Mapstic.com service privacy policy

This Privacy Policy (‘Policy’) provides information regarding the processing of your personal data in relation to your use of the ‘MAPSTIC’ service, accessible at the internet address https://mapstic.com/en/ (‘Service’).

All terms written in capital letters, which are not otherwise defined in this Policy, have the meanings ascribed to them in the Terms and Conditions available at: https://mapstic.com/en/terms-and-conditions/.

Data Controller

The administrator of your personal data is MBRIDGE Spółka z ograniczoną odpowiedzialnością, based in Warsaw at ul. Bukowińska 22B, 02-703 Warsaw. The company is registered in the entrepreneurs’ register maintained by the District Court for the capital city of Warsaw, XIII Economic Division of the National Court Register under KRS number 0000620984, REGON 36437128900000, NIP 5213734384. MBRIDGE has a share capital of 6,000.00 PLN (six thousand Polish zlotys), fully paid up (hereinafter referred to as the ‘Administrator’).

Contact with the Data Controller

For all matters related to the processing of personal data, you can contact the Data Controller via email at: kontakt@mapstic.com.

Personal Data Protection Measures

The Administrator implements modern organizational and technical safeguards to ensure the best possible protection of your personal data and guarantees that it processes them in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or ‘GDPR’), the Act of 10 May 2018 on the protection of personal data, and other regulations concerning personal data protection.

Information about Processed Personal Data

Using the Service requires the processing of your personal data. Below, you will find detailed information about the purposes and legal bases of the processing, as well as the processing period and whether providing this information is mandatory or voluntary.

Purpose of Processing Processed Personal Data Legal Basis
Conclusion and Execution of the Free Basic Service Provision Agreement
  1. Email address
  2. Password
  3. Other data and content contained in the Service Recipient’s Account
 Article 6(1)(b) of the GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract)
Providing the aforementioned personal data is a prerequisite for entering into and fulfilling a no-cost Service Provision Agreement (their provision is voluntary, but not providing them will result in the inability to enter into and fulfill a no-cost Service Provision Agreement for the basic service). The administrator will process the aforementioned personal data until the expiration of claims arising from the Basic Service Provision Agreement.
Purpose of Processing Processed Personal Data Legal Basis
The conclusion and fulfillment of the paid agreement for the provision of the Pro Service.
  1. First name and last name
  2. Company name
  3. Email address
  4. Phone number
  5. Business address/registered office (street, house number, apartment number, city, postal code, country)
  6. Tax identification number (NIP)
 Article 6(1)(b) of the GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract)
Providing the aforementioned personal data is a requirement for entering into and fulfilling a paid Agreement for the provision of the Pro Service (its provision is voluntary, but not providing it will result in the inability to enter into and fulfill a paid Agreement for the provision of the Pro Service). The administrator will process the aforementioned personal data until the expiration of claims arising from the Pro Service Provision Agreement.
Purpose of Processing Processed Personal Data Legal Basis
The conclusion and execution of the Newsletter Delivery Agreement Email address Article 6(1)(b) of the GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract) and Article 6(1)(f) of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller, including informing about news and promotions available on the Service)
Providing the aforementioned personal data is voluntary but necessary to receive the Newsletter; failure to provide them will result in the inability to receive the Newsletter or digital content. The administrator will process the aforementioned personal data until an effective objection is raised or until the purpose of processing is achieved, or until the expiration of claims arising from the Newsletter Delivery Agreement, whichever occurs first.
Purpose of Processing Processed Personal Data Legal Basis
Handling a complaint procedure
  1. First name and last name
  2. Email address
 For Entrepreneurs: Article 6(1)(b) of the GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, including fulfilling the obligation to provide the Service according to the relevant Agreement and handling complaints submitted by the Entrepreneur). For Entrepreneurs with Consumer Rights: Article 6(1)(c) of the GDPR (processing is necessary for compliance with a legal obligation incumbent on the Administrator, including obligations: responding to complaints – Article 7a of the Consumer Rights Act; fulfilling the rights of the Service Recipient arising from the provisions on Administrator’s liability in case of non-conformity of the Service with the relevant Agreement).
Providing the above-mentioned personal data is necessary to receive a response to a complaint or to fulfill the rights of the Service Recipient arising from the provisions on Administrator’s liability (providing them is voluntary, but not doing so will result in the inability to receive a response to the complaint and to fulfill the aforementioned rights). The administrator will process the above-mentioned personal data as follows: - For Entrepreneurs, until the expiry of claims arising from the Agreement. - For Entrepreneurs with Consumer Rights, throughout the duration of the complaint procedure, and in the event of exercising the Service Recipient’s aforementioned rights, until their expiry.
Purpose of Processing Processed Personal Data Legal Basis
Handling inquiries from Service Recipients, who are users of the Service (including those submitted via email or through provided forms)
  1. Name
  2. Email address
  3. Other data included in the message to the Administrator
 Article 6(1)(f) of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller, in this case responding to the received inquiry)
While providing the aforementioned personal data is voluntary, it is necessary in order to receive a response to the inquiry (failure to provide it will result in not receiving a response). The administrator will process the aforementioned personal data until an effective objection is raised or the processing purpose is achieved, whichever occurs first.
Purpose of Processing Processed Personal Data Legal Basis
Sending email notifications Email address Article 6(1)(f) of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller, including informing Service Recipients about actions related to the performance of agreements concluded with Service Recipients)
Providing the above-mentioned personal data is voluntary but necessary to receive information about actions related to the performance of agreements concluded with Service Recipients. Failure to provide this data will result in the inability to receive the aforementioned information. The administrator will process the aforementioned personal data until an effective objection is raised or the processing purpose is achieved, whichever occurs first.
Purpose of Processing Processed Personal Data Legal Basis
Fulfilling tax obligations (including issuing VAT invoices, maintaining accounting documentation)
  1. First and last name/company name
  2. Business address/registered office
  3. Tax Identification Number (NIP)
 Article 6(1)(c) of the GDPR (processing is necessary for compliance with a legal obligation to which the controller is subject, in this case obligations arising from tax law)
Providing the above-mentioned personal data is voluntary but necessary for the Administrator to fulfill its tax obligations. Failure to provide them will result in the Administrator being unable to meet these obligations. The Administrator will process the above-mentioned personal data for a period of 5 years from the end of the year in which the deadline for tax payment for the previous year expired.
Purpose of Processing Processed Personal Data Legal Basis
Fulfilling obligations related to personal data protection
  1. First and last name
  2. Contact details provided by you (email address; mailing address; phone number)
 Article 6(1)(c) of the GDPR (processing is necessary for compliance with a legal obligation to which the controller is subject, in this case obligations arising from data protection laws)
Providing the aforementioned personal data is voluntary but essential for the Administrator to properly fulfill obligations under data protection laws, including exercising the rights granted to you by the GDPR. Failure to provide this data will result in the inability to properly exercise these rights. The administrator will process the aforementioned personal data until the statute of limitations for claims arising from violations of personal data protection regulations has expired.
Purpose of Processing Processed Personal Data Legal Basis
Establishing, investigating, or defending against claims
  1. First and last name/company name
  2. Email address
  3. Residential/business address
  4. PESEL number (Polish personal identification number)
  5. Tax Identification Number (NIP)
 Article 6(1)(f) of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller, including establishing, exercising, or defending legal claims arising from contracts concluded with the controller)
Providing the aforementioned personal data is voluntary but necessary for establishing, exercising, or defending legal claims that may arise in connection with the performance of contracts concluded with the Administrator. Failure to provide this data will prevent the Administrator from taking these actions. The administrator will process the aforementioned personal data until the statute of limitations expires for claims that may arise in connection with the performance of contracts concluded with the Administrator.
Purpose of Processing Processed Personal Data Legal Basis
Analysis of your activity on the Service
  1. Date and time of visit
  2. Device IP number
  3. Type of operating system
  4. Approximate location
  5. Type of web browser
  6. Time spent on the Service
  7. Visited subpages and other activities within the Service
 Article 6(1)(f) of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the Controller, in this case, obtaining information about your activity on the Service)
Providing the above-mentioned personal data is voluntary but necessary for the Administrator to obtain information about your activity on the Service. Failure to provide this data will result in the Administrator being unable to obtain the aforementioned information. The Administrator will process the above-mentioned personal data until an effective objection is raised or the purpose of processing is achieved, whichever comes first.
Purpose of Processing Processed Personal Data Legal Basis
Administering the Service
  1. IP address
  2. Server date and time
  3. Information about the web browser
  4. Information about the operating system

The above data are automatically recorded in the so-called server logs each time the Service is used (administering it without using server logs and automatic recording would be impossible).

 Article 6(1)(f) of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the Controller, in this case, ensuring the proper functioning of the Service)
Providing the above-mentioned personal data is voluntary but necessary to ensure the proper functioning of the Service. Failure to provide this data will result in the inability to ensure the Service functions correctly. The Administrator will process the above-mentioned personal data until either an effective objection is raised or the purpose of processing is achieved.

Profiling

To create your profile for marketing purposes and send you personalized direct marketing, the Administrator will process your personal data in an automated manner, including profiling. However, this will not result in any legal effects concerning you or significantly affect your situation in a similar manner.

The scope of the profiled personal data corresponds to the scope indicated above for analyzing your activity on the Service and the data you save in your Account.

The legal basis for processing personal data for the above purpose is Article 6(1)(f) of the GDPR, which allows the Administrator to process personal data for the purpose of pursuing its legitimate interests, including conducting marketing activities tailored to recipients’ preferences. Providing the aforementioned personal data is voluntary but necessary for achieving the stated purpose; failure to provide them will result in the Administrator’s inability to conduct marketing activities tailored to recipients’ preferences.

The Administrator will process personal data for profiling purposes until an effective objection is raised or the processing goal is achieved.

Recipients of Personal Data

The recipients of personal data will include the following external entities cooperating with the Administrator:

  1. Hosting company;
  2. Domain provider;
  3. Email service provider;
  4. Newsletter service provider;
  5. Companies providing tools for analyzing activity on the Service and directing direct marketing to its users (e.g., Google Analytics);
  6. Accounting service provider.

Additionally, personal data may be transferred to public or private entities if such an obligation arises from generally applicable laws, a final court judgment, or a final administrative decision.

Transfer of Personal Data to a Third Country

Due to the Administrator’s use of services provided by Google LLC, your personal data may be transferred to the following third countries: the United Kingdom, Canada, the USA, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia, and Australia. The basis for the transfer of data to these third countries is as follows:

  • In the case of the United Kingdom, Canada, Israel, Japan, and South Korea, the European Commission has issued decisions recognizing an adequate level of data protection in each of these third countries.
  • In the case of the USA, Commission Implementing Decision (EU) 2023/1795 of 10 July 2023, pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, recognizes the adequate level of protection provided under the EU-US Data Privacy Framework;
  • In the case of Chile, Brazil, Saudi Arabia, Qatar, India, China, Singapore, Taiwan (Republic of China), Indonesia, and Australia, contractual clauses ensure an adequate level of protection, in accordance with the standard contractual clauses set out in Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.

You can obtain a copy of the data transferred to a third country from the Administrator.

Rights

In connection with the processing of personal data, you have the following rights:

  1. The right to information about which of your personal data is being processed by the Administrator and to receive a copy of this data (the so-called right of access). The first copy of the data is free of charge, but the Administrator may charge a fee for subsequent copies.
  2. If the processed data becomes outdated, incomplete, or otherwise incorrect, you have the right to request its rectification.
  3. In certain situations, you may request the Administrator to delete your personal data, for example, when:
    1. The data is no longer needed by the Administrator for the purposes for which it was collected;
    2. You have effectively withdrawn your consent for data processing, provided that the Administrator has no other legal basis for processing the data;
    3. The processing is unlawful;
    4. The necessity to delete the data arises from a legal obligation imposed on the Administrator.
  4. If personal data is processed by the Administrator based on your consent or for the performance of a contract with the Administrator, you have the right to transfer your data to another controller.
  5. If personal data is processed by the Administrator based on your consent, you have the right to withdraw this consent at any time (withdrawal of consent does not affect the lawfulness of processing that occurred based on consent before its withdrawal).
  6. If you believe that the processed personal data is incorrect, the processing is unlawful, or the Administrator no longer needs certain data, you can request that the Administrator refrain from performing any operations on the data, except for storing it, for a specified necessary period (e.g., to verify the correctness of the data or to pursue claims).
  7. You have the right to object to the processing of personal data based on the Administrator’s legitimate interests. If the objection is upheld, the Administrator will cease processing the personal data for this purpose.
  8. You have the right to file a complaint with the President of the Personal Data Protection Office if you believe that the processing of your personal data violates the provisions of the GDPR.

Cookies

  1. The Administrator informs you that the Service uses “cookies,” which are installed on your terminal device. These are small text files that can be read by the Administrator’s system, as well as by systems belonging to other entities whose services the Administrator uses (e.g., Google).
  2. The Administrator uses cookies for the following purposes:
    1. Ensuring the proper functioning of the Service – cookies allow the Service to operate efficiently, enable the use of its features, and facilitate convenient navigation between different subpages;
    2. Enhancing the user experience– cookies make it possible to detect errors on certain subpages and continually improve them;
    3. Creating statistics– cookies are used to analyze how users utilize the Service, allowing for the continuous improvement of the Service and its adaptation to user preferences;
    4. Conducting marketing activities– cookies enable the Administrator to direct advertisements to users that are tailored to their preferences.
  3. The Administrator may place both persistent and temporary (session) cookies on your device. Session cookies are usually deleted when you close your browser, whereas persistent cookies are not deleted when the browser is closed.
  4. Information about the cookies used by the Administrator is displayed in a panel that appears in the central part of the Service’s website. Depending on your preference, you can enable or disable cookies of specific categories (except for necessary cookies) and change these settings at any time. The option to return to the cookie settings is available at the bottom left of the Service’s website.
  5. The data collected through cookies does not enable the Administrator to identify you.
  6. The Administrator uses the following cookies or tools that utilize cookies:
    7. TYPE TOOL PROVIDER FUNCTIONS AND SCOPE OF DATA COLLECTION OPERATION PERIOD
    Necessary cookies (enable the use of basic website functions, such as user login and account management. Without necessary cookies, the website cannot function properly.) CookieScriptConsent CookieScript This cookie is used by the Cookie-Script.com service to remember the user's cookie consent preferences. It is necessary for the Cookie-Script.com cookie banner to function properly. 1 month or until it is deleted
    Necessary cookies (enable the use of basic website functions such as user login and account management. Without necessary cookies, the website cannot function properly) csrftoken Administrator This cookie is associated with the Django platform for the Python programming language. Its purpose is to help protect the website from a specific type of software attack targeting web forms. 12 months 4 days or until they are deleted
    Performance cookies (collect information about how visitors use the site, such as analytics cookies. These cookies cannot be used to directly identify individual users) mtc_id Administrator This cookie is used to track user behaviors and interactions to enhance website performance and user experience. Session or until they are deleted
    Performance cookies (collect information about how visitors use the site, such as analytics cookies. These cookies cannot be used to directly identify specific users) mautic_referer_id Administrator This cookie is used to track the website from which the visitor came, enabling the website to more accurately understand user behavior and traffic sources. 30 minutes or until they are deleted
    Performance cookies (collect information about how visitors use the site, such as analytics cookies. These cookies cannot be used to directly identify specific users) _ga Google LLC This cookie name is associated with Google Universal Analytics, which is a significant update to Google's widely used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in every page request on a site and is used to calculate visitor, session, and campaign data for the site's analytics reports. 13 months or until they are deleted
    Performance cookies (collect information about how visitors use the site, such as analytics cookies. These cookies cannot be used to directly identify specific users) _ga_PSG7CNZBE0 […] This cookie is used by Google Analytics to maintain session status. 13 months or until they are deleted
    Functional cookies (are used to save the settings of users visiting the website, such as language, time zone, and content layout) mautic_device_id Administrator This cookie is used to identify the visitor's device and behavior. It tracks user interactions and preferences on the website to enhance the user experience and for tracking purposes. 12 months or until they are deleted
  1. Through most commonly used browsers, you can check whether cookies have been installed on your terminal device, as well as remove installed cookies and block their future installation by the Service. However, disabling or restricting cookies may cause significant difficulties in using the Service, such as the need to log in on each subpage, longer loading times, and limitations in using certain functionalities.

Final Provisions

In matters not regulated by this Policy, generally applicable data protection laws shall apply.

This Policy is effective as of June 13, 2024.