Privacy Policy

By using our services, you entrust us with your personal data. This privacy policy is to inform you of how we collect and use information in Comarch IBARD Service. We would like to assure you that we feel responsible for the information and respect your privacy, so we make every effort to keep it safe.

1. Who are we?
2. Personal data
3. For what purposes and on what legal basis do we process personal data?
4. How long do we process personal data?
5. Access to personal data in mobile applications
6. Data access permissions for Android mobile devices
7. Additional permissions for Android application
8. System logs
9. Cookies and other similar technologies

1. Who are we?

The Personal Data Controller is Comarch Spółka Akcyjna with its seat in Kraków, Aleja Jana Pawła II 39A, entered in the National Court Register maintained by the District Court for Kraków-Śródmieście in Kraków, XI Economic Division of the National Court Register under KRS number 0000057567. The share capital of the company amounts to 8.133.349,00 PLN. The share capital was paid in full. TIN: 677 – 00 – 65 – 406. You may contact the Controller in all matters relating to our processing of your personal data. The preferred form of contact is electronic correspondence addressed to the e-mail address:kontakt@comarch-cloud.pl

2. Personal data

We process personal data that you have voluntarily provided to us. If you contact us, we will collect the e-mail address you indicate and any other identifying information you provide, such as your full name, e-mail address, or telephone number.
To protect the privacy of data and personal data that we collect and store, we maintain physical, technical, and administrative safeguards. We continually update and test our security technology. We train our employees on the importance of confidentiality and keeping your information private and secure. Access to your personal data is limited to employees who need it to provide services to you.

3. For what purposes and on what legal basis do we process personal data?

We process your personal data in order to:
– provide services electronically in accordance with the rules described in Comarch IBARD Service Terms and Conditions. The provision of our Services is inextricably linked to the processing of personal data and without performing such activities we would not be able to provide our Services to you;
– conduct marketing activities by means of electronic communication, e.g. via SMS messages or e-mail. We will only perform such activities based on your voluntary consent;
– pursue our legitimate interests. Our legitimate interests include: conducting a survey of the level of user satisfaction, possible establishment, investigation, and enforcement of claims or defense against claims, prevention of abuse and fraud, detection of cases of unauthorized use of services, ensuring IT security, financial analysis of the Controller, conducting activities of a marketing nature, responding to inquiries and messages of users, conducting statistics and performing analytical studies and tests in order to better adjust services to the needs of users or optimize processes, performing profiling operations, the purpose of which is to best match distributed information.

4. How long do we process personal data?

Your data will be processed until there is a basis for processing, i.e.:
– in the case of data processing based on consent, until its withdrawal;
– in the case of the necessity of processing the data to provide the Service, for the duration of providing the Service, and until the expiration of claims related to the Service, taking into account claim limitation periods set forth in generally applicable laws;
– in the case where the basis for the processing is the legitimate interest of the Controller, until you raise an objection or this interest ceases to exist.

5. Access to personal data in mobile applications

The mobile application for Comarch IBARD Service may have access to your personal data such as phone numbers, e-mail addresses, and SMS/MMS messages. The application does not share personal data with the company or any other third-party service. If you choose to transfer or share your data in the cloud service, your data will be stored only in this service and only on configured accounts.
As part of Comarch IBARD Service, the user may use the mobile application to upload files to the server and download files from the server at their own discretion. Additionally, the application has the ability to make backups and automatically upload them to the server, and restore the following categories of data from the server:
– SMS/MMS messages
– Contacts
– Calendars
– Music
– Videos
– Photos
The user may select any combination of the listed groups to be backed up and uploaded to the server. Backup copies (of the selected groups) may be created automatically – according to a schedule set (by the user). Apart from creating and restoring backup copies, the application makes it possible to browse the contents of Comarch IBARD drive.
Comarch IBARD Service mobile application:
– does not collect device location data
– does not record the contents of the user’s screen
Personal data collected in the application’s memory (cache) on your device may only be collected to perform certain features for you. Such data is encrypted in a way that prevents unauthorized access.

6. Data access permissions for Android mobile devices

In order to use Comarch IBARD Service via the mobile application (i.e. make a backup copy and restore the aforementioned data categories), the user has to grant the mobile application the following permissions:

a. SMS/MMS messages:
Access permissions are required to read and send SMS/MMS messages to the server. Apart from messages themselves, additional information is read out, such as a send/received date and the number of a sender/addressee.
In the case of Android version 4.4 and higher, due to the requirements imposed by the operating system (Android), the application (Comarch IBARD), in addition to the granted rights to read and write messages, must be set as the default message management application. This applies to both backup and restoration processes. In Android, only one application at a time can be the default application for message management. After the message restoration process is complete, Comarch IBARD application asks the user to restore the previous message management application.
Required permissions: READ_SMS (to read messages), RECEIVE_SMS (to receive incoming SMS messages when creating a backup copy), RECEIVE_MMS (to receive incoming MMS messages when creating a backup copy).

b. Contacts: The following permissions are required to create/restore backup copies of contacts: permission to read contacts (READ_CONTACTS), write contacts (WRITE_CONTACTS), access internal memory (read and write), WRITE_EXTERNAL_STORAGE, and READ_EXTERNAL_STORAGE (for Android version 4.1 and higher).

c. Calendars: The permissions READ_CALENDAR (to read calendar data) and WRITE_CALENDAR (to write calendar data) are required to create/restore calendar backups on a device.

d. Music: Internal memory access permissions (read and write) WRITE_EXTERNAL_STORAGE and READ_EXTERNAL STORAGE (for Android version 4.1 and higher) are required to create/restore backup copies of music files on a device.

e. Videos: Internal memory access permissions (read and write) WRITE_EXTERNAL_STORAGE and READ_EXTERNAL_STORAGE (for Android version 4.1 and higher) and permissions to a device camera (CAMERA) are required to create/restore backup copies of video files on a device.

f. Photos: Internal memory access permissions (read and write) WRITE_EXTERNAL_STORAGE and READ_EXTERNAL_STORAGE (for Android version 4.1 and higher) and permissions to a device camera (CAMERA) are required to create/restore backup copies of photo files on a device.

7. Additional permissions for Android application

Additionally, in the mobile application on Android devices, we require such permissions as:
– Permission to check network status (ACCESS_NETWORK_STATE) – to check if Internet access is provided
– Permission to check Wi-Fi status (ACCESS_WIFI_STATE) – to check whether a device is using Wi-Fi, if the user has selected that backups are to be performed over Wi-Fi only
– Permission to control the flash of a device while taking pictures (FLASHLIGHT)
– Permission to control the vibrations of a device (VIBRATE) used when receiving notifications

8. System logs

Each visit of a user accessing Comarch websites is automatically recorded on the server in the so-called system logs. Data stored in this way include the date and time of a visit and an IP address. Data from the system logs is used solely for the purpose of server administration and website visit statistics.

9. Cookies and other similar technologies

Comarch websites use so-called “cookies”, i.e. information recorded by servers on the user’s end device, which can be read by the servers each time the user connects to the websites using that end device. Comarch may also use other technologies with functions similar or identical to cookies. In this Comarch Privacy Policy, information regarding cookies also applies to other similar technologies used within Comarch websites. Cookies typically include the domain name of the website they originate from, the time of their storage on an end device, and a unique number. Cookies can be placed on the user’s end device and then used by third parties cooperating with Comarch that provide external tools for monitoring traffic and activities on the websites.
The cookies technology is used by most well-developed websites in order to improve website quality, and in particular to:

create viewing statistics for particular content,
personalize services provided on a website,
maintain user sessions,
authenticate persons using a website,
provide users with personalized advertising content.

Comarch websites use the following types of cookies:

“indispensable” cookies that make it possible to use services available on a website, e.g. to use sessions
“functional” cookies that allow “remembering” settings selected by the user and personalizing the user’s interface, e.g. considering the selected mobile/standard version, last phrases typed by the user, a website’s layout, tab mechanism sta-tus, etc.
“analytical” cookies that allow the monitoring of user activities on a website.

Cookies are not used to process or store personal data, they cannot be used to directly identify a user, and they do not introduce configuration changes to a browser or end device used for telecommunication purposes. The user has the possibility to independently determine the conditions of using cookies and can disable them at any time, using the settings of a web browser or service configuration. This can cause most web pages to be inaccessible or displayed incorrectly.
In some cases, it is possible to set a browser to ask for the user’s consent to cookies in each case. This provides the user with control over cookies, but may slow down a given browser. To easily manage cookies, please select your browser from the list below and follow instructions:

Edge,
Firefox,
Chrome,
Opera,
Safari.

Mobile devices:

Android,
iOS.

If cookie settings are not changed, it means that cookies will be placed on the user’s end device and thus Comarch will store information on the user’s end device and gain access to that information.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjTLDTest	session	To determine the most generic cookie path that has to be used instead of the page hostname, Hotjar sets the _hjTLDTest cookie to store different URL substring alternatives until it fails.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
_hjSession_2339003	30 minutes	No description
_hjSessionUser_2339003	1 year	No description
SESSION	session	No description