (e.g., Facebook, Google, Google Cloud, User.com, Smartlook, Paynow). More information about the data processing principles of these entities can be found in their privacy policies.

Thanks to cookies, we collect anonymous data about visits to the pages of our Service, which we can then use to improve the functions available in the Service, identify errors, enhance the comfort of browsing, or enhance our marketing efforts.

Internet browsers typically allow the use of cookies on the end device by default. However, users can block and restrict the installation of cookies at their discretion using their browser settings or with one of the many available programs (including free ones) or tools available within the operating system. We inform that during the first visit of the User to the Service, we display information about the use of cookies. If you do not change your browser settings, you express consent to their use.

We inform that disabling or limiting the handling of cookies may cause difficulties in using the website, e.g., it may cause a longer loading time of the Service’s page or limitations in using functionalities or liking a fan page on Facebook.

How Do We Protect Your Data?

To ensure a high and consistent level of protection, we employ adequate security measures for our IT environment, as well as technical and organizational measures, which include among others:

  1. Utilization of technology offered by Google Cloud and OVH, which ensures the security of data authentication procedures.
  2. Encryption using TLS protocol.
  3. Creation of backup copies.
  4. Equipping data centers with data protection mechanisms.
  5. Conducting regular security level tests.
  6. Monitoring the security of personal data.
  7. Minimizing the risk of potential misuse and responding swiftly in case of their occurrence.
  8. Implementing a data protection policy.
  9. Ensuring continuous confidentiality, integrity, availability, and resilience of processing systems and services.
  10. Allowing access to personal data only to authorized persons.
  11. Creating and regularly changing passwords to access systems where personal data are processed.
  12. Encrypting passwords using advanced algorithms.
  13. Applying OVH Anti-DDoS to ensure 24/7 protection of server infrastructure against all types of DDoS attacks.

What Rights Do You Have in Relation to the Processing of Personal Data?

You have the right to request from the Data Controller:

  1. Access to your personal data;
  2. Rectification of personal data;
  3. Deletion of personal data;
  4. Restriction of processing of personal data;
  5. Objection to the processing of personal data;
  6. Portability of personal data;
  7. Withdrawal of consent to process data (if the basis for processing is consent).

However, the above rights are not absolute, and in some situations, after analyzing the factual and legal state, we may refuse to fulfill them in accordance with applicable laws.

We also inform you that the withdrawal of consent for data processing will not affect the legality of the processing that took place on the basis of the consent given before its withdrawal.

If you submit a request to exercise any of the above rights, we will respond to it promptly, but no later than within a month from the date of receipt. If due to the complex nature of the request or the number of requests, we cannot fulfill your request within a month, we will fulfill it within the next two months. We will, however, inform you in advance about the intended extension of the deadline.

How Can You File a Complaint About Irregularities in Personal Data Processing?

If you believe that your personal data is being processed by us in violation of applicable law, you can file a complaint with the President of the Personal Data Protection Office.

What Else Is Associated with Using the Service?

If there are links in the Service to other websites (not administered by the Data Controller), this Policy will not apply, and the User should familiarize themselves with the relevant documents of the appropriate data controllers.

What Else Is Associated with Using the Service?

Using the Service also involves sending queries to the server where this website is stored. Each query is recorded in the server logs, which include the following information: IP address, date and time of the server, information about the web browser, information about the operating system. Logs are saved and stored on the server. Data recorded in the logs are not assigned to specific individuals using the site and are not used for your identification. Server logs are used solely for administering the site, and their content is not disclosed to anyone other than authorized persons.

Can We Change Our Privacy Policy?

Yes. Data protection is a process that we continuously adapt to current needs and changing technology. Therefore, our Policy may be supplemented or changed, about which we will inform you by posting a notice in the Service.