Privacy | Aisphub

I. INTRODUCTION
We make sure that the processing of Personal Data is lawful. The transparency of our activities is also important to us. Therefore, in the Privacy Policy we have collected the most important information regarding your Personal Data processed by us.

If you have additional questions regarding the processing of your Personal Data, please contact us via the form available at www.aisphub.pl.

II. DEFINITIONS
Capitalized words or phrases have the following meanings:

"Administrator/We" - Jakub Stolarski sole proprietorship, NIP 522 262 95 57, ul. Szkolna 121. 96-321 Osowiec.

"Personal data/Data" - information identifying you or making it possible to identify you directly or indirectly, having this information, e.g. name and surname, telephone number, e-mail address, address;

"Account" - A service that allows logging in without filling out the Form each time, viewing the account, changing data;

"Policy" - this document, i.e. the Privacy Policy;

"Regulations" - regulations for the provision of electronic services by us posted on the website: https://aisphub.com/agreement and https://aisphub.pl;

"GDPR" - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Regulation on data protection);

"MBudget" - a mobile application available in the play store

"aisphub.pl" - information page with a contact form

III. SUMMARY
We use personal data, e.g. to be able to provide the service of access to information about a bank account as part of open banking, to provide answers to questions asked to us, to accept complaints.

We transfer data only to entities that guarantee that they will process them in accordance with the law. These can be our partners, but also entities providing services to us (e.g. single sign on service: Facebook, Google and Microsoft)

First of all, we process Personal Data that you provide to us - your name, e-mail address, telephone number. Some information may also be automatically collected by the tools we use, e.g.: The application collects information about the provider of the single sign on login service. In addition, in accordance with the banking law, information required by the banking law for the purpose of displaying information about a bank account.

In connection with the processing of your Personal Data, you have a number of rights, such as: the right to access data, the right to rectify it, delete it, limit processing, transfer data, the right to object and the right to lodge a complaint with the supervisory authority.

For more information, please read the content of the Policy below.

IV. CONTACT WITH THE ADMINISTRATOR
The administrator of your personal data is Jakub Stolarski with its registered office in Osowiec, NIP 5222629557, ul. Szkolna 121 Osowiec, Żabia Wola.

Contact regarding the protection of personal data is possible via the form on the website www.aisphub.pl.

V. PROCESSING OF PERSONAL DATA
a. Registration and Account maintenance

Purposes and bases of processing:

By registering in the MBudget application and creating an Account, you provide us with the Personal Data necessary to register and set up an Account in the Azure computing cloud run by Microsoft, and your personal data with information about oAuth tokens will be stored in the Azure AD B2C service.

We process the above data on the basis of art. 6 sec. 1 lit. b) GDPR (processing is necessary to perform the contract to which you are a party or to take action at your request before concluding the contract) in order to provide you with electronic services in accordance with the Regulations.

In addition, based on our legitimate interests, i.e. art. 6 sec. 1 lit. f) GDPR, we adapt the MBudget application and www.aisphub.pl to provide you with the best possible experience related to their operation. We use Google AdMob integration for this purpose. This means that we assign information collected by Google AdMob to your Account, such as:

data related to the device you use,

data related to the browser you use,

your IP address,

your activities on the website or app,

location data,

advertising ID.

Voluntary provision of Data and the consequences of not providing them:

Providing Personal Data is a contractual requirement. Failure to provide personal data will prevent the creation of an Account.

Period of storage of Personal Data:

If you register in the mobile application, we will store your Personal Data as long as you have an Account in the MBudget application. You can delete your account at any time. After deleting your Account, we will store your Personal Data for the duration of the MBudget application in order to identify you as a returning customer and

those necessary for the purposes of PSD2. We process this data on the basis of art. 6 sec. 1 lit. f) GDPR, i.e. Our legitimate interest in recognizing you as a returning customer.

Providing Personal Data is a contractual requirement. If you do not provide Data, we will not be able to provide the bank account information service in the MBudget application.

Period of storage of Personal Data:

We will store your Personal Data for the time necessary to fulfill the request for access to information about the bank account, and then until the information required by the banking law for providing information about the bank account expires. Your Personal Data may be processed by Us for longer if required by law (e.g. tax, accounting, accounting, banking, anti-money laundering regulations), as a rule, it is 5 years from the end of the calendar year in which tax payment deadline. We may also process it longer if it concerns defense against claims.

c. Withdrawal from the contract and complaints

Purposes and bases of processing:

By withdrawing from the contract or submitting a complaint, you provide us with Personal Data necessary to consider your request. In this situation, we process Personal Data on the basis of our legitimate interest (Article 6(1)(f) of the GDPR) in order to process and consider your withdrawal from the contract or complaint, as well as for possible defense against claims. Our legitimate interest consists in considering your request and defending our rights.

Voluntary provision of Data and the consequences of not providing them:

Providing Data is voluntary, but necessary for us to take action.

d. E-mail or traditional contact

Purposes and basis of processing:

When you contact us by e-mail or in a traditional form (by letter) and this contact is not related to another concluded contract, the legal basis for the processing of your Personal Data is our legitimate interest (Article 6(1)(f) of the GDPR). It consists in conducting correspondence with you in order to settle a given matter. In this case, we only process Personal Data relevant to the case to which the correspondence relates. We also process Personal Data in order to possibly defend against claims based on our legitimate interest (Article 6(1)(f) of the GDPR). Our legitimate interest in this case is to defend our rights.

Voluntary provision of Data and the consequences of not providing them:

Providing Personal Data is voluntary and is not a statutory / contractual requirement / condition for concluding a contract. However, failure to provide this Personal Data will prevent us from contacting and settling the matter.

Period of storage of Personal Data:

Your Personal Data will be processed for the time necessary to settle the matter, and after this period for the period of limitation of claims of 3 years or until you express your objection, depending on which event occurs first.

h. Telephone contact

Purposes and basis of processing:

When you contact us by phone and this contact is not related to another concluded contract, the legal basis for the processing of Personal Data is Our legitimate interest (Article 6(1)(f) of the GDPR). We will ask you to provide Personal Data only when it is necessary to deal with the matter. Our legitimate interest is to talk to you to settle the matter. In this case, we only process Personal Data relevant to the case to which the contact relates. We also process Personal Data in order to possibly defend against claims based on our legitimate interest (Article 6(1)(f) of the GDPR). Our legitimate interest in this case is to defend our rights.

Voluntary provision of Data and the consequences of not providing them:

Period of storage of Personal Data:

i. Contact form/contact section”

Please do not provide us with Personal Data that is unnecessary to deal with the matter.

Purposes and basis of processing:

When you contact us via the "Ask us a question/Contact" form (or any other equivalent name), we process your Personal Data contained in the form in order to handle the inquiry. The legal basis for processing is the necessity of processing to perform the contract - to provide the service in accordance with the Regulations (Article 6(1)(b) of the GDPR). With regard to the processing of Data optionally provided by you, the legal basis for processing is consent (Article 6(1)(a) of the GDPR). You can withdraw consent fap at any time. This does not affect the processing carried out before its withdrawal. We also process Personal Data in order to possibly defend against claims based on our legitimate interest (Article 6(1)(f) of the GDPR). It is about defending our rights.

Voluntary provision of Data and the consequences of not providing them:

Providing Personal Data is voluntary, but necessary for the performance of the contract. Failure to provide this Personal Data will make it impossible to answer your questions.

Period of storage of Personal Data:

VI. PROCESSING OF PERSONAL DATA - the part concerning only business contacts
What Data we process:

If you are our contractor (running a sole proprietorship), we process, in particular, your Personal Data such as: name and surname, company (name), registered office address, NIP, REGON, bank account number, e-mail address and telephone number.

If you are a representative / proxy of a third party that is our contractor, we process in particular your Personal Data such as: name (names) and surname, PESEL number, function, e-mail address and telephone number.

Voluntary provision of Data and the consequences of not providing them:

Providing your Data is a contractual requirement and a condition for concluding and performing the contract and is voluntary. The consequence of not providing Personal Data is the inability to conclude a contract.

Period of storage of Personal Data:

If you are a contractor or a representative / proxy of a third party that is our contractor, your personal data will be processed for the duration of the contract, and after the end of the contract - for the period required by applicable law (including the period specified in the provisions on the limitation of claims). Your Personal Data will also be processed for the purpose of maintaining business relations, until we achieve the goal or until you object to the processing of your Data.

b. When you are the contact person of our contractor

Purposes of processing and legal basis for processing your Personal Data:

We process your Personal Data in order to:

implementation of cooperation on the basis of an agreement concluded by us as a party to the agreement (including for the purpose of maintaining communication) with your employer/client. The basis for processing is our legitimate interest (Article 6(1)(f) of the GDPR) consisting in the implementation of cooperation with your employer/client who indicated you as a contact person;

initiating contact and maintaining business relations. The basis for processing is our legitimate interest (Article 6(1)(f) of the GDPR), consisting in building a network of contacts and improving our services;

determining, investigating or defending against any claims. The basis for processing is our legitimate interest (Article 6(1)(f) of the GDPR) consisting in defending our rights.

Source of obtaining your Personal Data:

If your Data has been provided to Us by someone other than you, it is likely that the source from which we obtained your Data is your employer/client who indicated you as a contact person.

What Personal Data we process:

We process the Personal Data provided by you, such as: name and surname, telephone number, e-mail address, job position.

Voluntary provision of Data and the consequences of not providing them

The processing of Personal Data provided by you is a contractual requirement (performance of the contract concluded between Us and your employer / principal) and is voluntary. Failure to provide Data may make it difficult for Us to perform the contract.

Period of storage of Personal Data:

We process your Personal Data for the duration of the contract concluded by Us with your employer / principal (or for the period when you remain the contact person of your employer / principal in connection with the performance of the contract), and after the end of the contract for the period required by applicable law (in including for the period specified in the provisions on the limitation of claims). Personal data will also be processed for the purpose of maintaining business relations with your employer / principal until we achieve the goal or until you raise an objection.

VII. RECIPIENTS OF PERSONAL DATA
The recipients of your Personal Data may be: entities related to us personally or by capital, our contractors performing services for us, in particular in the field of legal, tax and accounting consulting, couriers, postal operators, entities providing ICT services and support (e.g. hosting providers, suppliers cloud computing services in which we store backups that may contain your personal data, the system provider has e.g., an entity providing us with CMS system services, in which your Data is stored in order to improve service, etc.).

In accordance with the provisions of generally applicable law, your Data may be made available to state authorities, in particular: tax offices, the Police, courts, prosecutor's offices.

In addition, in order to ensure the highest level of services, we use tools that may collect such Personal Data as information about your web browser, operating system, how much time it takes you to browse individual subpages, how much time you spend in the mobile application and on www.aisphub.pl, how you navigate it, what links you click on, what gender you are, what age you are, from which website you came to the application, location of the place from which you connect to the Internet (limited to the city). In our opinion, the information indicated above is not personal data within the meaning of the GDPR. They are collected by external service providers on the terms resulting from their regulations and privacy policies regarding the tools they use. By definition, this information is used to match advertisements to your interests as accurately as possible, measure how effective these advertisements are, improve the quality of services provided, and prevent abuse and fraud. More detailed information can be found in the further part of the Policy.

VIII. TRANSFER OF DATA TO THIRD COUNTRIES (OUTSIDE THE EEA)
As a rule, we do not transfer your Personal Data to third countries or an international organization. However, due to the fact that we use the services of external entities providing communication tools (e.g. e-mail), Data may be transferred to servers located outside the European Economic Area (outside the European Union, Iceland, Norway and Liechtenstein). External entities providing communication tools ensure an adequate level of protection of Personal Data through the use of compliance mechanisms, such as standard contractual clauses.

IX. DATA STORAGE TIME
The period of data processing by Us depends on the type of service provided and the purpose of processing. As a rule, the Data is processed for the duration of the service, until the consent is withdrawn or an effective objection to the processing of Data is made in cases where the legal basis for Data processing is our legitimate interest (mainly marketing purposes).

After the relevant processing periods have elapsed, the Personal Data will be permanently deleted or anonymized. The "Personal Data storage period" has been separately indicated for each of the processing activities described in points V. and VI. policy.

When you are a person who uses our profiles on social networking sites, your Personal Data will be processed in accordance with the provisions indicated in the privacy policies of these social networking sites. Links to the privacy policies of social networks can be found in point V. lit. e) Policies.

X. YOUR RIGHTS RELATING TO DATA PROCESSING
You have the following rights:

the right to access your Data, i.e. the right to obtain from Us information whether your Data is being processed, and if so, in particular information about the purposes of processing, data recipients, data storage period, etc.;

the right to obtain a copy of the Personal Data undergoing processing;

the right to rectification, i.e. the right to correct incorrect and/or incomplete Data;

the right to delete Data - e.g. when they were processed unlawfully;

the right to limit processing - on this basis, we stop performing operations on Personal Data, with the exception of operations to which you have given your consent, and their storage, in accordance with the adopted retention rules, or until the reasons for limiting the processing of Data cease to exist (e.g. a decision is issued supervisory authority, allowing for further data processing);

the right to transfer Data, i.e. the right to obtain Data in an organized, commonly used readable format, or the right to request the transfer of your Data directly to other administrators, when it is technically possible;

the right to object to the processing of Data on the basis of a legitimate interest (mainly applies to the processing of Data for marketing purposes);

the right to withdraw consent to the processing of Data - e.g. by changing the browser settings for cookies. Withdrawal of consent does not affect the lawfulness of processing prior to withdrawal of consent;

the right to submit a complaint to the President of the Office for Personal Data Protection if you believe that your Data is being processed unlawfully.

You have the right to object to the processing of your Personal Data when:

The processing of Personal Data is based on a legitimate interest or task carried out in the public interest or in the exercise of public authority, and the objection is justified by the particular situation in which you found yourself or

Personal data is processed for the purposes of direct marketing, including profiling, to the extent that the processing is related to such direct marketing.

If you have any requests related to the processing of your Personal Data, please contact us as described in point IV of the Policy.

In the event that we need more information about the submitted request, we will contact you with a request to clarify/provide additional information. Providing this information is not mandatory, but necessary to complete the request. Failure to provide information will result in the refusal to execute the request.

You can submit the request in person or through a proxy.

We will respond to your request within one month of receiving it. When we need more time to respond to you, we will inform you before the expiry of this period and indicate why we need more time to consider your request.

If you have asked us to submit your request electronically, we will provide you with a response in electronic form, unless you request that the response be provided in a different form.

XI. PROFILING
We do not profile our users at this time. We use the AdMob app to serve ads on the MBudget app.

XII. INFORMATION ABOUT COOKIES
Cookies are IT data, in particular text files, which are stored on the end device (e.g. on a computer/tablet/smartphone) of people visiting our website www.aisphub.pl, and the MBudget application.

The main purpose of cookies is to make it easier for you to use applications and to make applications more user-friendly. Information collected using cookies is stored e.g. for the purposes of maintaining your session at www.aisphub.com, they help us improve the application by making estimates regarding application usage statistics, they help to adjust the appearance of the application to your individual preferences and real needs.

The information stored or accessed will not change the configuration of your device or the software installed on it.

As part of the Website, we use four types of cookies:

session cookies: they collect information about your activities and exist only for the duration of a given session, which begins when you enter aisphub.pl and when you log in to the mobile application via Azure b2C and ends when you leave aisphub.pl and log in in the mobile application after going through the authorization path. After the session of a given browser ends or the end device is turned off, the stored information is deleted from memory. The session cookie mechanism does not allow you to download Personal Data or any confidential information from your device;

persistent cookies: they are stored in the memory of your device and remain there until they are deleted or expire. The mechanism of persistent cookies does not allow you to download Personal Data or any confidential information from your device;

own cookies: placed by us, which ensure the proper functioning of the application;

external cookies: read by ICT systems of third parties.

We use cookies based on your consent, except for those cookies that are necessary for the proper provision of electronic services.

After entering the application, until you agree, all cookies (except essential) remain blocked. You can manage which cookies to keep and which to disable. However, you must remember that disabling or limiting cookies may cause difficulties in using aisphub.pl and make it impossible to obtain an authorization token in MBudget.

If the web browser you use automatically agrees to the use of cookies and does not block them, in accordance with Polish regulations, we assumed that you consent to saving cookies on your device, storing information in them and accessing them. You can withdraw your consent through the appropriate settings of the software, in particular the web browser, installed on your device through which you use our applications.

We use cookies from the following third parties:

Wix

It is the CMS used to create www.aisphub.pl that most of the cookies come from this website and are necessary for the website to function properly.

XIII. SOCIAL TOOLS
In the web application, we use plug-ins and buttons provided by social networks: Facebook, Google Play.

By entering www.aisphub.pl, your browser sends information to portals that you have visited it. Plugins and buttons are part of social networks, therefore your input causes the browser to send information about the request to download the content and a given social networking site to www.aisphub.pl.

Website administrators may collect information about you and use this information to tailor the conditions of viewing the application to you.

Even if you are not logged in to the social network, the browser may send a set of information to the administrators of the social network. The set of information is limited compared to what is provided when you are logged in to social networks.

Detailed information can be found in the regulations and privacy policies of these social networking sites.

XIV. UPDATE POLICY
The policy is reviewed on an ongoing basis. The current version of the Policy has been adopted and is valid from 09-09-2022.