Privacy Policy
1. Privacy Policy - this Privacy Policy, which defines the rules for processing and protecting personal data in the Speci Service and describes the rights available to you.
2. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).
3. Capitalized terms used in this Privacy Policy have the meaning assigned to them in the Terms of Service for the provision of electronic services by Appsi P.S.A.
1. If you are a User or Client:
The controller of personal data of all Users collected in the Speci Service in connection with the provision of Speci services is Appsi Prosta Spolka Akcyjna with its registered office in Krakow, 30-544 Krakow, ul. Zamknieta 10 lok. 1.5, entered in the register of entrepreneurs of the National Court Register kept by the District Court for Krakow-Srodmiescie in Krakow, 11th Commercial Division of the National Court Register, under KRS number 0000910122, NIP 6762600061 (the "Controller").
The controller of personal data of all Users collected in the Speci Service in connection with the provision of Speci services is Appsi Prosta Spolka Akcyjna with its registered office in Krakow, 30-544 Krakow, ul. Zamknieta 10 lok. 1.5, entered in the register of entrepreneurs of the National Court Register kept by the District Court for Krakow-Srodmiescie in Krakow, 11th Commercial Division of the National Court Register, under KRS number 0000910122, NIP 6762600061 (the "Controller").
The remaining part of this Privacy Policy concerns the processing of personal data by the Controller as a data controller and fulfils the Controller's information obligation regarding personal data processing under the GDPR.
The Controller can be contacted at: Appsi P.S.A., email: speci@speci.io.
The Controller can be contacted at: Appsi P.S.A., email: speci@speci.io.
The Controller processes your personal data for the following purposes and on the following legal bases:
a) concluding and performing agreements for the provision of Speci services, communication related to agreement performance, and complaint handling. The legal basis is the necessity of processing for: 1) performance of an agreement to which you are a party, or taking steps at your request before entering into an agreement (Article 6(1)(b) GDPR); or 2) where you provide your personal data and are authorized to use Speci services on behalf of a Client with whom the Controller concludes or performs an agreement, the Controller's legitimate interests consisting in establishing and maintaining contact with the client, facilitating communication, and performing the agreement (Article 6(1)(f) GDPR).
b) fulfilling legal obligations, in particular obligations arising from tax and accounting regulations, including maintaining accounting books and tax records and issuing invoices or bills connected with business activity. The legal basis is compliance with a legal obligation imposed on the Controller by applicable law (Article 6(1)(c) GDPR).
c) protecting rights and defending against possible claims, pursuing claims connected with an agreement, and handling complaints. The legal basis is the Controller's legitimate interest in defending against claims, pursuing claims, and ensuring continuous and uninterrupted business operations (Article 6(1)(f) GDPR).
d) marketing purposes: if you have given consent by selecting the relevant option in the registration form or in your account configuration panel, we may occasionally send information about new offers or updates connected with Speci applications to your email address. The legal basis is the Controller's legitimate interest in marketing the Speci Service where you have agreed to receive commercial information or marketing content through channels specified by the Controller (Article 6(1)(f) GDPR). You may withdraw this consent at any time using the relevant option in your account configuration panel. You may also send your request by email to: speci@speci.io.
a) concluding and performing agreements for the provision of Speci services, communication related to agreement performance, and complaint handling. The legal basis is the necessity of processing for: 1) performance of an agreement to which you are a party, or taking steps at your request before entering into an agreement (Article 6(1)(b) GDPR); or 2) where you provide your personal data and are authorized to use Speci services on behalf of a Client with whom the Controller concludes or performs an agreement, the Controller's legitimate interests consisting in establishing and maintaining contact with the client, facilitating communication, and performing the agreement (Article 6(1)(f) GDPR).
b) fulfilling legal obligations, in particular obligations arising from tax and accounting regulations, including maintaining accounting books and tax records and issuing invoices or bills connected with business activity. The legal basis is compliance with a legal obligation imposed on the Controller by applicable law (Article 6(1)(c) GDPR).
c) protecting rights and defending against possible claims, pursuing claims connected with an agreement, and handling complaints. The legal basis is the Controller's legitimate interest in defending against claims, pursuing claims, and ensuring continuous and uninterrupted business operations (Article 6(1)(f) GDPR).
d) marketing purposes: if you have given consent by selecting the relevant option in the registration form or in your account configuration panel, we may occasionally send information about new offers or updates connected with Speci applications to your email address. The legal basis is the Controller's legitimate interest in marketing the Speci Service where you have agreed to receive commercial information or marketing content through channels specified by the Controller (Article 6(1)(f) GDPR). You may withdraw this consent at any time using the relevant option in your account configuration panel. You may also send your request by email to: speci@speci.io.
1. Your personal data was provided by you through the Speci application.
2. Providing an email address and password during registration is voluntary, but necessary to create an account and use the Speci services. Providing personal data to the Controller within the Speci Service is voluntary; however, failure to provide certain data may make it impossible to perform an agreement for selected Speci services.
3. We process User data provided or obtained through the applications, including: first and last name or company name, email address, password, phone number, device identifier assigned by the Speci service, last login time, mobile application version, date of joining the service, IP address, company name, registered office address, tax identification number, statistical number, and bank account number.
4. The application collects information about irregularities or errors occurring in any system component (mobile application, web portal, API), known as system logs. This data is collected for diagnostics and error removal. To facilitate diagnostics, logs may contain data entered by the user, which may include almost all of the parameters listed above. Data stored in server logs is not combined with Users and is not used by the Controller to identify them. The Controller processes log information for technical and administrative purposes, to ensure IT system security, and to manage the system. The legal basis for this processing is the Controller's legitimate interest (Article 6(1)(f) GDPR).
The Controller may disclose personal data to:
a) authorized employees and associates of the Controller;
b) service providers and entities supporting the Controller in exercising rights and fulfilling obligations, as well as service providers to whom the Controller outsources services connected with personal data processing, in particular accounting, legal, IT, server, and hosting providers. If you use electronic payments or card payments, we may process or disclose your data to payment service providers to the extent necessary to process the payment;
c) in some cases, supervisory authorities, courts, other public authorities, and authorized entities, only where we are required to do so by applicable law.
a) authorized employees and associates of the Controller;
b) service providers and entities supporting the Controller in exercising rights and fulfilling obligations, as well as service providers to whom the Controller outsources services connected with personal data processing, in particular accounting, legal, IT, server, and hosting providers. If you use electronic payments or card payments, we may process or disclose your data to payment service providers to the extent necessary to process the payment;
c) in some cases, supervisory authorities, courts, other public authorities, and authorized entities, only where we are required to do so by applicable law.
1. Your personal data is processed for the relevant periods:
a) we process your data only for as long as necessary. Personal data will be deleted when you delete your Speci account or otherwise terminate the agreement for the provision of Speci services, unless the purpose of processing ends earlier;
b) where the legal basis for processing is the Controller's legitimate interest, data is processed for the duration of that legitimate interest or until you submit an effective objection to the processing, unless the purpose of processing ends earlier.
a) we process your data only for as long as necessary. Personal data will be deleted when you delete your Speci account or otherwise terminate the agreement for the provision of Speci services, unless the purpose of processing ends earlier;
b) where the legal basis for processing is the Controller's legitimate interest, data is processed for the duration of that legitimate interest or until you submit an effective objection to the processing, unless the purpose of processing ends earlier.
2. For Clients using paid Speci services, where personal data is processed to fulfil legal obligations, in particular obligations arising from civil law or tax law, data is processed for the period required to perform duties and tasks arising from applicable legal provisions, including tax and accounting obligations, until the end of the financial year and for five years after its end in accordance with Polish tax law.
3. The data retention period may be extended by the limitation period for claims, including civil, administrative, or tax claims, if processing is necessary for the Controller to pursue or defend against such claims.
1. We make every effort to protect your personal data in accordance with applicable law. If you believe that the Controller processes personal data unlawfully, you have the right to lodge a complaint with the competent supervisory authority, in Poland the President of the Personal Data Protection Office.
2. In connection with the processing of personal data, you have a number of rights. Requests relating to these rights may be submitted to the Controller by email at speci@speci.io. In the cases specified by the GDPR, you have the right to:
a) obtain confirmation from the Controller as to whether personal data concerning you is being processed and, if so, request access to that data, including a copy;
b) request rectification if your personal data is inaccurate or incomplete;
c) request deletion of personal data;
d) request restriction of personal data processing;
e) request data portability;
f) object to processing on grounds relating to your particular situation, where processing is based on legitimate interest. You also have the right to object to processing for direct marketing purposes, including profiling related to direct marketing;
g) withdraw consent to personal data processing at any time, to the extent that processing is based on your consent. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. Withdrawal of consent may result in discontinuation of services that were provided on the basis of that consent.
a) obtain confirmation from the Controller as to whether personal data concerning you is being processed and, if so, request access to that data, including a copy;
b) request rectification if your personal data is inaccurate or incomplete;
c) request deletion of personal data;
d) request restriction of personal data processing;
e) request data portability;
f) object to processing on grounds relating to your particular situation, where processing is based on legitimate interest. You also have the right to object to processing for direct marketing purposes, including profiling related to direct marketing;
g) withdraw consent to personal data processing at any time, to the extent that processing is based on your consent. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. Withdrawal of consent may result in discontinuation of services that were provided on the basis of that consent.
The Controller does not use personal data for automated decision-making, including profiling, that produces legal effects concerning a person or similarly significantly affects that person.
As a rule, the Controller does not transfer your personal data to third countries, meaning countries outside the European Economic Area. When you use the Portal and the Mobile Application, collected data is stored on servers in data centers located in Poland. The mobile application is available on devices using iOS through the App Store and Android through Google Play. We will transfer personal data to a third country only where necessary and with the safeguards required by law, including on the basis of a European Commission adequacy decision, standard contractual clauses approved by the European Commission, or another mechanism allowing personal data to be transferred to a third country in accordance with law.
The Controller uses tools and services provided by suppliers from outside the European Economic Area that store Users' personal data on servers located in third countries, including the United States (Google LLC). These suppliers ensure an appropriate level of personal data protection through GDPR-compliant mechanisms, in particular standard contractual clauses. Details concerning the processing of personal data by these providers are available in their privacy policy: https://policies.google.com/privacy.
The Controller uses tools and services provided by suppliers from outside the European Economic Area that store Users' personal data on servers located in third countries, including the United States (Google LLC). These suppliers ensure an appropriate level of personal data protection through GDPR-compliant mechanisms, in particular standard contractual clauses. Details concerning the processing of personal data by these providers are available in their privacy policy: https://policies.google.com/privacy.
1. Cookies are small files, usually text files, saved on the User's end device, such as a computer, phone, or tablet, when using the application. They store settings, preferences, and information connected with the User's use of the website, such as browser type.
2. Cookies are saved on the end device to ensure proper operation of the application. The use of cookies helps improve the application, Portal, and Mobile Application for the needs of Users who visit them.
3. The Controller uses cookies and similar tracking technologies for purposes that constitute the Controller's legitimate interest (Article 6(1)(f) GDPR), including statistics and application management. This legitimate interest consists in analyzing Clients' activity and preferences while using the application in order to improve features and the Speci services. Data collected using cookies is processed automatically, which allows certain factors relating to natural persons to be assessed, but does not produce legal effects for Users.
4. The Controller reserves the right to collect IP addresses of visitors to the Portal website. These addresses may help diagnose technical problems with the IT system and create statistical analyses, such as identifying regions from which website visits originate. They may also be useful for website administration and improvement. IP addresses are collected anonymously, meaning they are not associated with any User data.
5. The Controller uses:
a) necessary technical cookies, which are always active. These cookies are required for the website and application to function. They are usually used in response to actions taken by the User, such as setting privacy options, completing forms, or saving a list to the clipboard. They include cookies responsible for security-related functions and enabling external features, such as displaying a map preview. You may configure your browser or application to block them, but the website and application may then not function properly. These cookies do not store any personal data.
b) analytics cookies. These cookies allow the Controller to count traffic sources and visits, collect information such as the most popular subpages, and see how Users navigate the website and application. They are not intended to identify you. If you block these cookies, we will not be able to collect information about your use of the website and application or monitor their performance.
a) necessary technical cookies, which are always active. These cookies are required for the website and application to function. They are usually used in response to actions taken by the User, such as setting privacy options, completing forms, or saving a list to the clipboard. They include cookies responsible for security-related functions and enabling external features, such as displaying a map preview. You may configure your browser or application to block them, but the website and application may then not function properly. These cookies do not store any personal data.
b) analytics cookies. These cookies allow the Controller to count traffic sources and visits, collect information such as the most popular subpages, and see how Users navigate the website and application. They are not intended to identify you. If you block these cookies, we will not be able to collect information about your use of the website and application or monitor their performance.
6. You can change cookie settings in your web browsers or directly through the website and application.