Effective as of July 1, 2021
Dear User and Client,
Tres Comas Ltd., the owner of the Moniti service (hereinafter referred to as “the Service”), is committed to ensuring the security and confidentiality of your personal data. We take your privacy seriously, whether you are visiting our website at https://moniti.app, reading articles on our blog, using our Services, or contacting us via phone, email (including through our contact form), online chat, as well as when you visit our social media channels.
We operate in accordance with the law, including the European Parliament and Council Regulation (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (known as “GDPR”). Furthermore, we use modern technical and organizational measures to ensure the best possible protection of your personal data against unauthorized access.
In this document, we present the most important information regarding the principles of processing your personal data. For simplicity, we have defined individual terms and compiled key issues in a question-and-answer format. This is to inform you about the purposes, legal basis, and duration of processing your data, who has access to it, and what rights you have.If something seems unclear to you, you can always ask us by sending a message to: [email protected].
- Application – Moniti Terminal RCP application and/or Moniti Personal application for mobile devices with Android and iOS systems, being functionalities of the System, enabling among others, the use of employee time tracking and recording functions for the Client’s Employee or the Client himself;
- Client – a natural person conducting business or professional activities in their own name, a legal person or an organizational unit not being a legal person, to which special provisions grant legal capacity, using the System (including the Application) based on the Agreement;
- Client’s Account – a collection of resources and rights within the System assigned to a specific Client, available after registering and logging into the account;
- Client’s Employee Account – a collection of resources and rights within the System assigned to a specific Employee of the Client, available after registering and logging into the account;
- User Account – a collection of resources and rights within the System assigned to a specific User, available after registering and logging into the account;
- Client’s Employee – a natural person employed by the Client under an employment contract or cooperating with them based on a civil law contract;
- Processor – an entity processing data within the meaning of Article 28 of the GDPR on behalf of the data controller under a data processing agreement, where in this document it will be the Service Provider in relation to the personal data of the Client’s Employees, for whom the Client is the data controller within the meaning of the GDPR
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
- Service – the website available under the domains moniti.app and admin.moniti.app administered by the Service Provider;
- System – an IT solution available through the Service or Application, with appropriate functionalities for the Client – within the access via the Client’s Account, for the Client’s Employee – within the access via the Client’s Employee Account, and for the User – within the access via the User Account;
- Provision of services electronically – the performance of a service provided without the simultaneous presence of the parties (remotely) by transmitting data at the individual request of the User or Client, sent and received using electronic processing devices, including digital compression, and data storage, which is entirely transmitted, received, or transmitted via a telecommunications network within the meaning of the Act of 16 July 2004 – Telecommunications Law;
- Agreement – an agreement concluded between the Service Provider and the Client via the Service, the subject and content of which are determined by the provisions of the Terms and Conditions and any separate agreements and arrangements between the Parties;
- Services – free services provided electronically by the Service Provider through the Service for the User or Client (including: the possibility of registering and maintaining a User Account or Client’s Account, newsletter) and paid services provided electronically by the Service Provider through the System for the Client (including: using the Application within the subscription fee);
- Service Provider – Tres Comas limited liability company located in Warsaw at al. Jana Pawła II 80, 00-175 Warsaw, registered in the National Court Register kept by the District Court for the Capital City of Warsaw, XII Commercial Division under the number KRS: 0000880619, NIP: 5252850692, REGON: 388144190;
- User – visitor of the website https://moniti.app/;
Who is the Administrator of Your Personal Data (hereinafter referred to as “Data Controller”)?
The Administrator of Your Personal Data is Tres Comas sp. z o.o., located in Warsaw at al. Jana Pawła II 80, 00-175 Warsaw, registered in the National Court Register kept by the District Court for Warsaw, XII Commercial Division under the number KRS: 0000880619, NIP: 5252850692, REGON: 388144190, with a share capital of PLN 10,000.00.
In case of any questions, doubts, and for any complaints or requests, you can contact the Data Controller in writing at the address: Tres Comas sp. z o.o., al. Jana Pawła II 80, 00-175 Warsaw, or electronically at the following email address: [email protected].
What Personal Data Do We Process as the Data Controller, and How Do We Obtain It?
What Personal Data Do We Process as a Processor, and How Do We Obtain It?
Based on the Terms of Service and any separate agreements with the Client, we also act as a Processor, processing personal data of the Client’s Employees who use the System. These data are collected and then recorded in the System directly by the Client.
As a Processor, we process data only upon the documented instructions of the data controller, committing to their proper protection by applying appropriate technical and organizational measures and ensuring an adequate level of security corresponding to the risk associated with processing personal data (in accordance with Article 32 of the GDPR). We also ensure that the individuals authorized by us to process data have committed to keeping it confidential. Upon the completion of the Services related to the processing of the entrusted personal data, we will return all such data to their controller (the Client) and delete existing copies, unless the law obliges us to store personal data.
For What Purpose, On What Legal Basis, and For How Long Do We Process Your Personal Data as the Data Controller?
ACTIVITY and DATA
PROVISION OF SERVICES:
Necessity of processing to perform a contract or to take actions at the request of the data subject before entering into a contract.
Article 6(1)(b) GDPR.
The period necessary for the performance and settlement of the Agreement (including complaints and their handling) and for the duration of talks and negotiations preceding the conclusion of the Agreement.
FULFILLING LEGAL OBLIGATIONS:
Necessity of processing related to fulfilling legal obligations.
Article 6(1)(c) GDPR.
The period required by applicable law, but not longer than the statute of limitations for tax obligations and until the expiration of limitation periods for claims arising from the violation of personal data protection regulations.
OPERATION OF THE SERVICE:
Necessity of processing for purposes arising from our legitimate interests, which include:
Article 6(1)(f) GDPR.
Until the data becomes outdated, loses its usefulness, or until an effective objection is raised.
Necessity of processing for purposes arising from our legitimate interests which we have in maintaining business relations with Clients and researching their satisfaction, as well as in taking care of our interests and image;
Voluntary consent of the person who expressed it for a specific purpose.
Article 6(1)(f) GDPR
Article 6(1)(a) GDPR.
Until an effective objection is raised or the purpose of processing is achieved; in case the basis for processing is consent – until the consent is withdrawn (withdrawal of consent does not affect the legality of processing data before its withdrawal).
SOCIAL MEDIA ACTIVITIES:
Managing profiles on platforms: Facebook, YouTube, LinkedIn;
Processed data: data left by people visiting our social media profiles (comments, likes, IP).
Necessity of processing for purposes arising from our legitimate interests, which include promoting the Service’s activities;
Consent (e.g., joining a group).
Article 6(1)(f) GDPR
Article 6(1)(a) GDPR.
Until an effective objection is raised or the purpose of processing is achieved; and in case the basis for processing is consent – until the consent is withdrawn (withdrawal of consent does not affect the legality of processing data before its withdrawal).
ESTABLISHING, PURSUING, OR DEFENDING LEGAL CLAIMS:
Processed data: name and/or company name, business address, email address, tax identification number (NIP).
Necessity of processing for purposes arising from our legitimate interests, which include pursuing our claims and defending against claims.
Article 6(1)(f) GDPR.
The period of pursuing and defending claims related to the respective contract, as determined by the applicable legal provisions.
Do We Transfer Personal Data to Other Entities?
Please be informed that the recipients of your data may include our authorized employees and collaborators, for whom access to your data is necessary for the proper performance of their official duties.
In some situations, transferring personal data to third parties may be necessary for us to properly and professionally perform our Agreements, adequately administer the Service, and conduct business activities. However, each time before transferring, we require the recipient to guarantee appropriate data protection and ensure confidentiality. Such processing occurs only for the purposes and duration specified by us.
We may transfer your personal data to:
- Entities co-participating in the execution of our Agreements, which provide us with accounting, HR, legal, and advisory services (e.g., accounting offices, law firms, PR agencies, and copywriting agencies);
- Providers of server and IT services (e.g., hosting, domain, backup copies, System maintenance services, technical support);
- Providers of tools for analyzing activity on the Service and direct marketing (e.g., tools for analyzing website statistics, newsletter sending system) or providers of tools for creating landing pages and collecting leads;
- Providers of other tools and software that improve the functioning of the Service and support the Service Provider’s business activities (e.g., CRM systems, Marketing Automation);
- Entities handling electronic payments – in case the Client uses the option of making electronic payments.
Do We Transfer Personal Data to Third Countries?
Do We Profile Personal Data and Make Automated Decisions?
On our website, we use so-called cookies, which are short text information stored on a computer, phone, tablet, or other user’s device. They can be read by our system as well as by the systems belonging to other entities whose services we use (e.g., Facebook, Google, Google Cloud, User.com, Smartlook, Paynow). More information about the data processing principles of these entities can be found in their privacy policies.
Thanks to cookies, we collect anonymous data about visits to the pages of our Service, which we can then use to improve the functions available in the Service, identify errors, enhance the comfort of browsing, or enhance our marketing efforts.
We inform that disabling or limiting the handling of cookies may cause difficulties in using the website, e.g., it may cause a longer loading time of the Service’s page or limitations in using functionalities or liking a fan page on Facebook.
How Do We Protect Your Data?
To ensure a high and consistent level of protection, we employ adequate security measures for our IT environment, as well as technical and organizational measures, which include among others:
- Utilization of technology offered by Google Cloud and OVH, which ensures the security of data authentication procedures.
- Encryption using TLS protocol.
- Creation of backup copies.
- Equipping data centers with data protection mechanisms.
- Conducting regular security level tests.
- Monitoring the security of personal data.
- Minimizing the risk of potential misuse and responding swiftly in case of their occurrence.
- Implementing a data protection policy.
- Ensuring continuous confidentiality, integrity, availability, and resilience of processing systems and services.
- Allowing access to personal data only to authorized persons.
- Creating and regularly changing passwords to access systems where personal data are processed.
- Encrypting passwords using advanced algorithms.
- Applying OVH Anti-DDoS to ensure 24/7 protection of server infrastructure against all types of DDoS attacks.
What Rights Do You Have in Relation to the Processing of Personal Data?
You have the right to request from the Data Controller:
- Access to your personal data;
- Rectification of personal data;
- Deletion of personal data;
- Restriction of processing of personal data;
- Objection to the processing of personal data;
- Portability of personal data;
- Withdrawal of consent to process data (if the basis for processing is consent).
However, the above rights are not absolute, and in some situations, after analyzing the factual and legal state, we may refuse to fulfill them in accordance with applicable laws.
We also inform you that the withdrawal of consent for data processing will not affect the legality of the processing that took place on the basis of the consent given before its withdrawal.
If you submit a request to exercise any of the above rights, we will respond to it promptly, but no later than within a month from the date of receipt. If due to the complex nature of the request or the number of requests, we cannot fulfill your request within a month, we will fulfill it within the next two months. We will, however, inform you in advance about the intended extension of the deadline.
How Can You File a Complaint About Irregularities in Personal Data Processing?
If you believe that your personal data is being processed by us in violation of applicable law, you can file a complaint with the President of the Personal Data Protection Office.
What Else Is Associated with Using the Service?
If there are links in the Service to other websites (not administered by the Data Controller), this Policy will not apply, and the User should familiarize themselves with the relevant documents of the appropriate data controllers.
What Else Is Associated with Using the Service?
Using the Service also involves sending queries to the server where this website is stored. Each query is recorded in the server logs, which include the following information: IP address, date and time of the server, information about the web browser, information about the operating system. Logs are saved and stored on the server. Data recorded in the logs are not assigned to specific individuals using the site and are not used for your identification. Server logs are used solely for administering the site, and their content is not disclosed to anyone other than authorized persons.
Yes. Data protection is a process that we continuously adapt to current needs and changing technology. Therefore, our Policy may be supplemented or changed, about which we will inform you by posting a notice in the Service.