mapa

Privacy Policy

Effective from 10th of June 2024
Download the document

PREAMBLE

The following provisions constitute the privacy policy (hereinafter: “Privacy Policy”) and Cookies Policy, which define the information and principles regarding the collection and processing of data, including personal data of Users of Services provided by Fintecom S.A. based in Koszalin within the GG & GGapp communication platforms.

Acceptance of one of the service regulations by Fintecom listed below:

also signifies acceptance of this Privacy Policy and Cookies Policy.

I. Definitions:

  1. Fintecom / Administrator – Fintecom S.A. based in Koszalin, address: ul. Marszałka Józefa Piłsudskiego 45, 75-502 Koszalin, registered in the National Court Register by the District Court in Koszalin, IX Economic Division under KRS No. 0001056179, NIP: 6692501424, REGON: 320877907.
  2. GG Messenger / GG Communication Platform – Internet messenger owned by Fintecom S.A. based in Koszalin.
  3. GGapp – a separate internal communication application based on a designated pool of GG numbers assigned in advance for a given company/team, not visible in the public GG directory.
  4. Service – service provided electronically within the GG online communication platform.
  5. GG User / GGapp User – a natural person, legal entity, or organizational unit without legal personality registered on the GG/GGapp platform via an online registration form to use the GG Messenger or GGapp Service, to whom a unique GG number has been assigned.
  6. Service User / User – a GG User or another unregistered person in GG Messenger or GGapp, a natural person, legal entity, or organizational unit without legal personality using the Service within the GG online communication platform, including payment services provided by Fintecom.
  7. GGwallet – an electronic payment service within the GG online communication platform involving the handling of the “GGwallet” Payment Instrument.
  8. GGwallet User – an adult natural person, legal entity, or organizational unit without legal personality being a GG Messenger User, with legal capacity, who has completed the GGwallet registration process.
  9. Supporter/Contributor – any adult natural person with full legal capacity, legal entity, or organizational unit without legal personality who voluntarily supports a chosen GGwallet User in any amount.
  10. GG Premium – a paid service in the form of a benefits package provided by Fintecom in GG Messenger.
  11. GG Announcements – a service available at ogloszenia.gg.pl, provided by Fintecom, offering GG/GGapp Users the possibility to add and view Announcements posted by GG Premium Users.
  12. Verification transfer – a transfer from the bank account of the GG User or a bank account of which this User is a co-holder, and to which the User’s personal data necessary to verify their identity are assigned.
  13. AML Act – The Act of March 1, 2018, on counteracting money laundering and financing terrorism.
  14. Fintecom Partners – entities that offer services or marketing and commercial information to GG Users and have signed a cooperation agreement with Fintecom.
  15. Third Party – a natural person, legal entity, or organizational unit without legal personality not covered by a contract, legal relationship, or other relationship defined by law between the Service User and Fintecom.
  16. Privacy Policy – this Privacy Policy and Cookies Policy.
  17. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

II. Personal Data Collector

The administrator of the personal data of the Service User is Fintecom S.A., ul. Marszałka J. Piłsudskiego 45, 75-502 Koszalin, registered in the National Court Register by the District Court in Koszalin, IX Economic Division under KRS No.: 0001056179, NIP: 6692501424, REGON: 320877907.

III. Contact Details

For matters related to the Privacy Policy, the Service User can contact our Data Protection Officer – Hanna Majchrowska: iod@gadu-gadu.pl.

IV. Scope and Purpose of Data Processing

  1. Fintecom ensures transparency regarding the collected personal data and how it is used. For this purpose, Fintecom informs about the type and purpose of using the collected personal data.
  2. In order to provide the Services defined by the Regulations listed in the Preamble and to perform necessary activities related to the provision of these services, Fintecom processes the data entered, including personal data with the User’s consent. The collected personal data may also be used to provide technical support and communicate with the User.
  3. Personal data entered by the Service User, including with their consent, are voluntarily provided by the User during the registration of the GG/GGapp Account, verification of the GG/GGapp account, verification of the GGwallet User, or when making contributions to the GGwallet User via bank transfer.
  4. The personal data of the GG/GGapp User may be processed for marketing purposes only with the separate consent of the User.
  5. The personal data of the Service User may be processed by Fintecom for the following purposes and on the following legal bases:
    1. provision of the service or performance of the contract at the User’s request — based on Article 6(1)(b) GDPR (necessity for the conclusion and/or performance of the contract or taking action at the request);
    2. sending an offer (e.g., advertising) at the User’s request — based on Article 6(1)(a) GDPR (consent);
    3. consideration of complaints/claims related to the contract — based on Article 6(1)(b) GDPR and based on Article 6(1)(c) GDPR (obligation arising from the law);
    4. establishing, pursuing, or defending claims — based on Article 6(1)(f) GDPR (legitimate interest of the Administrator);
    5. telephone or email contact regarding the provision of the service — based on Article 6(1)(b) GDPR;
    6. for the internal administrative purposes of the Administrator related to managing contact with the User, which is the legitimate interest of the Data Administrator based on Article 6(1)(f) GDPR;
    7. creating records related to GDPR and other regulations — based on Article 6(1)(c) GDPR and Article 6(1)(f) GDPR;
    8. archival and evidentiary purposes for securing information that may serve as proof of facts — based on Article 6(1)(f) GDPR;
    9. using cookies on the Website and its subpages — based on Article 6(1)(a) GDPR;
    10. based on Article 6(1)(f) GDPR and Article 6(1)(a) GDPR to interact with Users and manage social media services such as the fan page named GG – Gadu Gadu day and night on Facebook, GG – Gadu Gadu profile on X, GG – Gadu Gadu profile on LinkedIn, and gg.gadugadu profile on TikTok. The User’s personal data provided on the Administrator’s Fanpage will be processed to administer and manage the Fanpage, communicate with the User, interact, direct marketing content to the User, and create a Fanpage community. The Administrator sees the User’s personal data such as name, surname, or general information that the User makes public on their profiles. The processing of other personal data is carried out by social media platforms under their privacy policies;
    11. to tailor content displayed on the Administrator’s pages to individual needs and continuously improve the quality of services offered — based on Article 6(1)(f) GDPR;
    12. for direct marketing of the Administrator’s own products or services or recommended products of third parties — based on Article 6(1)(f) GDPR.
  6. Providing non-mandatory or excessive data that the Administrator does not need to process is at the User’s discretion, and in such cases, processing is based on Article 6(1)(a) GDPR (consent). The User consents to the processing of these data and to anonymizing data that the Administrator does not require and does not wish to process but was nonetheless provided by the User.
  7. Personal data processed for the provision of the GG messenger service is collected directly from the data subject and entered voluntarily by the User in the registration form during registration.
  8. Personal data required for registration in GG/GGapp:
    1. First name and surname or pseudonym
    2. Email address
    3. Location data (city)
    4. Gender
    5. Date of birth
    6. Mobile phone number
    7. NIP, company name, and business profile for business accounts.
  9. Personal data necessary for using GGwallet include the data listed in point 8 above, entered by the GG/GGapp User during registration in the service, as well as additional data such as: bank account number, address, identity document data, other data required by Fintecom based on legal regulations necessary to verify the GGwallet User.
  10. The service is provided only to persons who are at least 16 years old. By accepting the “GG Platform & GGapp & GGapp Terms of Service” and this Privacy Policy during registration, the User confirms that they are at least 16 years old.
  11. The phone number provided during registration:
    1. will be used by Fintecom to send a verification code via SMS, necessary for registering in GG/GGapp,
    2. may be used, upon the User’s request, to suggest to friends who have the User’s phone number saved in their phone contacts but do not have the User in their GG contacts,
    3. may be used during login to GG/GGapp and for recovering the User’s account password.
  12. The User is responsible for the accuracy of the provided personal data.
  13. If false personal data is provided, certain functionalities of the Service may remain unavailable to the GG/GGapp User until the data is corrected.
  14. Personal data processed for marketing purposes is obtained directly from the person it concerns, from the data voluntarily provided during the registration of the GG/GGapp User Account. Processing data for this purpose requires appropriate consent from the GG/GGapp User, which can be given or withdrawn at any time while using the services.
  15. For marketing purposes, Fintecom processes, with the consent of the GG/GGapp User, only the email address provided during registration.
  16. Automatic calling systems – systems used by Fintecom and Fintecom’s Partners to deliver messages (display advertisements) to GG Users that are an integral part of the GG communicator. The display of advertisements in the application and on GG websites is based on the legitimate interest of Fintecom and Fintecom’s partners (Article 6(1)(f) GDPR). The GG User may object to such data processing at any time, which will result in the cessation of service provision.
  17. Affiliate links and partner programs – the Administrator’s Website may display affiliate links to specific products or services of third parties. Clicking on a link will not incur any charges for the User. By using the Website, you agree to the use of cookies in this regard. The Website may also display advertisement windows with third-party products as part of Google AdSense. The Administrator informs that it has no influence on the content or appearance of these ads, which are determined by the provider’s algorithm, in this case, Google Ireland Limited. You can modify the settings and personalization of ads directly from your browser by going to: Google Ad Settings. Fintecom also allows GG Users access to applications provided by third parties (other than Fintecom). Information collected by Fintecom after enabling an application is processed in accordance with this Privacy Policy. Information collected by the provider of such an application is covered by the privacy policy of that provider (third party).
  18. Login data – GG/GGapp User’s personal data in the form of email address, GG/GGapp number, or User’s phone number may be used for logging into the Services.
  19. Sending contacts – if the GG User consents to transferring their device’s contact list (e.g., phone, tablet) to GG servers, Fintecom will notify the User that a person on their device’s contact list already has a GG account. The User can withdraw consent for contact list transfer at any time in GG settings. Contacts from the device that are on the GG contact list can be deleted at any time by the User, which will also remove these contacts from GG servers. The contact list from the GG User’s device will only be used to suggest to the User that someone from their contact list has a GG account and will not be shared with anyone.
  20. Usage data – in addition to the data mentioned in point 8 above, Fintecom processes the GG/GGapp number assigned to the User during GG/GGapp account registration and, based on the consent mentioned in point 6 above, processes other data not required by Fintecom entered by the User (description, tags, text in the “about me” tab, avatar).
  21. To protect GG/GGapp Communicator Users and ensure their safety, Fintecom also processes data characterizing the way the User uses the services, such as information about the connection of the GG/GGapp User’s end device with Fintecom’s teleinformation system, including information about the computer/phone (device UID, operating system version), login data (so-called system logs) containing the date, time of visit, scope of each use of the services, and the IP number of the device from which the connection was made, data on page view statistics and traffic, Installation_id, User-Agent, and roulette draw times.
  22. Location data – with the GG/GGapp User’s consent, Fintecom processes data on the approximate location of the User’s device when searching for people using the “Random Chat” function.
  23. Contact with Fintecom – Communication with the User of the Services via phone, email, contact form, GG chat, and other communication channels may require the User to provide personal data such as name, email address, phone number, GG/GGapp number. Personal data and the content of messages along with the date and time of correspondence, provided in connection with communication with the User of the Services, are used solely to provide technical support, respond to questions, or provide information.
  24. Fintecom may use the collected data for purposes other than those described above, including:
    1. developing new functionalities within the provided services, as well as improving them,
    2. creating new services,
    3. protecting Fintecom’s rights,
    4. if necessary for fulfilling legally justified purposes pursued by Fintecom or data recipients, and processing does not violate the rights and freedoms of the person whose data is concerned.
  25. Data processed by Fintecom is not subject to profiling unless the GG User has given consent.
  26. Information society services – the Administrator does not collect children’s data. The User should be at least 16 years old to independently consent to the processing of personal data for the provision of information society services, including for marketing purposes, or obtain consent from a legal guardian (e.g., parent). If the User is under 16 years old, they should not use the GG/GGapp Service. The Administrator is entitled to make reasonable efforts to verify whether the User meets the age requirement mentioned above or whether the person exercising parental authority or guardianship over a User under 16 years old has given or approved consent.

V. Payments

  1. Fintecom provides the Service User with the option of paid use of certain services in the communicator through external (not belonging to Fintecom) Payment Administrators. The User is required to familiarize themselves with the data processing rules provided by the Payment Administrator, who is also the personal data administrator provided by the User for making payments.
  2. Fintecom does not process personal data necessary for making payments through external (not belonging to Fintecom) Payment Administrators. Fintecom does not have access to the User’s card data, the card data is stored by the Payment Administrator through which the Service User makes payments.
  3. The Payment Administrator may be:
    1. PayU S.A.,
    2. Google Ireland Ltd,
    3. Apple Inc,
    4. PayPal (Europe).

VI. Verification transfer

  1. Fintecom processes GG/GGapp User data in connection with the verification transfer made by the User (in the amount of PLN 0.01 for the purpose of verifying the GG/GGapp account, only at the User’s request.
  2. In connection with the verification transfer made by the GG/GGapp User, Fintecom processes the following personal data visible on the transfer confirmation:
  1. By making a verification transfer, the GG/GGapp User consents to the processing of the data necessary to verify their GG/GGapp account.

VII. Processing time

  1. Data of GG Users necessary to use the free Services of the GG/GGapp Communicator, including personal data, are processed for the duration of the Services, until consent is withdrawn or an objection is made, but no longer than 2 years from the date on which:
    1. the User last logged into their GG/GGapp Account,
    2. the User’s account was deleted by the User,
    3. the GG/GGapp User’s account was deleted by Fintecom due to the GG/GGapp User violating the service regulations.
  2. In the case of GG numbers purchased by the GG User in the GG store, the period mentioned above is 2 years.
  3. GG/GGapp User data, provided to Fintecom during the verification transfer, and data provided during the purchase of GG Premium, are processed for the duration of the Services and for 5 years after the end of service provision in accordance with the AML Act.
  4. GG/GGapp User data necessary for verifying the GGwallet User’s account, such as:
    1. first and last name,
    2. address,
    3. bank account number,
    4. data contained in the identity document,
    5. data on the beneficial owner,

and other data provided by the GG/GGapp User in accordance with the GGwallet Owner Regulations, are processed for the duration of the Services and for 5 years after the end of service provision in accordance with the Act of March 1, 2018, on counteracting money laundering and financing of terrorism.

  1. All data regarding payments made by the Service User are processed for the duration of the Services and for 5 years after the end of service provision in accordance with the AML Act.
  2. Personal data of Donors/Supporters making donations to GGwallet Users and data regarding these donations, in particular: a. first and last name, b. address, c. bank account number, are processed in accordance with the AML Act, for 5 years from the date of the donation.
  3. After the period specified in points 1 – 6 above, the personal data of the Service User will be deleted or anonymized.
  4. Deleting the GG/GGapp Account by its User is equivalent to withdrawing consent for the processing of personal data for the purpose of providing services, as well as for the processing of personal data for marketing purposes.
  5. Deleting the GG/GGapp Account does not imply withdrawal of consent for the processing of personal data given to a third-party application provider. Withdrawal of consent for the processing of GG/GGapp User’s personal data provided to a third-party application provider is carried out according to the privacy policy of that third party.
  6. The personal data of the GG/GGapp User used for marketing purposes is processed for the duration of the service provision, or until consent is withdrawn or an objection is raised, but no longer than the period specified in points 1 – 5 above.
  7. The User’s data, including personal data, may be processed after the cessation of service provision for the purpose and to the extent necessary to clarify the circumstances of unauthorized use of the Service, based on the legitimate interests of the administrator (Article 6(1)(f) of the GDPR), but no longer than the period specified in points 1 – 6 above.
  8. The personal data of a User following GG profiles on social media will be processed for the duration of maintaining those profiles, based on the consent expressed by liking/clicking “Follow” or engaging in interactions such as leaving a comment, sending a message, and for the purpose of fulfilling the Administrator’s legitimate interests, i.e., marketing of their own products or services, or defending against claims.

VIII. Data Sharing by Fintecom

  1. Personal data processed by Fintecom may be disclosed to the following categories of recipients:
    1. Individuals authorized by Fintecom – employees and collaborators,
    2. Entities to which Fintecom has outsourced activities related to the provision of services to Service Users, based on personal data processing agreements,
    3. Fintecom partners for marketing purposes, only with the consent of the Service User.
  2. Personal data processed by Fintecom will not be disclosed to third parties unless:
    1. The obligation to disclose personal data arises from applicable laws,
    2. The disclosure of data serves the purpose of protecting Fintecom’s rights or resolving disputes,
    3. The User has consented to the disclosure of personal data to third parties.
  3. However, Fintecom reserves the right that:
    1. Personal data will be disclosed to third parties, through whom Fintecom performs certain functions necessary for conducting its day-to-day business. Fintecom exercises due diligence to ensure that third parties to whom personal data is disclosed for the aforementioned purpose treat the disclosed personal data in accordance with the Privacy Policy and in compliance with applicable laws,
    2. Personal data and other non-personal data may be disclosed to third parties when the GG User utilizes applications provided by third parties, of which the User is informed before using the application. In such cases, the data transfer from Fintecom’s information system occurs at the request and risk of the GG User.
  4. The User acknowledges that their personal data may be disclosed to authorized state authorities in connection with proceedings conducted by them, at their request and upon meeting the conditions confirming the necessity of obtaining such data from the Administrator.
  5. Users’ personal data will not be transferred to third countries.

IX. Rights of Service Users Regarding Personal Data

Service Users have the right to:

  1. Request Access to Their Personal Data: They can request the completion, updating, correction, restriction of processing, transfer to another data controller, or deletion of their personal data at any time, without providing a reason, as long as it does not conflict with universally applicable laws. Requests can be made via email at: iod@gadu-gadu.pl.
  2. Object to the Processing of Their Personal Data: They can object to the processing of their personal data based on Fintecom’s or Fintecom partners’ legitimate interests (Art. 6(1)(f) of GDPR). Objections can be submitted via email at: iod@gadu-gadu.pl. Objecting to the use of automated calling systems (displaying ads) will result in the cessation of service provision.
  3. Withdraw Any Consent at Any Time: They can withdraw their consent by submitting a request via email at: iod@gadu-gadu.pl.
    1. Withdrawing consent does not affect the lawfulness of data processing conducted based on consent before its withdrawal.
    2. Withdrawing consent for data processing for service provision will result in the cessation of those services. After withdrawing consent for data processing for service provision, the User’s personal data will be deleted or anonymized (subject to sections 5 and 11, section VII). To withdraw this consent, GG/GGapp Users can contact our Data Protection Officer or delete their GG/GGapp account using the appropriate function in the Account settings.
    3. Withdrawing consent for data processing for marketing purposes will result in the cessation of marketing communications to the User.
  4. File a Complaint: They can file a complaint with the President of the Personal Data Protection Office regarding issues related to the processing of their personal data by Fintecom.

The exercise of the above rights depends on the positive identification of the person making the request. This is to ensure that the request is made by the authorized individual.

X. Personal Data Security

Fintecom implements technical and organizational measures aimed at the best possible protection of personal data collected by Fintecom against unauthorized access or misuse by unauthorized persons. The technical measures used are updated with the development of new technologies, needs, and available security methods. The organizational measures ensure that within the structure of Fintecom, only individuals authorized by Fintecom, who are obligated to keep this data confidential, or entities entrusted with data processing based on a separate data processing agreement, have access to the User’s personal data.

Users should exercise diligence in securing their personal data transmitted over the Internet, particularly by not disclosing their login details to third parties, using antivirus protection, and keeping their software updated.

Fintecom regularly checks the compliance of its activities with applicable laws and this Privacy Policy.

XI. Cookie Policy

  1. User Consent: Upon the first visit to the Website, the User must consent to cookies or take other possible actions indicated in the communication to continue using the Website’s content. Using the Website implies acceptance of the Cookie Policy. If the User does not want to give such consent, they should leave the Website. The User can always change their browser settings to disable or delete cookies. Necessary information is available in the browser’s “help” section.
  2. Purpose: Fintecom uses cookies to enhance the quality of services provided by Fintecom by storing the preferences of the Service User.
  3. Identification: Cookies do not identify the User’s personal data and do not affect the operation of the end device or its software. Cookies are a string of characters sent from Fintecom’s IT system to the User’s computer when the browser requests a webpage.
  4. Customization: Cookies allow the customization of website content to the individual needs of the User. They also enable the creation of statistics showing how users use and navigate the websites.
  5. Types of Cookies:
    1. Session Cookies: Temporary files stored in the User’s end device until they log out, leave the website, or turn off the software.
    2. Persistent Cookies: Stored in the User’s end device for a period specified in the cookie parameters or until deleted by the User.
  6. Categories:
    1. Necessary Cookies: Enable the use of services, such as authentication cookies for services requiring authentication.
    2. Security Cookies: Used to detect authentication abuses within the provided services.
    3. Performance Cookies: Collect information on how services are used.
    4. Functional Cookies: Remember User settings and customize the User interface.
    5. Advertising Cookies: Deliver advertising content more suited to the User’s preferences and interests.
  7. Usage: Fintecom collects information from cookies for its own use.
  8. Third-Party Cookies: Cookies may also originate from third parties, such as entities running advertising campaigns for advertisers.
  9. Condition: The operation of cookies always requires their acceptance by the User and their non-deletion from the disk.
  10. Default Settings: Many web browsers are initially set to accept cookies by default.
  11. Other Technologies: In addition to cookies, Fintecom uses other data storage technologies, such as Local Storage, which stores data in a dedicated part of the browser’s memory or other additional modules extending the browser’s functionality (plugins). Local Storage operates similarly to cookies but has a long-term storage nature and does not have an expiration date. Unlike cookies, data in Local Storage is not automatically sent from the end device to the server but can only be retrieved via the website through which it was previously saved.
  12. Privacy Settings: Using tools available in each market browser, the User can change privacy settings at any time regarding both cookies and other data storage technologies (including Local Storage). Specifically, they can block the automatic handling of these technologies in the settings of individual browsers and plugins, or, depending on the technology and tool, notify about each placement in the User’s end device. Detailed information on the possibilities and methods of handling cookies is available in the settings of individual browsers and plugins. Changing settings may, however, cause some difficulties in using services or specific functionalities.
  13. Server Logs: Using the Websites involves sending queries to the server where the Website is stored. Each query to the server is recorded in the server logs. Logs include the User’s IP address, server date and time, browser, and operating system information used by the User, and are stored on the server. Logs are used to administer the Website, and their content is not disclosed to anyone except those authorized to administer the server. The Administrator does not use server logs to identify the User.

XII. Privacy Policy Changes

  1. Technological advancements may lead to changes in the Privacy Policy, which Fintecom will notify with a fifteen-day notice.
  2. Each change to the Privacy Policy shall become effective:
    1. fifteen (15) days after the notification of the change or at another time indicated by Fintecom, provided that such time period is not shorter than fifteen (15) days; in the event that the User of GG does not consent to the change, said User is obligated to submit an appropriate statement to Fintecom, including through Fintecom’s IT system, prior to the change taking effect and from that date onward is obligated to cease using the Service.
    2. immediately upon notification of the change or at another time indicated by Fintecom, if the changes concern provisions of the Privacy Policy that do not affect the situation of the Service User.