Terms of Service
Terms and Conditions
§1. General provisions
- These terms and conditions define the terms and conditions of using the Service and the rules for obtaining information and performing activities related to the use of the Service and the ByDiscovery Application.
- The Application and the Widget owner is BYDISCOVERY Sp. z o.o., Rynek 60, 50-116 Wrocław, KRS [National Court Register] 0001003223, NIP [Tax ID No] 8971914669, REGON [Nat’l Business Register] 523702674,, adres e-mail: firstname.lastname@example.org
- The terms used in the terms and conditions mean:
- Application – an on-line application run by the Service Provider functioning through the website https://app.bydiscovery.com;
- Widget – a widget called ByDiscovery Widget, installed on the Client’s website and used to provide Services to the Client;
- Service Provider – BYDISCOVERY Sp. z o.o., Rynek 60, 50-116 Wrocław, KRS [National Court Register] 0001003223, NIP [Tax ID No] 8971914669, REGON [Nat’l Business Register] 523702674, e-mail address: email@example.com,
- Website – the website at https://bydiscovery.com and all its subpages;
- Service – a full range of services provided electronically by the Service Provider to the Client in the scope specified in the Terms and Conditions;
- Plan – the scope of the Service indicated each time on the subpage describing the Plans – … ..
- Client – a natural person (having full legal capacity), a legal entity or an organizational unit without legal personality, which has performed or intends to perform legal acts through the Application. The client can be both an entrepreneur and a consumer;
- User – the client and any natural person (with full legal capacity) who uses the Application and the Widget with the authorization of the Client;
- User Account – an administrative website available in the Application for a specific User, the purpose of which is to enable the User to use the Services;
- Consumer – pursuant to the Act of 23 April 1964 of the Civil Code – a User who, as a natural person, performs, via the Application, a legal transaction not directly related to its business or professional activity. Consumers, within the meaning of these Terms and Conditions, are also entrepreneurs running a sole proprietorship, concluding agreements of a non-professional nature resulting from the subject of their activities;
- Users and Clients can contact the Service Provider electronically via e-mail address: firstname.lastname@example.org and via chat available on the Website and in the Application.
§2. Services provided through the Application
- The Service Provider provides electronic services to Clients based on the distance agreements concluded between the Client and the Service Provider.
- The Service Provider charges fees for the provision of Services to Clients on the terms set out in the Terms and Conditions and in the Pricing available on the Website.
- The essence of the Services is to enable access to the Application via the Internet. Through the Application, the Service Provider provides a Service used to analyze website visitors and to support lead generation. The current scope of the Service is available each time on the Website in the Help Center page.
- The Client may not use the Application and the Tool without registration.
- The User may not use the Application without registering an individual account.
- The conclusion of the agreement for the provision of Services takes place upon full and correct registration in the Application. The agreement is concluded for a definite period indicated in the Plan. The Buyer may terminate the agreement for the provision of the above-mentioned Services at any time in the mode of account deletion specified in these Terms and Conditions.
- Within 14 days from the conclusion of the agreement for the provision of Services, the Buyer who is a Consumer may withdraw from it without providing a reason. The model form on withdrawal from the agreement, which the User may use, is attached to these Terms and Conditions.
§3. Client and User registration
- Clients conclude agreements with the Service Provider for the provision of Services by registering an account in the Application.
- Users register individual accounts in the Application.
- Individual accounts enable Clients to use the Services provided through the Application. The Client may also be a User or designate a person to use the Services on behalf of and for the benefit of the Client.
- Registration of the Client’s account in the Application is made by completing the registration form and providing the following data:
- Personal: name, surname, email,
- Business: type of business, size of the organization, your role in the organization,
- Website data: page name, page URL, page type, page time zone.
- Providing false data is not allowed.
- It is not allowed to set up a Client account automatically.
- Account registration and subsequent actions under the Application on behalf of and for the benefit of the Client may only be performed by persons authorized to represent the Client or having appropriate authorization.
- The person authorized to represent the Client or the Administrator is obliged to immediately notify the Service Provider of the withdrawal of the authorization held to perform activities on behalf of the User specified in these terms and conditions.
- In the event of reasonable doubts as to the truthfulness of the data provided by the Client, the Service Provider may refrain from setting up the Client’s account or suspend the operation of the Client’s account until the doubts are clarified.
- In the event of organizational and legal changes, death or loss of legal capacity of the Client, the Client’s legal successors or their legal guardians should immediately inform the Service Provider of the circumstances.
- The Client Account contains the data provided by the Client or User during registration. If any of these data are changed later while using the Application, the Client or User is obliged to immediately update them using the appropriate form available in the Application.
- The Service Provider reserves the right to delete the User’s Client Account at any time and without providing a reason. In the event of deleting the account of the Client or User, the Client or User who is not a Client shall not be entitled to any claims against the Service Provider under the above title.
§4. General rules for using the Application and widget
- In order to be able to use the Widget and the Application, the Client or User must meet the following technical requirements:
- have a computer, laptop, mobile phone or other device with Internet access;
- have access to e-mail;
- use a web browser (Chrome, Safari, FireFox, Opera or Edge – in the latest versions);
- enable the option of saving cookies in the browser.
- Any actions taken by Clients and Users should comply with applicable law and good practices.
- It is forbidden to use the Application and Widget in any way to the detriment of other Clients, Users, the Service Provider and third parties.
- Each Client and User undertakes to:
- use the functionalities and resources of the Application and Widget made available in accordance with their purpose;
- verifying whether the technical requirements necessary to use the Service and install the Widget are met;
- not using the Service to process data of specific categories,
- not posting, via the Application and Widget, hyperlinks to infected websites or websites whose subject matter is illegal
- not to take any actions that may hinder or disrupt the functioning of the Services (Application and Widget)
- compliance with the principles of Polish law,
- respect for the rights and personal rights of other Clients and Users,
- not to act to the detriment of other Clients, Users, Service Providers and third parties.
- In order to be able to use the Services, the Client generates and installs the Widget on their own website. The application is used to monitor the Service performed using the Widget.
- The rules for using the Widget are set out in §5.
- The Service Provider grants the Client a non-exclusive, individual and non-transferable license to use the Widget, for the period for which the agreement for the provision of Services is concluded, throughout the world.
- The license will be granted upon the conclusion of the agreement for the provision of Services.
- The license will be granted in the following fields of operation:
- using, recording, displaying, storing, applying, including sharing with the Client’s employees;
- entering into the Client’s website, into the memory of a computer, server, workstation, collecting, sending, sharing and deleting data within the Client’s IT network;
- duplication of the Widget for the sole purpose of making backups.
- Granting a license to use the Widget does not include sublicensing rights to third parties.
- The Client and User shall not be entitled to:
- developing Widget and introducing any kind of changes and modifications to it;
- selling, sharing, licensing, assigning, transferring the right to use, putting into use under any payable or free title of the Widget or issued documentation to other persons or legal entities. The exception is when the Client makes the Widget available to the Client’s employees in the scope of their activities;
- translating, adapting, changing the layout or any other changes to the documentation, modifying the Widget, including creating new versions and adaptations as well as disposing and using them,
- making any unauthorized changes to the Widget’s source code, identification marks placed on the Widget and the documentation attached to it.
- The Client undertakes to use the Widget only for the purposes of his own business or his own non-economic activity.
- The Client and the User may not undertake, nor may they allow third parties, to take steps to reverse engineer the Widget’s source code, disassemble, decompile and translate the Widget.
- The Client and User are not entitled to any kind of rights to the source code of the Widget.
- The scope of using the Widget is as follows:
- The widget cannot be used by the Client or User to provide data processing services to any third parties, e.g. in the form of outsourcing services or training services.
- The Client or the User accepts responsibility for the acts or omissions of entities to whom he has made the Widget available, staff (including temporary staff) or subagreementors in relation to any breach of agreement or obligations under the agreement by third parties, temporary staff or subagreementors.
- The Client or User may not make the Widget available in any form to third parties. For this purpose, the Client or the User undertakes to exercise due diligence to prevent third parties from gaining access to the Widget. Gaining access by third parties to the Widget without the active cooperation of the Client or User, but caused by the Client’s or User failing to exercise due diligence to prevent such access, is considered a breach of the Service Provider’s copyrights.
- In the event of the development of the Widget by the Service Provider, the license for new solutions will be granted automatically under the terms of this agreement, upon delivery of such an update, unless the Parties agree otherwise.
- The Client and the User undertake to:
- secure and protect the property rights of Widget and any copies made of it,
- ensure that no copies of the Widget in any form will be transferred to any third parties without the express prior consent of the Service Provider in writing,
- instruct your staff who have access to the Widget not to copy (except for agreementually authorized copies), decompile, disassemble, reverse engineer or duplicate the Widget, or provide information or assistance regarding the above activities to any third party,
- not to grant access to the Widget to any third parties without the prior consent of the Service Provider in writing,
- duplicate any copyright notices on any material related to the Widget or part of it that contains such copyright notices,
- not remove any verbal and graphic signs, however used or legally reserved by the Service Provider or licensors, information about copyright, information about trademarks, information about confidentiality, marks, explanations or any other information contained in the Widget,
- not to undertake any legal or factual actions aimed at assignment, sublicense, establishment of use, pledge, transfer of possession or any other action with regard to their rights, obligations or obligations under the agreement without the prior consent of the Service Provider;
- inform the Service Provider of any infringement of the Service Provider’s property rights to the Widget, which will be noticed by the Client or the User in the course of his business using the Widget.
- All prices listed on the Website are net prices specified in the currency chosen by the Client. The amount of tax depends on the Client’s place of residence.
- The content of the agreement consists of: the content of the Terms and Conditions and the content of the Plan selected by the Client..
- Orders can be placed via the website Application using the order form. The Service Provider does not allow placing orders by phone, e-mail or stationary.
- Then, the Client undergoes the procedure related to the finalization of the Service and payment order. Clicking the button finalizing the order is tantamount to declaring the Client’s knowledge of placing the order entailing the obligation to pay.
- The agreement is concluded when the Client confirms the order placement, ie when the “Complete plan change” button is clicked.
- The payment date is the day on which the payment should be credited to the Service Provider’s account.
- The condition for using the User Account and the Order Form is to confirm that you have read and accept these Terms and Conditions.
- Depending on the selected Plan, access to the Service and use of the Application may be subject to a fee. Access to the Application is paid for by making a prepayment ensuring access to the Application for a specified period of time.
- Current Plans with their prices are available at https://bydiscovery.com/pricing/
- Payment for access to the Application is made through the tools available in the Application. Payment for paid Plans is made by attaching the Client’s payment card.
- Plans cover various scopes and functionalities of the Service and may relate to agreements for the provision of Services for various periods.
- The Service Provider may change the price of access to the Service, in the case of periods not yet paid – the Service Provider will inform about any price changes in advance, also informing (if applicable) how to accept such changes. Price changes take effect at the beginning of the next billing period following the date of the price change. Your continued use of the Application after the price change comes into effect constitutes acceptance of the new price. If the Client does not agree to the price change, he has the right to reject such changes by resigning from using the paid Service after the end of the current billing period.
- The Client’s payment will be automatically charged from the Client’s payment card again at the end of the billing period, unless the Client terminates the agreement for the paid Plan before the end of the current billing period in the manner indicated in the Application. The service will be canceled from the day following the last day of the current billing period, and the User Account will be left with the Service for the basic, free Plan. If the Client who is not a Client cancels the payment or terminates the agreement after the cooling off period (if applicable) or before the end of the current subscription period, the Service Provider will not refund any subscription fees already paid.
- At the time of ordering the Service, the Client declares his willingness to receive VAT invoices. The VAT invoice is issued electronically without the recipient’s signature. The invoice is sent in .pdf format via the Service Provider’s e-mail address: email@example.com.
- The Service Provider may grant the Client a discount in relation to the standard fees for the provision of the Service on the terms set out in Price List or separate terms and conditions or agreements. The amount of the discount granted may depend, in particular, on the length of the settlement period that applies to a given Client.
§7. Liability. Access and use of the Application and Widget
- The Service Provider undertakes to take all measures to ensure correct, safe, continuous and error-free access to the Application and Widget.
- The Service Provider shall bear no liability for:
- actions taken by Clients and Users;
- failure to meet the specific requirements of the Client, other than those resulting from the general assumption of the Application and Widget;
- correctness, credibility and accuracy of data obtained while using the Application and Widget;
- transient technical errors occurring during the operation of the Application and the Widget;
- defects in data entered into the Application or Widget by Clients and Users.;
- the quality, availability and correctness of the content obtained through the Application or Widget.
- The Service Provider is not liable for damages (also in the form of lost profits), image infringement, interruptions in the operation of the enterprise, loss of data or other economic information or other property losses, resulting in particular from:
- inability to use the Application or Widget,
- using the Application or Widget,
- no access to the Application or Widget, data, information, messages published or read in or using the Application or Widget,
- use of the Application by third parties using the login data provided by the Client,
- error in the functioning of the Application or Widget,
- the influence of third parties,
- acts and omissions of Users,
- Account Cancellation,
- and any other causes related to the Service, regardless of whether the losses, violations and losses were a direct or indirect result of the event.
- The Service Provider is not liable for damages caused by third parties who have accessed the Application using the correct data or device of the Client or User in order to gain access.
- The Service Provider is not responsible for any system disruptions caused by technical problems in the computer equipment and software used by the Client or the User, as well as failure of the Internet network, force majeure or unlawful interference of third parties that prevent the Customer or User from using the Application and offered for through the Service.
- In the event of notification of access to the Application or Widget by an unauthorized person, the Service Provider will take immediate steps to secure the collected data.
- The Service Provider has the right to make changes to the Service and the Application in connection with the ongoing work on improving and modernizing the Application. In particular, the Service Provider has the right to change the functionality of the Application or Widget.
- The Service Provider has the right to access the Client’s systems in which the Widget has been installed in order to monitor the correct functioning of the Services, Application and Widget, as well as to remove errors in the Service’s operation.
- For the purpose of improving the quality of the services provided by the Service Provider, the Customer agrees to the Service Provider’s access and use of information in the form of metrics, logs, and any data flowing from the Client’s IT infrastructure, including Users’ data and behavior (if they have a potential impact on the performance of the infrastructure ).
- The liability limitation referred to in sec. 2 and 3 does not apply to Clients who are Consumers.
- The Service Provider is obliged to provide the Service free from physical and legal defects.
- Each Client or User is entitled to file a complaint for any malfunction of the Application or Widget. The complaint should be submitted via e-mail sent to the following address:: firstname.lastname@example.org The description of the irregularity should allow the Service Provider to identify the problem and repair it.
- The Service Provider will consider the complaint within 14 calendar days from the date of receipt of the complaint.
- In the event of a serious technical error, the Service Provider reserves the right to limit access to the Application website or the Widget and Services.
- All possible errors in the functioning of the Application or Widget, comments and information about the operation of the Application, Widget and Website, as well as violations of the Terms and Conditions should be reported to the Service Provider electronically.
- The Client who is a Consumer is not bound by the above methods of submitting complaints. He/She may submit a complaint in any way provided that a durable medium is used.
- A complaint should include:
- Client’s full name;
- address of residence for correspondence;
- attached proof of purchase (e.g. proof of transfer, etc.);
- the exact designation of the service complained about;
- indication of the defect describing the non-compliance of the service with the agreement and the date of its occurrence;
- request of the complainant (withdrawal from the agreeement, price reduction, removal of the defect);
- the filing date and the complainant signature.
- The Service Provider confirms the complaint receipt.
- If the Service Provider does not respond to the complaint of the Client who is a Consumer within 14 calendar days from the date of delivery of the complaint, it is assumed that he has accepted the complaint of the Customer and his request.
§9. The right to Terminate the Agreement
- Only Clients who are Consumers are entitled to the rights specified in this paragraph.
- Within 14 days from the date of conclusion of the agreement, the Client may withdraw from it without providing a reason. The deadline to withdraw from the agreement will expire after 14 days from the date of the agreement conclusion.
- To exercise the right of withdrawal, the Client must inform the Service Provider about his decision to withdraw from the agreement by an unequivocal statement. The statement of withdrawal should be sent to the e-mail address. A declaration of withdrawal may be submitted on the form attached as Appendix 1 to the Terms and Conditions, but it is not obligatory.
- In order to meet the deadline for withdrawal from the agreement, it is enough to send information regarding the exercise of the withdrawal from the agreement rights before the deadline for withdrawal from the agreement to one of the addresses indicated above.
- In the event of withdrawal, the price paid for the Service will be refunded to the Customer immediately and no later than within 14 days from the date on which the Service Provider was informed about the Client’s decision to withdraw. The refund will be made using the same payment methods as were used by the Client in the original transaction, unless the Client expressly agrees to another solution. Under no circumstances will the Client incur any fees associated with this refund.
§10. Deleting Client and User Accounts
- The Client and the User is entitled to delete their Account at any time. For this purpose, the Client or User should send an e-mail to the Service Provider from the e-mail address assigned to the Client’s account.
- The Service Provider may refuse to delete the Client’s or User’s account if it is bound to the Service Provider by a fixed-term agreement or the Client or User has violated these Terms and Conditions or applicable law, and the preservation of the Client’s or User’s data is necessary to clarify these circumstances and determine the liability of the Client or User.
- Deletion of the account at the Client or User’s request takes place within 14 days from the date of submitting the appropriate request.
- If the Client’s or User’s account has been deleted as a result of the Service Provider’s decision, the Client or User may not re-register in the Application without the prior consent of the Service Provider. Re-registration without consent may result in the deletion of the Account.
- The agreement for the provision of Services concluded between the Client and the Service Provider is concluded for a definite period indicated in the Plan selected by the Client. The Parties exclude the possibility of terminating the above-mentioned agreement, unless the agreement concluded separately with the Client provides otherwise. The Client’s Account remains active for the entire duration of the Agreement.
§11. Amendments to the Terms and Conditions
- The Service Provider reserves the right to change the Terms and Conditions at any time, in particular due to changes in the provisions of applicable law or technical and organizational changes in the manner of concluding and performing agreements and the scope of the Service, as well as in the event of a change in the legal organization of the Service Provider’s activities.
- The Service Provider will inform the User about the changes and their content 7 days before their introduction. The information is provided to the User by e-mail sent to the address provided during registration.
- If the Client does not take any action, the changes shall become effective as if the Client had accepted the amendments to the Terms and Conditions in the manner specified in this paragraph, starting from the first day of the next settlement period.
§12. Intellectual property rights
- All materials, including graphic elements, the layout and composition of these elements, trademarks and other information available in the Application and on the Website are the subject of the Service Provider’s exclusive rights. The indicated elements are the subject of proprietary copyrights, industrial property rights, including rights from the registration of trademarks and rights to databases and as such enjoy statutory legal protection.
- Downloading or using in any scope the materials available as part of the Application requires each time the written consent of the Service Provider and may not violate the provisions of these Terms and Conditions and generally applicable law, as well as may not violate the interests of the Service Provider and Users.
- Website and the Application elements modification and copying is prohibited.
- The creation of websites and applications similar or identical to the Application, which mislead recipients and may give the impression that they come from or are related to the Service Provider, is a tort under the Unfair Competition Combating Act.
- The Service Provider has the right to use the Client’s logotype and company in order to place it on the website and in promotional materials with information that the Client uses the Service Provider’s Services. The Client agrees to the above and grants a license in the above-mentioned scope. The Service Provider also has the right to grant further licenses for this purpose, e.g. to Internet portals and social media.
§13. Out-of-court dispute resolution
- In order to resolve a dispute arising in connection with making purchases on the Website, the Client has the opportunity to use the help of the following institutions before filing a case in a common court:
- using the permanent consumer arbitration court referred to in the Act of 15 December 2000 on the Trade Inspection by submitting an application for the settlement of a dispute arising from the sales agreement;
- applying to the Provincial Inspector of Trade Inspection with a request to initiate mediation proceedings in order to settle the dispute amicably;
- ask for help from a poviat or municipal consumer ombudsman or a social organization whose aim is to protect consumer rights.
- Detailed information on the possibilities of using out-of-court dispute resolution methods by the consumer and the availability of procedures are available at the offices and on the websites of institutions such as the Trade Inspection, district (city) consumer advocates, social organizations dealing with the protection of consumer rights, as well as the Office of Competition and Consumer Protection.
- At http://ec.europa.eu/consumers/odr an online platform is available for resolving disputes between consumers and traders at EU level (ODR platform). The ODR platform is an interactive and multilingual website with comprehensive customer service for consumers and entrepreneurs seeking out-of-court settlement of a dispute concerning agreementual obligations arising from an online sales agreement a or agreement for the provision of services.
§14. Final provisions
- In matters not covered by these Terms and Conditions, the provisions of generally applicable law shall apply, in particular the Act of 23 April 1964. Civil Code and the Act of 30 May 2014 on Consumer Rights.
- Polish law and the courts of Polish jurisdiction shall apply to any disputes arising under these Terms and Conditions and the agreement concluded by the Client and the Service Provider. The court competent to hear disputes between the Service Provider and the Client is the court competent for the registered office of the Service Provider.
- The Terms and Conditions are valid from 25.11.2022.
Data processing agreement
An entity that enters into an agreement with the Processor for the provision of services and the data of which is provided in the registration form,
hereinafter referred to as the “Controller“
BYDISCOVERY Sp. z o.o., Rynek 60, 50-116 Wrocław, Poland, KRS 0001003223, NIP 8971914669, REGON 523702674
hereinafter referred to as the “Processor“,
hereinafter referred to as a “Party”, and collectively as “Parties”.
For the purposes of the Agreement, the Controller and the Processor agree on the following meaning of the terms listed below:
- Personal Data – data within the meaning of Article 4(1) of Regulation 2016/679, i.e. any information relating to an identified or identifiable natural person;
- Personal Data Processing – whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction within the meaning of Article 4(2) of Regulation 2016/679;
- Agreement – this agreement;
- Master Agreement – agreements concluded by the Controller and the Processor for the provision of services with the content set out in the Terms and Conditions;
- Regulation 2016/679 – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119 of 2016, p. 1).
§2. Representations of the parties
The Parties declare as follows:
- The Parties declare that the Agreement has been concluded in order to perform the obligations referred to in Article 28 of Regulation 2016/679, in connection with the conclusion of the Master Agreement,
- The person entering into the Master Agreement and providing personal data to the Processor has the appropriate authority to represent the Controller,
- The Controller declares that it is a controller of Personal Data within the meaning of Article 4(7) of Regulation 2016/679, i.e. an entity that alone or jointly with others determines the purposes and means of the processing of Personal Data,
- The Processor declares that it is a processor within the meaning of Article 4(8) of Regulation 2016/679 under the Agreement, which means that it will process Personal Data on behalf of the Controller.
§3. Subject and duration of processing
- The Controller entrusts the Processor to process the Personal Data and the Processor undertakes to process it in accordance with the law and the Agreement.
- The Agreement is concluded for the duration of the Master Agreement and the performance of all obligations under the Agreement and the Master Agreement.
§4. Purpose and general principles of processing
- The Processor may only process Personal Data to the extent and for the purpose provided for in the Agreement.
- The purpose of the entrustment of the Processing of Personal Data is the performance of the Master Agreement, including in particular the performance by the Processor of the service of providing the BYDISCOVERY application and the BYDISCOVERY Widget as well as the performance of the services through them.
- The scope of the Personal Data processed by the Processor under the Agreement includes the categories of Personal Data each time entrusted to the Controller for processing via the BYDISCOVERY application and the BYDISCOVERY Widget.
- The scope of Personal Data processed by the Processor under the Agreement includes data of customers and potential customers of the Controller.
- The Processor shall only process Personal Data upon the documented order of the Controller. A documented order is deemed to be an order to process data included in the Master Agreement.
- When processing Personal Data, the Processor shall comply with the principles set out in the Agreement.
§5. Specific rules on the entrustment of processing
- Prior to commencing the Processing of Personal Data, the Processor shall adopt the security measures for the Personal Data referred to in Article 32 of the GDPR, in particular:
- taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of the processing and the risk of infringement of the rights or freedoms of natural persons of varying probability and severity, it shall apply technical and organisational measures ensuring the protection of the Personal Data processed to provide a degree of security appropriate to the risk. The Processor should adequately document the application of these measures, and keep these measures updated in consultation with the Controller,
- shall ensure that any natural person acting under the authority of the Processor who has access to the personal data processes it in accordance with the Controller’s orders, including the Controller’s directions and instructions, for the purposes and to the extent provided for in the Agreement,
- shall keep a register of all categories of processing activities carried out on behalf of the Controller as referred to in Article 30(2) of Regulation 2016/679 and make it available to the Controller upon request, unless the Processor is exempted from this obligation pursuant to Article 30(5) of Regulation 2016/679.
- The Processor shall ensure that persons having access to the Processing of Personal Data shall keep it and the means of securing it confidential, with the obligation of confidentiality also existing after the performance of the Agreement and the termination of employment with the Processor. To this end, the Processor shall only allow persons who have signed an obligation to keep the Personal Data and the means of securing it confidential to process the data.
§6. Further obligations of the processor
- The Processor undertakes to assist the Controller in complying with the obligations set out in Articles 32 to 36 of Regulation 2016/679; in particular, the Processor undertakes to provide the Controller with information and to comply with the Controller’s orders concerning the measures in place to safeguard the Personal Data, and the Processor undertakes to provide the Controller with information concerning personal data infringements within 24 hours of the discovery of an event that constitutes a personal data infringement.
- The Processor undertakes to assist the Controller, through appropriate technical and organisational measures, in complying with its obligation to respond to requests from data subjects with regard to the exercise of their rights set out in Articles 15 to 22 of Regulation 2016/679, and in particular the Processor undertakes to inform the Controller of a request made by a data subject within 5 days of receiving such request.
- The Processor undertakes to comply with any instructions or recommendations issued by a supervisory authority or an EU advisory authority in charge of the protection of Personal Data, with regard to the Processing of Personal Data, in particular in relation to the application of Regulation 2016/679.
- The Processor undertakes to inform the Controller immediately (according to the method of contacting or sending notices indicated in the Master Agreement) of any proceedings, in particular administrative or judicial ones, concerning the Processing of the entrusted Personal Data by the Processor, of any administrative decision or ruling concerning the Processing of the entrusted Personal Data directed at the Processor, as well as of any audits and inspections concerning the Processing of the entrusted Personal Data by the Processor, in particular those carried out by a supervisory authority.
§7. Outsourcing of processing
- The Processor may use the services of another processing entity (sub-processor).
- The Controller agrees to the outsourcing of the processing of the entrusted Personal Data, in particular to companies cooperating with the Processor, entities providing personnel, accounting and IT services to the Processor.
- In the case of outsourcing of the processing of Personal Data, the outsourcing of processing shall be based on an agreement pursuant to which the subcontractor (sub-processor) undertakes to perform the same duties as those imposed on the Processor under the Agreement.
- The Processor shall ensure that subcontractors (sub-processors) entrusted with data processing apply at least an equivalent level of protection of Personal Data as the Processor.
§8. Audit of the processor
- The Controller is entitled to verify compliance by the Processor with the rules for the processing of Personal Data pursuant to Regulation 2016/679 and the Agreement, by means of the right to request any information concerning the entrusted Personal Data.
- The Controller shall also have the right to carry out audits or inspections of the Processor regarding the compliance of the processing operations with the law and the Agreement. The audits or inspections referred to in the preceding sentence may be carried out by third parties authorised by the Controller. The audits and inspections shall be carried out after the date and manner of carrying them out have been agreed between the Parties.
- The Processor undertakes to inform the Controller immediately if, in the Processor’s opinion, an order given to it constitutes a breach of Regulation 2016/679 or other legislation on data protection.
§9. Responsibility of the parties
- The Processor shall be liable for damages that occur to the Controller or third parties as a result of the processing of Personal Data by the Processor that does not comply with the Agreement. The Processor’s liability for the acts and omissions of subcontractors (sub-processors) is waived.
- In the event of non-performance or improper performance of the Agreement by the Processor or infringement of the regulations on personal data processing, the Processor undertakes to pay compensation, however, the total liability of the Processor (towards the Controller and towards third parties) shall be limited to PLN 2,000.
§10. Termination of entrustment of the processing
- Upon termination of the processing services, the Processor is obliged, at the Controller’s request, subject to paragraph 2, to cease Processing the Personal Data and to delete from its records and IT systems all Personal Data and existing copies thereof.
- Notwithstanding the cessation of the services relating to the entrustment of the Processing of Personal Data, the Processor is entitled to process data relating to the confirmation of the performance of the service to the Controller.
- The deletion of personal data referred to in paragraph 1 shall be understood as destruction of Personal Data or its modification in such a way that it prevents the identification of the data subject.
- The deletion of the data must be documented by a written declaration signed by persons authorised by the Processor. The Processor undertakes to provide the Controller with a declaration of deletion of Personal Data within 7 days of such request being made by the Controller.
- Termination of the Master Agreement at any time and in any manner by either Party shall result in the expiry of the Agreement.
- The Controller shall be entitled to terminate the Agreement with immediate effect in the event that:
- the supervisory authority determines that the Processor is not complying with the personal data processing rules in respect of the data entrusted by the Controller,
- The Controller, as a result of the audit referred to in § 8 of the Agreement, determines that the Processor is not complying with the Personal Data Processing rules in respect of the data entrusted to it by the Controller and a 14-day deadline to remedy the infringements has expired without effect,
- The Processor has used Personal Data contrary to the Agreement or the law, has improperly processed the entrusted Personal Data despite prior requests to change the manner of processing, or has entrusted the processing of Personal Data to another entity without the consent of the Controller.
§11. Final provisions
- Any amendment to the Agreement must be made in documentary form otherwise being null and void.
- The Agreement is concluded in a clickable form by accepting its terms and conditions by selecting the appropriate checkbox when logging in for the first time to the system provided by the Processor.
- In matters not regulated by the Agreement, the provisions of the Civil Code Act of 23 April 1964 (i.e. Journal of Laws of 2017, item 459 as amended), as well as the provisions of Regulation 2016/679 shall apply.
- Disputes arising in connection with the performance of the Agreement shall be settled by the court having jurisdiction over the registered office of the Processor. The applicable law shall be the Polish law.