PRIVACY POLICY

NOINN Spółka z ograniczoną odpowiedzialnością with its registered seat in Warsaw, at ul. Grzybowska 80/82, p.7 (00-844 Warszawa), registered in the National Court Register by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register, under entry number 0000766077 (hereinafter referred to as the Company) as the data controller of the personal data of the Users of the mobile application “NOINN” (hereinafter referred to as the Application) shall abide by the provisions of this Privacy Policy toward all Users of the Application. This Privacy Policy shall be developed in order to ensure that the Users' privacy is protected.


This Privacy Policy shall pertain in particular to the following matters:

  1. Processing of personal data as well as the purpose of, basis for, duration and manner of processing thereof,

  2. Categories of personal data undergoing processing and who may be the recipient thereof, as well as from whom said data may be collected,

  3. A User's ability to be granted access to the data, and other rights of a User as a data subject;

  4. Implementation of this Privacy Policy and ensuring of security.

This Privacy Policy shall serve as the information prescribed by the provisions of Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the GDPR), and shall also – with regard to the User's personal data obtained from Facebook or Google+ – serve as the information prescribed by the provisions of Article 14 of the GDPR.

The Company encourages every potential User to read this Privacy Policy. Reading and acceptance of this Privacy Policy shall be required in order to install the Application and sign up.

The Company takes great care to ensure the privacy of the Users visiting the Application. This Privacy Policy is made available to all interested parties via the Application and on the website managed for the Application, available at http://noinn.pl/polityka-prywatnosci/.

The Company, as the personal data controller, shall ensure that any data made available to it are secure. All data shall be protected and secured against being made available to unauthorised persons, being retrieved by an unauthorised person, being processed in violation of the provisions of the GDPR and of the Act on Personal Data Protection, as well as against any alteration, loss, damage or destruction thereof.

The personal data shall be processed by the Company in accordance with the provisions of the GDPR and with the Polish laws supplementing the GDPR, as well as in accordance with the applicable provisions of the Act on Rendering of Electronic Services.

The Company shall ensure that the Users may exercise their rights arising from Articles 15–22 of the GDPR, i.e. the right to access the data concerning them, to rectify said data, to restrict the processing thereof, to object to the processing thereof, to transfer and erase said data, and to withdraw their consent to the processing, as well as the right to lodge a complaint with a supervisory authority.

Data Processing

The processing shall concern personal data, i.e. information concerning an identified or identifiable natural person who is or was an User of the Application; wherein ‘identifiable natural person’ shall mean one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The Company shall chiefly process the following personal data of the Users: full name, image, age (date of birth), gender, Facebook and/or Google+ login, telephone number, e-mail address, location data, IP number, ID number of the Device on which the Application is installed, WiFi data, information on the operating system of the Device, geographical location of the Device.

In addition, the Company shall also process other personal data of the Users that are disclosed (provided) to the Company by the Users, in particular: the User's preferences stored in the Application, information on the family, information on the place of residence, information on professional or academic activity, including when the particulars of such information arise from the contents of the photographs published by the Users using the Application, information made publicly available on Facebook or Google+, bank account number, debit card number.

All personal data shall be stored on servers owned by the Company. The Company does not intend to transmit your personal data to any third country (i.e. a Country outside of the European Economic Area) or to any international organisation. Although the Company obtains your data from your Facebook and/or Google+ profile, it shall not transfer your data collected by it to Facebook or Google+.

Information Provided by the User

By signing up for the Application, the User shall voluntarily make any data entered into the Application available for processing. The data in the Application shall be comprised in particular of data published as the User's description, and any other data published as part of the Application, including as part of any conversations, published photographs, videos, contact information, etc.

The Company shall gain access to such personal data as: full name, gender, age, GPS-based location. Furthermore, the User shall make available his or her personal preferences, any settings and customisation of his or her own profile. The Company shall also have access to any connections of the User, i.e. conversations, messages, likes, chatrooms, group conversations and any other data arising from the use of the Application.

Information Collected and Processed Automatically

The Company shall automatically collect and process the data from the Application. Such information shall concern IP numbers, the ID of the Device on which the Application is installed, WiFi data, information on the operating system of the Device, geographical location of the Device running the Application.

The ID of electronic devices such as a smartphone or a tablet (hereinafter referred to as “the Device”) shall be used by the Company in the mobile Application instead of cookies in order to recognise the User. ID shall be used to monitor the User's movements.

Information Collected by Third Parties for Advertising Purposes

Third parties cooperating with the Company shall be entitled to display their advertising content in the Application.

The aforesaid parties may use tracking software, i.e. cookies or beacons to obtain the User's personal data.

Processed Personal Data

The categories of the Users' Personal Data processed by the Data Controller may, in particular, include:

Purposes of Data Processing

The Company shall process data on the User for the following purposes:

  1. conclusion, performance and termination of a contract of rendering of electronic services via the Application,

  2. provision, development and management of the Application and the services thereof,

  3. management of the User's account and provision of support,

  4. research and analyses on how the Application is being used,

  5. communication with the User via the User's account in the Application, correspondence address, telephone, Device, to the extent connected with the rendering of Services using the Application,

  6. marketing, including sending to the Users of trade information on the Company's new products and solutions,

  7. detection and prevention of violation of any personal interests, infringements of the provisions of the Terms of Service, and any other dangerous behaviours, and vindication of any claims connected therewith,

  8. settlement of accounts, including accountancy and taxes in connection with the rendering of the Services.

The Company shall process the personal data of the Users on the following grounds:

  1. conclusion, performance and termination of the contract of Services connected with the use of the Application (Article 6(1)(b) of the GDPR), which ground includes any data connected with signing up that must be provided by the User or otherwise the contract of rendering of Services using the Application shall not be concluded with him or her; as well as any other data made available by the User during his or her use of the Application the provision of which is voluntary and the absence of which may affect the use of the Application;

  2. legitimate interests pursued by the Data Controller (the Company) (Article 6(1)(f) of the GDPR), including development of the Application, conduct of research and analyses on how the Application is being used, direct marketing of the Company's own services, detection and prevention of violation of personal interests, violation of the provisions of the Terms of Service, and any other dangerous behaviours, as well as vindication of claims connected therewith, as well as establishment, vindication and defence against claims;

  3. compliance with legal obligations to which the Data Controller is subject (Article 6(1)(c) of the GDPR), including compliance with the obligation to keep accounting and tax records, in connection with settlement of accounts with Users who use paid Services;

  4. consent given by the User (Article 6(1)(a) of the GDPR) for marketing purposes other than direct marketing of the Company's own services;

Signing up for the Application

Scope of the data. For this purpose, we process the personal data provided by you in the Application's registration form, i.e. registration using an external authorisation service (Facebook or Google+); we also collect your full name and e-mail address.

Legal basis. Necessity for the performance of the contract of Application service (Article 6(1)(b) of the GDPR).

Use of the Application

In order to render our mobile Services via the Application, we process various information about you, including, but not limited to, the following: your e-mail address, full name, photograph (avatar), User ID, Application use history (including number and type of betting on matches), IP address. If you use biometric data, e.g. fingerprint or photograph of your face, for your authorisation in the Application, such data shall be processed by the software provider of your mobile device, e.g. Apple.

Legal basis. Necessity for the performance of the contract of service, as per the Terms of Service (Article 6(1)(b) of the GDPR) or our legitimate interests (Article 6(1)(f) of the GDPR), consisting in the securing or facilitation of the use of the Application.

Services and Functionalities of the Application

We process your personal data in order to render services connected with the Application, such as enabling the play, creation and joining of betting leagues of your selected sports.

For this purpose, we process your personal data provided by you in your Profile and the data on your activity in the Services, i.e. data on your played betting leagues and bet match scores, as well as your IP address, data pertaining to your session, Device and operating system, location and unique ID.

The provision of some of the data shall be required for the use of individual services and functionalities of the Application. Failure to provide such data will prevent us from being able to provide specific services and functionalities of the Application.

Legal basis. Necessity for the performance of the contract of service, as per the Terms of Service (Article 6(1)(b) of the GDPR).

Statistics of Use of Individual Functionalities of the Application and Facilitation of the Use of the Application and Ensuring of IT Security

For those purposes, we process personal data on your activity in the Application, such as: Application screens visited and the time spent on each of them, as well as data on your match betting history and accuracy, your IP address, location, Device ID and operating system.

Legal basis. Our legitimate interests (Article 6(1)(f) of the GDPR), consisting in facilitation of the use of electronically rendered services and in improvement of the functionality of said services.

Consideration of Complaints and Requests, Responding to Enquiries

For this purpose, we may process some personal data provided by you in your Profile, as well as some data on your use of our services that have caused you to lodge a complaint or submit a request; data contained in the documents attached to the complaint or request. If you use Messenger, we also process data made available by you on your Facebook profile (e.g. your profile picture) and any data provided by you in the messages sent by you via Messenger.

Legal basis. Our legitimate interests (Article 6(1)(f) of the GDPR), consisting in the improvement of the functionality of electronically rendered services, and in the building of reliability- and loyalty-based positive relations with the Users and with non-logged-in Users.

Do you need to provide any personal data in order to be able to use the Application?

Use of the Application and conclusion of a contract of electronic services rendered via it is completely voluntary. Therefore, if you do not wish to provide any personal data to the Company, do not sign up and do not use the Application.

If you do wish to use the Application, you must provide some personal data to the Company in order to be able to use it and to conclude a contract of electronic Services. Therefore, provision of such data is required to conclude the contract. In other words, in order to conclude the contract (sign up for the Application), you need to provide the following data: your full name, date of birth, Facebook login or Google+ data, e-mail address or telephone number, location data, Facebook or Google+ profile data.

To use the Application, you, as the user of the Device on which the Application is installed, must grant it access to location data. Your consent to this access is voluntary, but necessary for proper rendering of the Services using the Application. Therefore, if you refuse to grant the Application access to location data, you will be unable to use the Application. Consent to access to location data should not be confused with consent to personal data processing, for consent to access to personal data is a requirement for the rendering of the service (contractual requirement) and therefore location data are processed on the grounds of the concluded contract; the act of consenting to the access to such data in the operating system of the Device on which the Application is installed merely fulfils said contractual requirement.

Provision of other data connected with the use of the Application is voluntary and failure to provide them shall not prevent you from using the Application. However, failure to provide such other data may affect your use of the Application.

Data connected with marketing for marketing purposes other than direct marketing of the Company's own services shall be provided on the basis of your consent, which is voluntary and you may withdraw it at any time.

To whom may the company make available the User's data?

Service providers: The Company shall make available the User's data, including financial data, to third parties who render their services via the Application. Such information shall be made available in order to enable the rendering of services by third parties. Such parties shall have no right to and may not make available or process the User's data for any purposes other than those connected with the handling of the services rendered.

Upon the request of public authorities: for purposes connected with the administration of justice, in particular in order to carry out a court judgement or to use data for ongoing proceedings.

Personal data shall be disclosed for the purpose of enforcing the provisions of the Terms of Service, for the purpose of preventing a crime or any other unlawful violation by a User.

Third party websites: In the Application, the User may click on many various links in order to gain access to various websites, which are not managed by or affiliated with the Company in any manner. A third party may independently gather information on the User and share such information with the Company with regard to the User's activity. In such cases, the terms and conditions of the processing of the User's data shall be made available by the third party.

The Company may also make available your personal data to: entities rendering legal services connected with the Company's activities, entities rendering IT services connected with the Company's activities, entities rendering auditing services and any other services connected with controlling the Company's activities, chartered accountants investigating documents connected with the Company's activities, entities rendering bookkeeping and accountancy services connected with the Company's activities, entities so authorised by you, entities other than any of the above who are entitled by law to receive from the Company information connected with its activities, which information may include your personal data, including in particular any authorities supervising the Company, as well as other Users (as detailed below).

Information Shared with Other Users

Upon signing up for the Application, the User's personal data shall be made available to other registered Users of the Application. Other Users shall gain access to any content published by the User as part of the Application.

The Company shall gain access to the User's data directly from his or her Facebook or Google+ account, as well as to any data entered into the Application by the User.

The User may exchange information from the chat and through messages with other Users upon clicking on appropriate icons in the Application.

Facebook

In order to create a User's account in the Application, the User shall be requested to use his or her Facebook login data. By logging into the Application via Facebook, the User transfers to the Company meaningful information on the User's Facebook data. The Company shall gain access to the User's information, i.e. public data comprising his or her profile, e-mail address, information on his or her interests, liked pages, gender, date of birth, education history, place of residence, friends list, etc.

Google+

In order to create a User's account in the Application, the User shall be requested to use his or her Google+ login data. By logging into the Application via Google+, the User transfers to the Company meaningful information on the User's Google+ data. The Company shall gain access to the User's information, i.e. public data comprising his or her profile, e-mail address, information on his or her age, gender, date of birth.

Additional Information

The User may also make available to the Company additional information about himself or herself.

Any contents transmitted via a chat with other Users shall be made available to the Company.

The User shall make available to the Application data filling in three text fields, each containing no fewer than 1 (one) and no more than 15 (fifteen) characters.

It shall also be necessary to accept the Terms of Use, this Privacy Policy, access to the multimedia library, consent to the use and storage of files and to consent to the access to geolocation (location with access to a navigational code).

Rights of the User

  1. You shall have the right to request from the Company access to your personal data, including copies of the personal data undergoing processing. The first copy shall be free of charge. For any subsequent copies requested by you, the Company may charge a reasonable fee based on administrative costs.

  2. You shall have the right to obtain from the Company the rectification of inaccurate personal data concerning you, in particular because such data have been collected with errors or because they have changed following their collection. The aforesaid right shall also include the right to have incomplete data completed.

  3. You shall have the right to obtain from the Company the erasure of personal data concerning you, with the stipulation that you may only exercise this right in cases set forth in the provisions of the GDPR, i.e. when one of the following circumstances occurs:

    1. your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, in particular if the period during which the data were to be processed by the Company has already elapsed;

    2. you have withdrawn the consent on which the processing is based and the Company has no other legal ground for the processing;

    3. you have objected to the processing pursuant to Paragraph 5 and there are no overriding legitimate grounds for the processing;

    4. you have objected to the processing pursuant to Paragraph 6;

    5. your personal data have been unlawfully processed;

    6. your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Company is subject;

  4. You shall have the right to obtain from the Company restriction of processing of your personal data under the conditions set forth in the provisions of the GDPR, i.e. where one of the following applies:

    1. the accuracy of the personal data is contested by you, for a period enabling the Company to verify the accuracy of the personal data;

    2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

    3. the Company no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;

    4. you have objected to processing referred to in Paragraph 5, pending the verification whether the legitimate grounds of the Company override yours.

  5. You shall have the right to object to the processing of your personal data by the Company, pursuant to Article 21(1) of the GDPR, i.e. object, on grounds relating to your particular situation to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions. In the event that such objection is raised, the Company shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

  6. You shall have the right to object to the processing of your data by the Company pursuant to Article 21(2) of the GDPR, i.e. object to processing of personal data concerning you for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing. In the event that you exercise this right, the personal data shall no longer be processed by the Company for such direct marketing purposes.

  7. You shall have the right to data portability. Therefore, you shall have the right to receive the personal data concerning you, which you have provided to the Company, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Company. However, you shall only have this right where the processing is based on your consent or on a contract, and where the processing is carried out by automated means. In exercising this right, you shall also have the right to have your personal data transmitted directly from the Company to another data controller, where technically feasible.

  8. You shall have the right to withdraw your consent to the processing of your data at any time. However, withdrawal of your consent shall not affect the lawfulness of processing based on consent before its withdrawal. In the event that your consent is withdrawn, the Company shall cease to process your personal data processed solely on the basis of your consent. If your personal data are also being processed on any basis other than such consent, the Company may continue to process them on said other basis – as long as it exists.

  9. You shall have the right to lodge a complaint with a supervisory authority, i.e. one of the public authorities established by each Member State of the European Union that is responsible for monitoring the application of the GDPR. The supervisory authority competent for the Republic of Poland is the President of the Personal Data Protection Office.

User's Influence on the Scope of Shared Personal Data

With regard to data the provision of which is not contractually required for the use of the Application, the User shall decide by himself or herself upon which personal data to make available and to what extent. Restriction of sharing of personal data may limit access to all or some functions of the Application the availability of which is necessary for proper functioning of the Application, including: ability to purchase products, use services, receive promotional materials, participate in surveys, limited ability to make enquiries and initiate other transactions.

How long do we store your data?

The Company shall store the User's personal data for as long as is necessary to achieve the purpose of the processing.

Any data processed for the purpose of concluding, performing and terminating the contract shall be processed for the duration of the contract of electronic Services. Therefore, upon termination of the contract, including by deletion of the account by the User, the Company shall cease to process such data for this purpose. However, the Company may continue to process some data for purposes of the legitimate interests of the Data Controller, including for research, academic and statistical purposes, as well as for the purpose of preventing frauds and enforcing the provisions of the Terms of Use, as well as for the purpose of establishment and exercise of claims for as long as the processing is necessary for those purposes but no longer than until the date on which a reasoned objection is made to such processing.

Data connected with compliance with legal obligations to which the Data Controller is subject, including compliance with the obligations of keeping accounting and tax records in connection with settlement of accounts with Users using paid Services shall be processed for a period of time arising from applicable provisions of the law, in particular accounting and tax laws.

Data processed for direct marketing purposes shall only be processed for the duration of the contract but no longer than until the date on which an objection is made to the processing thereof.

Data processed solely on the basis of your consent shall be processed for the duration of the contract, and, following termination thereof, for a period of time set forth in your consent (if any). However, in no event shall they continue to be processed if the consent is withdrawn.

Personal data transferred by the User to third parties shall be stored by such parties on their terms.

How does the Company protect contents published by the User?

The Company shall take any necessary precautions in order to ensure full security of information published by the User against unauthorised access to such data and against disclosure thereof. Nevertheless, no data protection system can guarantee full security of the User's data. The User shall himself or herself be careful about the contents published by him or her and be particularly careful when sharing information; the User shall in particular avoid transfer of data via his or her own e-mail address operating outside of the Application.

The Company may communicate with the User in order to ensure security and privacy with regard to other administrative matters pertaining to breaches in the Application security. The Company shall publish notices on risks to data security as soon as it encounters any attempt at breaking the system protections. The User shall receive a message on the internal protections of the Application by means of an appropriate system message and shall have the right to demand such information in a regular written form. In order to obtain free information on security breaches in writing, please notify the Company at: prywatnosc@noinn.pl

In the Application, the User shall be granted the right to receive system notifications on alterations to the Application related to the functionality thereof. In the settings of the Application, the User may disable system notifications.

Changes to the Privacy Policy

The Company shall update and amend the terms and conditions hereof in order to adjust the provisions hereof to any amendments to the commonly applicable law, or in order to adjust this Privacy Policy to any technological and functional alterations in the Application. The User shall be notified of any changes to this Privacy Policy. A notice on the changes shall be immediately published in the Application and at the website noinn.pl. If the changes concern the User directly, information on the changes shall also be sent to the User's account in the Application. Please read the new terms and conditions of the Privacy Policy carefully. Your continued use of the Application after the Privacy Policy changes shall mean that you have read and accepted the new terms and conditions of the Privacy Policy. If the User refuses the new terms and condition, he or she should delete his or her User's account in the Application.

How to contact the Data Controller (the Company)?

If you have any questions related to this Privacy Policy, please contact the Company via e-mail or at the following address:

Noinn Sp. z o.o.
ul. Grzybowska 80/82
00-844 Warszawa, Poland

or via e-mail:
app@noinn.pl