Privacy Policy

This policy is informational and fulfills the information obligations imposed on data controllers by the Regulation of the European Parliament and ofthe Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)(hereinafter referred to as "GDPR").

‍

The terms listed below for the purposes of this Policy are defined as follows :

1. Proplanum  Application – An advanced software solution provided by the Service Provider for integrating and optimizing human resource management processes in an enterprise. The application includes integrated functional modules, covering: employee work schedule management and coordination system, time recording and documentation mechanism, including the use of mobile technology, electronic leave request processing module, task and project management tool, an internal communication platform for employees, and a system for designing and implementing employee surveys. Each of these functionalities is an integral part of the Proplanum  Application and is subject to the provisions of these Terms and Conditions.
2. Privacy Policy –This policy regulates the principles of personal data protection and privacy of Users, supplementing the terms and conditions of providing electronic services in connection with the use of the Proplanum  Application.
3. Terms and Conditions – The terms and conditions of providing electronic services in connection with the use of the Proplanum  Application.
4. Agreement – An agreement for providing electronic services between the Service Provider and the Service Recipient, within the scope of their business activities, covering both free and paid services.
5. Service Provider– Proplanum  Limited Liability Company, located at Sokołowska 34, 08-110 Siedlce, registered in the Business Register maintained by the District Court Lublin East in Świdnik, VI Economic Departmentof the National Court Register, under KRS number 0001078697, NIP 8212688991, REGON 52734453300000.
6. User – The Service Recipient and any person to whom the Service Recipient has enabled access to the Proplanum  Application within a specifically defined scope.
7. GDPR – Regulation(EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
8. Proplanum  Service – An online platform available at the URL https://app.proplanum.com/, enabling access to the Proplanum  Application.
9. Services – Electronic services provided by the Service Provider to Users based on the Terms and Conditions.
10. Service Recipient– An entrepreneur using the Services of the Service Provider, including the Proplanum Application and Proplanum  Service, and entrusting the Service Provider with the processing of personal data of the persons they employ, for purposes directly related to their business activities.
11. Website – The Service Provider's website available at the URL: https://proplanum .com.

1. The Service Provider is the Data Controller of personal data collected and processed for the purpose of ensuring the proper functioning of the Proplanum  Application and Proplanum  Service and all related services, including data such as: first name, last name, company name, industry, company address,company email address, company tax identification number (NIP), number of employees, phone number, computer IP address, geolocation (optional), data on the use of electronic services, subscriptions to commercial information, creation of backups, and other data collected using cookie technology, as well as other data voluntarily provided by Users.
2. The data mentioned in paragraph 1 above is collected directly from users during the use of the Proplanum  Application and Proplanum Service, browsing the Website, contacting via email, phone, contact form, and other methods of user interaction.
3. The Service Provider is the Data Processor within the meaning of Article 28 of the GDPR for all personal data of Users whose processing has been entrusted to it by Service Recipients under data processing agreements concluded between the Service Provider and the Service Recipient, particularly concerning personal data processed by the Service Recipient for purposes related to employment at the Service Recipient such as: name, email address, phone number, company name, tax identification number.
4. The Service Provider processes the personal data of Proplanum  Application Users for the purposes specified in the Privacy Policy, provided that appropriate consent has been obtained from the Users or provided that the processing of these data has been entrusted by the Service Recipient who is their administrator.
5. Personal data is also processed in the case of visitors to the Website and Proplanum  Service; users of the mobile version of the Proplanum Application; Service Recipients who have set up a user account; persons contacting the Service Provider via email, phone, contact form on the Website, or other communication channels based on the consent of these individuals.
6. The Service Provider ensures the protection of personal data by applying appropriate technological and organizational solutions in accordance with applicable legal regulations.
7. In matters related to the protection of personal data, Users and other persons whose data are processed can contact the Data Protection Officer (DPO) using the email address : kamila.krasuska@proplanum.com
8. The Service Provider reserves the right to modify this section in the event of changes in legal regulations, company policy, the scope of services provided, or in data processing technology. Users will be informed of any changes in an appropriate manner.

1. Personal data are processed for the following purposes :
   
   • ensuring the functionality of the Proplanum Application and all its modules and components, the Proplanum Service, and the Website, including user account management;
   • fulfillment of the agreement for providing electronic services, including delivering updates and technical support;
   • communication with Users, responding to inquiries, and conducting correspondence;
   • conducting marketing activities, including product and service promotions, profiling, and analytical and statistical activities;
   • issuing accounting documents, fulfilling tax and accounting obligations;
   • analyzing traffic on the Website and in the Proplanum Application, including the analysis of non-personal data concerning the use of the site.
2. The processing of personal data is based on :
   
   • the consent of the data subject (Article 6(1)(a) GDPR) for data such as: user login data, user IP address, user hardware data, geolocation data, data on the use of electronic services, subscriptions to commercial information, creation of backups, and other data collected using cookie technology, as well as other data voluntarily provided by Users;
   • a data processing agreement binding the Service Provider and the Service Recipient in the case of all personal data that the Service Recipient as the Data Controller entrusts to the Service Provider, including data such as name, email address, phone number, company name, tax identification number ;
   • compliance with legal obligations (Article 6(1)(c) GDPR);
   • the legitimate interest of the Service Provider (Article 6(1)(f) GDPR) in the form of conducting direct marketing and pursuing or protecting against claims.
3. The processing of special categories of personal data is carried out solely on the basis of explicit consent from the data subject (Article 9(2)(a) GDPR).
   

1. Personal data are processed for the period necessary to achieve the specified purposes, in particular:
   
   • until the expiration of any claims related to the use of the account or the provision of services;
   • for the duration of the obligation to retain accounting documents in accordance with legal requirements;
   • until the withdrawal of consent by the User or until the data becomes irrelevant for marketing activities;
   • until the completion of correspondence or until the User objects in the case of communication.

1. Users have the right to :
   
   • access their data and have it corrected if it is inaccurate;
   • request the deletion of personal data once the purpose for which it was collected has been achieved, and restrict its processing;
   • the right to data portability in a structured, machine-readable format;
   • the right to object to the processing of data, including profiling, especially for marketing purposes;
   • the right to withdraw consent to the processing of personal data at any time, which does not affect the legality of processing carried out on the basis of consent before its withdrawal;
   • the right to request temporary or permanent cessation of data processing or their deletion, especially if the data is incomplete, outdated, false, collected in violation of the law, or unnecessary for the purpose for which it was collected;
   • the right to lodge a complaint with the supervisory authority, i.e., the President of the Office for Personal Data Protection (ul. Stawki 2; 00-193 Warsaw) and the right to use legal protection measures before a court.
2. All requests regarding User rights should be submitted via email to info@proplanum.com or in writing to Proplanum  sp. z o.o., Sokołowska 34, 08-110 Siedlce. The Service Provider undertakes to promptly consider and respond to such notifications.
3. To the extent that the Service Recipient is the data controller of Users' data, they are responsible for the execution of Users' rights. The Service Provider commits to informing the Service Recipient about any notifications from Users related to the processing of their personal data.
4. In the event of changes in the manner or purposes of processing personal data, the Service Provider undertakes to inform users about these changes and, if necessary, to obtain renewed consent.
5. Providing personal data to the Service Provider acting as Data Controller by Users is voluntary, however, failure to provide necessary data may prevent the use of some features of the Proplanum  Application or Website.

1. Personal data of Proplanum  Application Users may be disclosed only to the following categories of recipients :
   
   • companies responsible for hosting, maintaining, and providing technical support for the Proplanum Service, including the management of IT infrastructure and CRM systems;
   • legal advisors, business consultants, and other experts as necessary for the provision of their services;
   • companies handling payment transactions related to services provided in the Proplanum  Application;
   • government bodies upon their request, within the limits specified by law;
   • the accounting firm and other entities involved in accounting and payroll services for the Service Provider.
2. In the event of Users contacting the Service Provider via email, phone, or other forms of communication, data may be transferred to companies supporting the management of electronic communication, including email and systems used to manage the Website and Proplanum  Application, to ensure efficient transmission of correspondence and communication.
3. Personal data of Users will not be transferred to countries outside the European Economic Area, thus ensuring their protection in accordance with GDPR regulations.

1. The Service Recipient, as the data controller of personal data of the persons they employ, is obligated to entrust the Service Provider with processing only such personal data of Proplanum  Application Users that are collected and processed for purposes and within the scope related to employment (based on employment contracts and other civil law contracts) and personnel management. This processing should be limited to the scope and duration necessary to fulfill the obligations arising from the Labor Code and other legal acts regulating civil law contracts.
2. The Service Recipient is obliged to process and entrust the Service Provider with only those personal data for which it has full rights and which do not infringe the rights of third parties. They must also ensure that the processing is based on a legally justified basis, in accordance with the Application Regulations and the applicable Privacy Policy.
3. The Service Recipient entrusts the Service Provider with the processing of personal data provided within the account, in particular Users' data, for the duration of the Agreement, unless other legal provisions require further processing.
4. The purpose of entrusting the processing of data is to enable the Service Provider to properly provide services related to registering and managing the working time of persons employed by the Service Recipient, as well as to perform the rights and obligations of users specified in the Regulations.
5. The Service Provider, with the consent of the Service Recipient, may further entrust personal data for storage to entities providing an appropriate level of data security in accordance with GDPR requirements.
6. The rules for processing personal data by the Service Provider on behalf of the Service Recipient have been established in a separate personal data processing agreement concluded between these entities.

1. As the Data Controller, the Service Provid erensures full protection and secure processing of Users' personal data and commits to complying with all GDPR requirements, in particular to:
   
   • incorporating data protection by design and by default, as referred to in Article 25 of the GDPR;
   • maintaining a record of processing activities, as referred to in Article 30(1) of the GDPR;
   • implementing appropriate technical and organizational measures to ensure a level of security appropriate to the personal data, as referred to in Article 32 of the GDPR;
   • reporting personal data breaches to the supervisory authority in accordance with the provisions of Article 33 of the GDPR;
   • notifying Users about the breach of their personal data protection in accordance with the provisions of Article 34 of the GDPR;
   • conducting a data protection impact assessment, as referred to in Article 35 of the GDPR, where necessary;
   • conducting prior consultations, as referred to in Article 36 of the GDPR, where necessary;
   • appointing a Data Protection Officer, as referred to in Articles 37 – 39 of the GDPR.
2. As a data processor processing personal data entrusted by the Service Recipient, the Service Provider ensures full protection and secure processing of Users' personal data and commits to complying with all GDPR requirements, including :
   
   • providing sufficient guarantees to implement appropriate technical and organizational measures to protect personal data and the rights of Users;
   • maintaining a record of categories of processing activities, as referred to in Article 30(2)of the GDPR;
   • reporting personal data breaches to the controller in accordance with the provisions of Article 33 of the GDPR;
   • appointing a Data Protection Officer, as referred to in Articles 37 – 39 of the GDPR.
3. Personal data is stored on servers secured against remote and physical access, in accordance with the latest protection standards. All technical and organizational measures have been applied to ensure data protection in accordance with applicable legal regulations.
4. Only persons authorized by the Service Provider, who have the appropriate confidentiality declarations, have access to Users' personal data. This access is limited and monitored to ensure the highest level of security.

1. The Service Provider uses cookies and similar technologies (e.g., pixel tags or Google Analytics) to optimize the functioning of the Proplanum  Application and Website. These files are used to store information on the end devices of Users, such as the service address, placement and expiration dates, a unique number, and other data according to their purpose.
2. Within the Proplanum Application, the following are used:
   
   • session cookies, which are temporary and remain on the User's device until logging out or closing the browser;
   • persistent cookies, stored for the period specified in their parameters or until they are deleted by the User.
3. Cookies are used for purposes such as collecting statistical data, analyzing website traffic, customizing content to User preferences, maintaining User sessions, and marketing purposes.
4. Users have the ability to manage their consent for the use of cookies through their web browser settings. The settings can be changed at any time, following the instructions of the browser manufacturer.
5. Disabling or turning off cookies may affect the availability of certain features of the Proplanum Application. However, refusing to use cookies does not prevent the use of the Proplanum  Service, except for features that require login.
6. The Service Provider also uses technologies to track User activity for statistical, analytical, and marketing purposes. These data are anonymous and do not contain personal information of users.
7. The Service Provider reserves the right to make changes to the cookie policy, about which Users will be informed through updates on the Website.