Privacy Policy

Version 0.1, 19 June 2024

Dear Customer,

We make every effort to ensure the security and confidentiality of your data. We care about your privacy, both when you visit our Website, register an account with us and use our services, as well as when you contact us by email or online chat, subscribe to our waitlist, newsletter or visit our social media channels. We act in compliance with the rule of law, including provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (hereinafter the "GDPR").

In this document, we would like to provide you with essential information about your personal data processing. For the sake of clarity, we have put them together in the form of questions and answers. All of this is to let you know why, on what basis and for how long we process your data, as well as who can access it and what rights you have.

HOW DO WE ACCESS YOUR PERSONAL DATA?

Using the website genielab.app service (hereinafter referred to as the "Service"), you may be asked to provide your personal data. The provision of data is voluntary, but in certain situations, it may be necessary. For instance, if you do not provide us with your email address, we will not send you our newsletter, you will not be able to join a waiting list, we will not register your account, or provide you with an email response to a question asked through a contact form.

Some data is collected automatically during your visit to the Service (such as browser type, operating system, etc.). They are used for website administration, hosting support, and creating appropriate marketing content. However, you can block and limit the installation of cookies through your browser settings or other (free) solutions.

WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?

The Administrator of your personal data is SoftStory s.c. Konarskiego 10, 33-100 Tarnów, PL NIP: 9930352666

If you have any questions or concerns, you can contact us by email at: contact@genielab.app

FOR WHAT PURPOSE, ON WHAT LEGAL BASIS AND FOR HOW LONG DO WE PROCESS YOUR DATA?

We process your personal data:

to conclude and perform the contract for the provision of services (registration and maintenance of the Customer account, placing orders for free of charge and chargeable services, execution of the contract):

legal basis: the processing is necessary for the performance of the contract or in order to take steps at the request of the data subject before entering into a contract (Article 6(1)(b) of the GDPR),
the data will be processed until the end of performing the service (deletion of the Customer account, termination of the contract for the provision of services);

to comply with personal data protection legal requirements:

legal basis: legal obligation incumbent upon us (Article 6(1)(c) of the GDPR),
data will be processed until the expiry of the prescription periods for claims due to the breach of data protection legislation;

to determine, pursue and defend possible claims:

legal basis: the processing is necessary for the purposes of our legitimate interests in taking actions aimed at protecting our rights in proceedings before the courts and other state authorities (Article 6(1)(f) of the GDPR),
the data will be processed until the expiry of the prescription periods for claims under applicable law;

to ensure the proper functioning of the Service and to analyse the activity of Service users:

legal basis: the processing is necessary for the purposes of our legitimate interests in conducting analyses and statistics on the use of particular functionalities of the Service (e.g. Google Analytics cookies, Facebook Pixel) (Article 6(1)(f) of the GDPR),
data will be processed until an effective objection is raised or the purpose of the processing is achieved;

to run a profile on X platform to interact with the users of the aforementioned social media:

legal basis: the processing is necessary for the purposes of our legitimate interests in promoting the Service and adapt its functionalities to current needs (Article 6(1)(f) of the GDPR),
the data will be processed until the expiry of the prescription periods for claims under the applicable legislation;

to answer your questions addressed to us by email, including via the form available on the Service and online chat:

legal basis: the processing is necessary for the purposes of our legitimate interests in communicating with our Customers and answering questions from our potential customers or other persons interested in our products and services (Article 6(1)(f) of the GDPR),
the data will be processed until the expiry of the prescription periods for claims under applicable law;

for marketing purposes (promotion of our goods and services):

legal basis: the processing is necessary for the purposes of our legitimate interests in maintaining business relationships with Customers and surveying their satisfaction, looking after our own interests and image (Article 6(1)(a) of the GDPR), or respectively the processing is based under the voluntary consent of the person who has given it for a specific purpose (Article 6(1)(a) of the GDPR),
the data will be processed until an effective objection is raised or the purpose of the processing is achieved, and in the case where the basis for the processing is the consent of the data subject until the consent is withdrawn (whereby withdrawal of the consent does not affect the lawfulness of data processing prior to its withdrawal);

We process your personal data, as long as it is necessary to achieve the aforementioned purposes unless you make a valid and proper request for your personal data to be deleted. In addition, the period of the processing may be subject to the content of the legal provisions applicable to us, e.g. in the case of the storage of financial documents or the time limits for pursuing the claims.

WHO MAY BE A RECIPIENT OF YOUR PERSONAL DATA?

In certain situations, if this proves necessary for the purposes of data processing, we rely on the support and assistance of external entities. However, each time, prior to the transfer of personal data, we require the recipients to guarantee an adequate level of data protection and confidentiality.

The recipients of your personal data may be:

entities involved in the performance of our contracts, e.g., accounting office, IT services providers, hosting services providers, payment systems providers,
entities whose help and services we use in the scope of our business activity on the basis of separate agreements, e.g. providers of tools to analyse activity on the Website and direct marketing, suppliers of tools for creating landing pages and collecting leads, suppliers of the office systems, suppliers of project management software, suppliers of communication software,
authorised state authorities under applicable laws,
other entities whose request for data transfer is justified under the applicable laws.

DO WE TRANSFER PERSONAL DATA TO THIRD COUNTRIES?

In general, we do not transfer personal data to countries outside the European Union and the European Economic Area (EEA). However, if such a need arises in connection with the provision of services, we will assess the circumstances and ensure that an appropriate level of data protection is in place so that the processing is carried out in accordance with applicable legal regulations.

Operating the Service, we use services and technologies offered by the entities such as Facebook, Google, Supabase which are based in the United States and may partially process personal data using servers located outside the European Economic Area (EEA). In the light of the provisions of the GDPR, these are so-called entities located in third countries, in respect of which an assurance of an adequate level of protection or a note of the existence of appropriate safeguards must be demonstrated.

We ensure that the aforementioned entities apply the compliance mechanisms provided for by the GDPR (e.g. certificates) or standard contractual clauses adopted by the European Commission (Article 46(2)(c) of the GDPR). For more information on the data processing by the aforementioned entities, please visit the websites of the providers of these services.

WHAT PERSONAL DATA DO WE PROCESS AS A PROCESSOR AND HOW DO WE OBTAIN THEM?

Under the terms of service and any other separate agreements, we also act as a processor, processing personal data of our Service Customers (Website Creators through our application). These data are collected and then stored in the genielab.app system in connection with the provision of separate services to our Service Customers.

As a processor, we process data only on the documented instructions of the controller of such data (under a data entrustment agreement), committing ourselves to secure the data properly by applying appropriate technical and organisational measures and ensure an adequate level of protection corresponding to the risks involved in the processing of personal data (in accordance with the Article 32 of the GDPR). We also ensure that persons authorised by us to the process have undertaken to keep it confidential. Upon completion of the services relating to the processing of personal data entrusted to us, we will return all such data to the controller of such data (the Customer) and delete existing copies unless applicable law obliges us to store personal data.

DO WE USE COOKIES?

We may use cookies on the Service, which are short text information stored on a user's computer, phone, tablet, or other device, which can be read by our system, as well as by systems belonging to other entities whose services we use or will use, such as Facebook, Google, Supabase.

As of now, the genielab.app Service does use only functional cookies to store information about authenticated user inside the app. Usually, web browsers allow the use of cookies by default. However, users can block and restrict the installation of cookies at their discretion through their browser settings or using other (free) solutions. If the service starts using cookies during your first visit to the Service, we will provide you with information about the use of cookies. If you do not change your browser settings, you consent to their use. For more information on how to change cookie settings, please refer to the website of your web browser.

HOW DO WE PROTECT YOUR DATA?

To ensure a high and consistent level of protection, we use IT environment safeguards adequate for the processing, as well as technical and organisational measures, which include, among others:

creating backup copies,
monitoring the security of personal data,
mitigating the risk of potential abuses and reacting promptly in case of their occurrence,
implementing data protection policies,
ensuring continuous confidentiality, integrity, availability and resistance of the processing systems and services,
allowing access to personal data only to authorised persons,
creating and regularly modifying passwords to access systems where personal data are processed.

CHILDREN’S PRIVACY

Our Services do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do necessary actions.

WHAT RIGHTS DO DATA SUBJECTS HAVE?

Data subjects whose data we process have the rights to:

access to their personal data;
change their personal data;
remove their personal data;
restrict the processing of personal data;
object to the processing of personal data;
transfer the personal data;
withdraw consent to the processing of personal data (provided that the processing is based on the consent of a data subject).

However, the rights listed above are not absolute, and in certain circumstances, after analysis, we may legitimately refuse to exercise them.

Please also be informed that the withdrawal of your consent to data processing will not affect the lawfulness of data processing that took place on the basis of the consent given before its withdrawal.

If you request us to exercise any of the above rights, we will respond to your request without delay, but no later than within one month of its receipt. If due to the complexity of the request or the number of requests, we are unable to comply with your request within one month, we will comply with it within a further two months. However, we will inform you of the intended extension of the deadline beforehand.

HOW CAN YOU COMPLAINT ABOUT IRREGULARITIES IN THE PROCESSING OF PERSONAL DATA?

If you believe that your personal data is processed by us contrary to the applicable law, you can file a complaint with the President of the Office for Personal Data Protection.

DOES USING THE WEBSITE INVOLVE SENDING LOGS TO THE SERVER?

The use of the Service involves sending queries to the server on which the Service is hosted. Each query sent to the server is recorded in server logs and stored on the server. The logs include, among others, date and time of the server, information about the Internet browser and operating system.

The data stored in the server logs are not associated with specific users of the Website and are not used by us to identify you.

The server logs constitute solely auxiliary material used to administer the Website, and their content is not disclosed to anyone except persons authorised to administer the server.

CAN WE AMEND OUR PRIVACY POLICY?

Yes. Personal data protection is a process that we adapt to meet current needs and changing technology. Therefore, our Privacy Policy may be supplemented or amended, as we will inform you by a post on the Website, and in the event of material changes, we will send separate notices on the amendment to registered service users by email.