1. Who are we?
2. Personal data
3. For what purposes and on what legal basis do we process personal data?
4. How long do we process personal data?
5. Access to personal data in mobile applications
6. Data access permissions for Android mobile devices
7. Additional permissions for Android application
8. System logs
9. Cookies and other similar technologies
The Personal Data Controller is Comarch Spółka Akcyjna with its seat in Kraków, Aleja Jana Pawła II 39A, entered in the National Court Register maintained by the District Court for Kraków-Śródmieście in Kraków, XI Economic Division of the National Court Register under KRS number 0000057567. The share capital of the company amounts to 8.133.349,00 PLN. The share capital was paid in full. TIN: 677 – 00 – 65 – 406. You may contact the Controller in all matters relating to our processing of your personal data. The preferred form of contact is electronic correspondence addressed to the e-mail address:firstname.lastname@example.org
We process personal data that you have voluntarily provided to us. If you contact us, we will collect the e-mail address you indicate and any other identifying information you provide, such as your full name, e-mail address, or telephone number.
To protect the privacy of data and personal data that we collect and store, we maintain physical, technical, and administrative safeguards. We continually update and test our security technology. We train our employees on the importance of confidentiality and keeping your information private and secure. Access to your personal data is limited to employees who need it to provide services to you.
We process your personal data in order to:
– provide services electronically in accordance with the rules described in Comarch IBARD Service Terms and Conditions. The provision of our Services is inextricably linked to the processing of personal data and without performing such activities we would not be able to provide our Services to you;
– conduct marketing activities by means of electronic communication, e.g. via SMS messages or e-mail. We will only perform such activities based on your voluntary consent;
– pursue our legitimate interests. Our legitimate interests include: conducting a survey of the level of user satisfaction, possible establishment, investigation, and enforcement of claims or defense against claims, prevention of abuse and fraud, detection of cases of unauthorized use of services, ensuring IT security, financial analysis of the Controller, conducting activities of a marketing nature, responding to inquiries and messages of users, conducting statistics and performing analytical studies and tests in order to better adjust services to the needs of users or optimize processes, performing profiling operations, the purpose of which is to best match distributed information.
Your data will be processed until there is a basis for processing, i.e.:
– in the case of data processing based on consent, until its withdrawal;
– in the case of the necessity of processing the data to provide the Service, for the duration of providing the Service, and until the expiration of claims related to the Service, taking into account claim limitation periods set forth in generally applicable laws;
– in the case where the basis for the processing is the legitimate interest of the Controller, until you raise an objection or this interest ceases to exist.
The mobile application for Comarch IBARD Service may have access to your personal data such as phone numbers, e-mail addresses, and SMS/MMS messages. The application does not share personal data with the company or any other third-party service. If you choose to transfer or share your data in the cloud service, your data will be stored only in this service and only on configured accounts.
As part of Comarch IBARD Service, the user may use the mobile application to upload files to the server and download files from the server at their own discretion. Additionally, the application has the ability to make backups and automatically upload them to the server, and restore the following categories of data from the server:
– SMS/MMS messages
The user may select any combination of the listed groups to be backed up and uploaded to the server. Backup copies (of the selected groups) may be created automatically – according to a schedule set (by the user). Apart from creating and restoring backup copies, the application makes it possible to browse the contents of Comarch IBARD drive.
Comarch IBARD Service mobile application:
– does not collect device location data
– does not record the contents of the user’s screen
Personal data collected in the application’s memory (cache) on your device may only be collected to perform certain features for you. Such data is encrypted in a way that prevents unauthorized access.
In order to use Comarch IBARD Service via the mobile application (i.e. make a backup copy and restore the aforementioned data categories), the user has to grant the mobile application the following permissions:
a. SMS/MMS messages:
Access permissions are required to read and send SMS/MMS messages to the server. Apart from messages themselves, additional information is read out, such as a send/received date and the number of a sender/addressee.
In the case of Android version 4.4 and higher, due to the requirements imposed by the operating system (Android), the application (Comarch IBARD), in addition to the granted rights to read and write messages, must be set as the default message management application. This applies to both backup and restoration processes. In Android, only one application at a time can be the default application for message management. After the message restoration process is complete, Comarch IBARD application asks the user to restore the previous message management application.
Required permissions: READ_SMS (to read messages), RECEIVE_SMS (to receive incoming SMS messages when creating a backup copy), RECEIVE_MMS (to receive incoming MMS messages when creating a backup copy).
b. Contacts: The following permissions are required to create/restore backup copies of contacts: permission to read contacts (READ_CONTACTS), write contacts (WRITE_CONTACTS), access internal memory (read and write), WRITE_EXTERNAL_STORAGE, and READ_EXTERNAL_STORAGE (for Android version 4.1 and higher).
c. Calendars: The permissions READ_CALENDAR (to read calendar data) and WRITE_CALENDAR (to write calendar data) are required to create/restore calendar backups on a device.
d. Music: Internal memory access permissions (read and write) WRITE_EXTERNAL_STORAGE and READ_EXTERNAL STORAGE (for Android version 4.1 and higher) are required to create/restore backup copies of music files on a device.
e. Videos: Internal memory access permissions (read and write) WRITE_EXTERNAL_STORAGE and READ_EXTERNAL_STORAGE (for Android version 4.1 and higher) and permissions to a device camera (CAMERA) are required to create/restore backup copies of video files on a device.
f. Photos: Internal memory access permissions (read and write) WRITE_EXTERNAL_STORAGE and READ_EXTERNAL_STORAGE (for Android version 4.1 and higher) and permissions to a device camera (CAMERA) are required to create/restore backup copies of photo files on a device.
Additionally, in the mobile application on Android devices, we require such permissions as:
– Permission to check network status (ACCESS_NETWORK_STATE) – to check if Internet access is provided
– Permission to check Wi-Fi status (ACCESS_WIFI_STATE) – to check whether a device is using Wi-Fi, if the user has selected that backups are to be performed over Wi-Fi only
– Permission to control the flash of a device while taking pictures (FLASHLIGHT)
– Permission to control the vibrations of a device (VIBRATE) used when receiving notifications
Each visit of a user accessing Comarch websites is automatically recorded on the server in the so-called system logs. Data stored in this way include the date and time of a visit and an IP address. Data from the system logs is used solely for the purpose of server administration and website visit statistics.
The cookies technology is used by most well-developed websites in order to improve website quality, and in particular to:
- create viewing statistics for particular content,
- personalize services provided on a website,
- maintain user sessions,
- authenticate persons using a website,
- provide users with personalized advertising content.
Comarch websites use the following types of cookies:
- “indispensable” cookies that make it possible to use services available on a website, e.g. to use sessions
- “functional” cookies that allow “remembering” settings selected by the user and personalizing the user’s interface, e.g. considering the selected mobile/standard version, last phrases typed by the user, a website’s layout, tab mechanism sta-tus, etc.
- “analytical” cookies that allow the monitoring of user activities on a website.
Cookies are not used to process or store personal data, they cannot be used to directly identify a user, and they do not introduce configuration changes to a browser or end device used for telecommunication purposes. The user has the possibility to independently determine the conditions of using cookies and can disable them at any time, using the settings of a web browser or service configuration. This can cause most web pages to be inaccessible or displayed incorrectly.
In some cases, it is possible to set a browser to ask for the user’s consent to cookies in each case. This provides the user with control over cookies, but may slow down a given browser. To easily manage cookies, please select your browser from the list below and follow instructions:
If cookie settings are not changed, it means that cookies will be placed on the user’s end device and thus Comarch will store information on the user’s end device and gain access to that information.