APPLICATION PRIVACY POLICY
SEA ALERT
Please read this privacy policy carefully. It describes how personal data collected and processed when you use the Sea Alert Application are handled.
GENERAL PROVISIONS
This Application privacy policy is for information only and does not itself create obligations for Application Users. It sets out, in particular, how the Controller processes personal data in the Application, including the legal bases, purposes and retention periods, and the rights of data subjects. This privacy policy also applies to the Sea Alert website (Sea Alert.info).
The controller of personal data collected through the Application is Wojciech Danilczuk conducting business under the name ARKONA WOJCIECH DANILCZUK, entered in the Central Register and Information on Business Activity of the Republic of Poland, with registered office and correspondence address: Truskawkowa 12, 55-080 Sadowice, Poland, VAT ID (NIP) 8251892827, e-mail: info@sea-alert.com — hereinafter referred to as the “Controller”, who is also the service provider of the Sea Alert Application.
Personal data in the Application are processed by the Controller in accordance with applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) — hereinafter “GDPR” or “the GDPR”. The official text of the GDPR: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679.
Use of the Sea Alert Application, including making purchases, is voluntary. Providing personal data in connection with such use is also voluntary, subject to two exceptions: (1) conclusion of a contract — failure to provide personal data where and to the extent indicated in the Sea Alert Application, the Sea Alert Application Terms of Use and this privacy policy, where such data are necessary to conclude a contract for use of the Application or particular Electronic Services (e.g. Account registration, activation of paid access to the Application, etc.), means the User cannot conclude the contract or use the Application services. In such cases, providing data is a contractual requirement; if the data subject wishes to use a given Electronic Service available in the Application, they must provide the required data. The scope of data required for specific Application services is each time indicated in advance in the Sea Alert Application and in the Sea Alert Application Terms of Use; (2) Controller’s statutory obligations — providing personal data is a statutory requirement under generally applicable law imposing an obligation on the Controller to process personal data (e.g. for accounting records), and failure to provide them will prevent the Controller from fulfilling those obligations.
The Controller takes special care to protect the interests of data subjects whose personal data it processes and, in particular, is responsible for ensuring that data collected are: (1) processed lawfully; (2) collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes; (3) adequate, relevant and limited to what is necessary; (4) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes of processing; and (5) processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures.
Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons, the Controller implements appropriate technical and organisational measures so that processing complies with the GDPR and can be demonstrated. Those measures are reviewed and updated where necessary. The Controller uses technical measures to prevent unauthorised acquisition or modification of personal data transmitted electronically.
Any words, phrases and acronyms used in this privacy policy with initial capitals (e.g. Electronic Service, User, Application) have the meanings given in the Sea Alert Application Terms of Use.
LEGAL BASES FOR PROCESSING
The Controller may process personal data where — and to the extent that — at least one of the following applies: (1) the data subject has given consent to the processing for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Controller is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Processing of personal data by the Controller always requires at least one of the bases set out in section 2.1 of this privacy policy. The specific legal bases for processing personal data of Sea Alert Application Users are indicated in the following section — in relation to each purpose of processing by the Controller.
PURPOSE, LEGAL BASIS AND RETENTION PERIOD IN THE APPLICATION
The specific purpose, legal basis, retention period and recipients of personal data processed by the Controller depend on the actions taken by each User in the Application.
The Controller may process personal data in the Application for the purposes, on the legal bases and for the retention periods indicated in the table below:
| Purpose of processing | Legal basis for processing | Retention period |
|---|---|---|
| Performance of a contract for use of the Application or another contract, or steps taken at the data subject’s request prior to entering into a contract | Article 6(1)(b) GDPR (contract) — processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract | Data are stored for as long as necessary to perform, terminate or otherwise end the contract. |
| Sending commercial information, including direct marketing, using telecommunications end devices (e.g. e-mail, telephone) or automated calling systems | Article 6(1)(f) GDPR (legitimate interests) — processing is necessary for purposes of the legitimate interests of the Controller, including direct marketing — maintaining the Controller’s interests and good reputation, its Application, and promoting the sale of access packages and services — for example where the data subject has given prior consent (e.g. when signing up for the Newsletter) to receive commercial information using telecommunications end devices such as e-mail or telephone, depending on the scope of consent given | Data are stored for the duration of the legitimate interest pursued by the Controller, but no longer than the limitation period for claims by the Controller against the data subject in connection with its business activity. Limitation periods are set by law, in particular the Civil Code (the general limitation period for business-related claims is three years). |
| Keeping tax records | Article 6(1)(c) GDPR in conjunction with Article 86(1) of the Polish Tax Ordinance of 17 January 2017 — processing is necessary for compliance with a legal obligation to which the Controller is subject | Data are stored for the period required by law for keeping tax records (until expiry of the tax liability limitation period unless tax laws provide otherwise). |
| Establishment, exercise or defence of legal claims that the Controller may bring or that may be brought against the Controller | Article 6(1)(f) GDPR (legitimate interests) — processing is necessary for the legitimate interests of the Controller relating to establishing, exercising or defending such claims | Data are stored for the duration of the legitimate interest pursued by the Controller, but no longer than the limitation period for claims that may be brought against the Controller (the general limitation period for claims against the Controller is six years). |
| Use of the Application and ensuring its proper operation | Article 6(1)(f) GDPR (legitimate interests) — processing is necessary for the legitimate interests of the Controller relating to operating and maintaining the Application | Data are stored for the duration of the legitimate interest pursued by the Controller, but no longer than the limitation period for claims by the Controller against the data subject in connection with its business activity. Limitation periods are set by law, in particular the Civil Code (the general limitation period for business-related claims is three years). |
| Statistics and analysis of traffic in the Application | Article 6(1)(f) GDPR (legitimate interests) — processing is necessary for the legitimate interests of the Controller relating to statistics and analysis of traffic in the Application to improve how it works | Data are stored for the duration of the legitimate interest pursued by the Controller, but no longer than the limitation period for claims by the Controller against the data subject in connection with its business activity. Limitation periods are set by law, in particular the Civil Code (the general limitation period for business-related claims is three years). |
RECIPIENTS OF DATA IN THE APPLICATION
For the Sea Alert Application to function properly, including provision of Electronic Services, the Controller uses external providers (such as software suppliers and payment processors). The Controller only uses processors who provide sufficient guarantees of appropriate technical and organisational measures so that processing meets GDPR requirements and protects the rights of data subjects.
Personal data may be transferred by the Controller to a third country; in such cases the Controller ensures that this is done in accordance with the GDPR, including with regard to countries ensuring an adequate level of protection, and for other countries on the basis of standard data protection clauses, and the data subject may obtain a copy of their data. Personal data collected are disclosed only when and to the extent necessary to fulfil a processing purpose consistent with this privacy policy.
Disclosure by the Controller does not occur in every case and not to all recipients or categories of recipients mentioned in this privacy policy — the Controller discloses data only when necessary for a given purpose of processing and only to the extent necessary.
Personal data of Sea Alert Application Users may be disclosed to the following recipients or categories of recipients:
entities processing electronic or card payments — where a User purchases paid features in the Application using electronic or card payments, the Controller shares the User’s personal data with the selected payment processor acting on the Controller’s behalf to the extent necessary to process the User’s payment.
accounting, legal and advisory service providers supporting the Controller (in particular an accounting office, law firm or debt collection agency) — the Controller shares the User’s personal data with the selected provider acting on its behalf only when and to the extent necessary to fulfil a processing purpose consistent with this privacy policy.
survey / review platform providers — where a User has agreed to submit a review of the Sea Alert Application, the Controller shares the User’s personal data with the selected provider of the review system acting on the Controller’s behalf, to the extent necessary to enable the User to submit a review through that system, in particular to send an invitation to the e-mail address provided by the User.
providers of technical, IT and organisational solutions enabling the Controller to operate and maintain the Application and provide Electronic Services (in particular hosting, e-mail, software for business management and technical support) — the Controller shares the User’s personal data with the selected provider acting on its behalf only when and to the extent necessary to fulfil a processing purpose consistent with this privacy policy.
PROFILING IN THE APPLICATION
The GDPR requires the Controller to inform data subjects about automated decision-making, including profiling within the meaning of Article 22(1) and (4) GDPR, and — at least in those cases — meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing. Accordingly, this section describes possible profiling.
The Controller may use profiling in the Application for direct marketing purposes, but decisions based solely on such profiling by the Controller do not concern entering into or refusing a contract or the possibility of using Electronic Services in the Application. Profiling may, for example, remind a person of incomplete actions in the Application, grant a discount, send an offer that may match their interests or preferences, or offer better conditions than the standard Application offer. Even where profiling is used, the person remains free to decide whether to use a discount or offer received in this way.
Profiling in the Application consists of automated analysis or prediction of a person’s behaviour in the Sea Alert Application, e.g. by analysing past activity or purchases. Such profiling requires the Controller to hold personal data about the person in order to send, for example, an offer or discount.
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
RIGHTS OF THE DATA SUBJECT
Right of access, rectification, restriction, erasure and data portability — the data subject has the right to obtain from the Controller access to, rectification or erasure (“right to be forgotten”) of personal data or restriction of processing, the right to object to processing, and the right to data portability. Detailed conditions for exercising these rights are set out in Articles 15–21 GDPR.
Right to withdraw consent at any time — where processing is based on consent (Article 6(1)(a) or Article 9(2)(a) GDPR), the data subject has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Right to lodge a complaint with a supervisory authority — the data subject has the right to lodge a complaint with a supervisory authority in the manner provided for in the GDPR and Polish law, in particular the Act on personal data protection. In Poland, the supervisory authority is the President of the Personal Data Protection Office (UODO).
Right to object — the data subject has the right to object at any time, on grounds relating to their particular situation, to processing of personal data based on Article 6(1)(e) (public interest or official authority) or (f) (legitimate interests), including profiling based on those provisions. The Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Right to object to direct marketing — where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.
To exercise the rights described in this section, you may contact the Controller by post or e-mail at the address indicated at the beginning of this privacy policy.
COOKIES AND ANALYTICS
Cookies are small text files sent by a server and stored on the device of a visitor to the Sea Alert.info website (e.g. on a computer hard drive, laptop or smartphone memory, depending on the device). Further information on cookies and their history can be found for example at https://en.wikipedia.org/wiki/HTTP_cookie.
Cookies that may be sent by the website can be divided into categories according to the following criteria:
By provider:
|
By storage period on the visitor’s device:
|
By purpose:
|
|---|
The Controller may process data contained in cookies when visitors use the site for the following specific purposes:
| remembering data from forms or surveys (strictly necessary and/or functional cookies) | |
|---|---|
| tailoring site content to user preferences (e.g. colours, font size, layout) and optimising use of the site (functional cookies) | |
| running anonymous statistics on how the site is used (analytics and performance cookies) | |
| displaying and rendering ads, limiting ad frequency, measuring ad effectiveness and ad personalisation, including analysing behaviour of visitors to the web version of the Application (e.g. repeat visits, keywords) to build profiles and deliver ads matched to likely interests, including when they visit other sites in the ad network of Google Ireland Ltd. (marketing, advertising and social cookies) |
To check which cookies are sent by the site, regardless of browser, tools such as https://www.cookiemetrix.pl or https://www.cookie-checker.com may be used.
Most browsers accept cookies by default. You can set how cookies are handled in your browser settings — you may restrict or disable storage of cookies; disabling cookies entirely may affect some Application features.
Browser cookie settings are relevant for consent to cookies — under applicable law, consent may also be expressed through browser settings. For information on changing cookie settings and deleting cookies in popular browsers, see your browser’s help pages and the following links:
Google Chrome
Mozilla Firefox
Opera
Safari
Microsoft Edge
The Controller may use Google Analytics, GA4 and Firebase Analytics provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). These services help the Controller run statistics, analyse traffic and monitor errors on the site. Data are processed under those services to produce statistics useful for administering the site, analysing traffic and improving quality and security for users. Data are aggregated. When using these services on the site, the Controller may collect information such as traffic sources and medium, on-site behaviour, device information, IP address, geographic data, and demographic data (age, gender) and interests.
Firebase may collect data such as which information categories are read most often, which Application features are used most, time spent in the Application, and how many Users are active in a given period. Firebase does not enable identification of individual Users. Firebase also collects information about possible Application errors so the Controller can optimise the Application. More information: https://firebase.google.com/support/privacy.
Where the Controller uses analytics and advertising services from Google Ireland Ltd. on the site, full information on how Google Ireland Ltd. processes data of visitors to the Application (including data stored in cookies) is available in Google’s policies at https://policies.google.com/technologies/partner-sites.
FINAL PROVISIONS
The Application may contain links to other websites or applications. The Controller encourages you to read the privacy policies of those sites when you leave the Application. This privacy policy applies only to the Controller’s Application.