Privacy Policy

Some of your privacy explained

§

Privacy

Privacy Policy constitutes an annex to the Terms of Service. The terms written with initial capital letters shall be understood in a way indicated in the Terms of Service. Exitbar respects personal data of the Users and fulfills conditions deriving from the Law, especially from the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Exitbar ensures that its workers and subcontractors were given training in protection of personal data.

For what purpose does Exitbar process personal data?

Personal data provided within the Platform and during contacts with Exitbar are used only to provide services specified in the Terms of Service and ordered by the User, as well as to contact with Exitbar at the request of the User.

Who has access to the personal data of the User?

The controller of personal data provided during registration of the account on the Platform, sending inquiries and on the occasion of competitions and promotions organized by Exitbar is:
Digital Industries sp. z o. o.,
address ul. Dwernickiego 6 lok. 4,
31-530 Kraków,
Poland
VAT: PL 6751633275
KRS: 0000713650

The rights of the User

The User has the right to request from the controller access to personal data concerning him or her and to obtain information about the purposes of its processing, categories of data processed, recipients of data, storage period of data (if it is impossible to indicate the period, the User has the right to information about the criteria used to determine this period).
The User has also the right to rectify personal data if they are incorrect and the right to request supplementing incomplete personal data.
The User has the right to request the erasure of personal data without undue delay if:
1) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
2) a consent to the processing of personal data has been effectively withdrawn;
3) the User objects to the processing of personal data for marketing purposes;
4) the User objects to the processing (also by profiling) of personal data, based on the legally legitimate
interest pursued by Exitbar or by the third party, unless there are valid, legally justified grounds for
processing of the User's personal data that override the interests, rights and freedoms of the User, or
there are grounds for establishing, investigating or defending claims.

The User has the right to request restriction of processing of personal data when:
1) the User contests the accuracy of the personal data - for a period enabling the controller to verify the
accuracy of the personal data;
2) the processing is, according to the User, unlawful and the User opposes the erasure of the personal data
and requests the restriction of their use instead;
3) the controller no longer needs the personal data for the purposes of the processing, but they are required
by the User for the establishment, exercise or defense of legal claims;
4) the User has objected to processing (pursuant to Article 21 paragraph 1) pending the verification
whether the legitimate grounds of the controller override those of the User.
If the User requests restriction of processing of personal data, Exitbar will refrain from processing them without
the consent of the User, except for storing them or processing them in order to establish, exercise or defend
claims, protect the rights of another natural or legal person, or due to important reasons of public interest of the
Union or a Member State. The User will be informed about this before the restriction of processing is lifted.
The User has the right to object in case of processing of the personal data for the purposes of direct marketing,
including profiling, to the extent that it is related to such direct marketing. After submitting the objection,
Exitbar will refrain from processing the personal data of the User for direct marketing purposes (including
profiling). The User has the right to submit objections by automated means using technical specifications.
The User has the right to receive in a structured, commonly used and machine-readable format, the personal data
that the User has provided to Exitbar, as well as the right to transfer his or her personal data to another controller
without interference on Exitbar's part, if:
1) processing takes place on the basis of the User’s consent or a contract, which performance needs
processing of data; and
2) the processing is carried out by automated means.
Exitbar is obliged to send the User's data directly to another controller (if it is technically possible) at the User's
request.
The User has the right to withdraw the consent to the processing of personal data at any time, but the withdrawal
does not affect the lawfulness of processing based on consent before its withdrawal.
With regard to the processing of the personal data, the User has the right to lodge a complaint to the President of
the office for the protection of personal data.

What personal data does Exitbar collect?

In order to create and maintain an account of the User, the following data are collected:

  • To create a User account:
    • an email address;
    • name, surname, country;
    • address for the invoicing purposes and tax id;
  • Data provided during contacts with Exitbar (most often first and last name, e-mail address, telephone number);
The User's personal data are collected and processed on the basis of the Terms of Service and within the range provided by the User during the creation of the account.

How long are the personal data stored?

Exitbar stores personal data from the moment when the User registers the account or when the User starts using other Services until he or she stops using them. After sending an e-mail requesting to delete an Account or to cease providing other Services, the permanent removal of data from servers belonging to Exitbar may last up to 7 business days.

Exceeding the time limit indicated in the previous sentence is permitted only for the purpose of Exitbar's performance of obligations arising from the law, e.g. for accounting purposes in relation to Users who have used paid services and in order to defend Exitbar's interests related to, for example, complaints.

Who does Exitbar transfer personal data to?

Exitbar transfers the personal data of the Users only to companies which provide Services that enable proper operation of the Platform:

  • Zoho – used to send and receive emails from the User.
  • XXX platform’s servers hosting operator: collects e-mail addresses provided by the Users during the registration process of the User's account.
  • MailChimp: The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA: collects e-mail addresses provided by the Users during the registration process;
  • Mailgun Technologies, Inc. 548 Market St. #43099, San Francisco, CA 94104: used to send transaction emails and notifications.
  • Tawk.to: https://www.tawk.to: used to provide chat for the Users.
Exitbar informs that the data provided during the registration of the API User’s account is transferred to a third country - the United States of America. This is caused by the fact that servers belonging to Mailgun and MailChimp are located in the United States of America. Mailgun and he MailChimp system ensure the confidentiality of data transferred to the territory of the United States of America

In addition, the following programs are used within the Platform: • Fabric, Firebase and Google Analytics by Google LLC; address: Mountain View, California, USA: collects data about the User's device (such as the hardware model, operating system version and unique device ID, as well as information about the mobile network, including the telephone number), location information, unique application number, of which some data, including personal data, are stored in the cache of the User's device or application - the so-called Cookies. • Facebook, Inc. 1 Hacker Way (9,606.83 km), 94025 Menlo Park, California, USA collects data such as app name, app version, the device opt-out setting, the user agent string and the client IP address. It also collects the following device related metrics: time zone, device OS, device model, carrier, screen size, processor cores, total disk space, remaining disk space, used to monitor conversions and custom audiences from the website and from the mobile application;s

Cookies and server logs

In order to facilitate the use of the Platform and to monitor its use, the management mechanism uses a technology called Cookies – data saved by the Platform’s server, a hosting operator XXX on the user's computer or mobile device. The Platform uses three types of Cookies:

  • Session cookies – temporary files, saved on the User’s device until he or she signs out, leaves the website or shut downs the browser;
  • Permanent cookies – saved on the User’s device for the time specified in its parameters or until its deletion by the User;
  • Local storage- stored on the User's device for a definite or indefinite period or until its deletion by the User.
The Cookies are not used to collect any personal data about the users visiting the Platform. The User may at any time disable the option of accepting cookies in the settings of his web browser, however, that might cause malfunctions in the functioning of the Platform. The links to guides concerning disabling the option of accepting cookies in the most popular browsers are presented below:
  • Chrome
  • Firefox
  • Safari
  • Microsoft Edge
The cookies are used in order to:
  • create statistics helping to understand the use of the Platform so as to improve its content;
  • maintain the User’s session, thanks to which signing in every time is not required;
  • personalize the commercials;
  • generate statistics that help in administering the Platform and improve the quality of services offered. These summaries are consolidated and do not contain data identifying visitors of the Platform. These data are not disclosed to other persons and entities.
Collected server logs, containing, among others the User's IP address, time of arrival of the request, the first line of the http request, the http response code, number of bytes sent by the server, information about the user's browser, information about errors that occurred during the HTTP transaction, information about the type of devices are stored indefinitely.