This Privacy Policy sets out the rules for the collection, processing and use of personal data obtained from you via the website www.gotacho.com  (hereinafter referred to as the “Website” or “Site”) by GOTACHO SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, taking into account applicable regulations, in particular the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR). We are committed to respecting your privacy and protecting the information you provide to us when you use the Site.

The Controller of your personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) is GOTACHO SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Poznań (60-288)), at 15/1 Promienista Street, entered into the register of entrepreneurs maintained by the District Court Poznań - Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under the KRS number: 0001177082, Tax Identification Number (NIP): 7792589531, National Business Registry Number (REGON): 541928080 (hereinafter referred to as “we”).

You can contact us by mail at the address indicated above or via the contact form available on our website www.gotacho.com  under “Contact”.

Each time you use the Website, you send a query to our server. Individual queries are saved and stored in server logs. The data contained in the logs includes: your IP address, the time of the query, the time of the response, and information about the user’s browser and operating system. This data is not associated with specific individuals using our Website, nor is it used to identify users in any way; it is used only for server administration purposes. The server logs are stored for 12 months.

The legal basis for this processing is our legitimate interest in handling your enquiry and providing an answer [Article 6 (1) (f) GDPR] or, where applicable, our legal obligation [Article 6 (1) (c) GDPR] if your enquiry concerns matters regulated by law which obliges us to process your personal data.

Providing data is voluntary, but to some extent necessary to use the form.

We will retain your data for the duration of the correspondence regarding the matter you contacted us about, taking into account, where applicable, the statute of limitations for claims that may be brought against us and that we may have against you, as well as applicable legal provisions. If a business relationship is established, your data will be processed for purposes related to the performance of the contract, of which you will be informed in detail at the initiation of cooperation.

You can create a Customer Account on our Website to use the GoTacho App and the Services offered within it. For transparency, we have included information on the processing of personal data in connection with creating a Customer Account and Users’ use of the App in separate documents:

Cookies are small text files sent by the Website and stored on your end device, containing certain information relating to your use of the Website that we access.

Cookies are used, among other things, to make it possible to visit our Website, to display it correctly and enable the use of all its functions, and to protect our Website against abuse and spam.

More detailed information about the individual tools used on our Website can be found later in the Privacy Policy.

Our Website may contain links to other websites or applications, including those of our business partners. Please note that third-party websites may also use cookies or similar technologies. When clicking on a link or application, please be aware that each website has its own cookie policy. We recommend that you review their privacy policies before using other websites or applications.

Depending on the storage period on the end device, the cookies we use can be divided into:

We may use the following types of cookies:

A detailed and up-to-date list of cookies used by the Website can be found in the tool enabling you to manage your consent to the installation of individual types of cookies, the link to which can be found under the paper clip icon in the lower left corner of our Website.

In many cases, web browsing software allows cookies to be stored on your device by default, giving you the ability to manage and/or delete cookies according to your preferences.

The link to the tool used on the Website, which allows you to manage your preferences regarding the installation of cookies, can be found under the paper clip icon in the lower left corner of our Website.

Consent to the installation of cookies (those that are not necessary for the operation of the website - e.g. analytical or marketing) and, where applicable, the related processing of your data is voluntary and does not affect the ability to use the Website.

To delete cookies stored on your computer, please follow the instructions provided by your browser provider on the help page for managing cookies in their products.

Detailed information on the durability of individual cookies is provided in the tool used on the Website, which allows you to manage preferences and consents regarding the use of cookies.

We use the hCaptcha service on our Website to combat spam and abuse. hCaptcha is used to check whether user actions on our Website meet our security requirements. To do this, hCaptcha analyzes the behavior of Website visitors based on various characteristics. This analysis begins automatically as soon as the visitor enters a section of the Website with hCaptcha enabled. For analysis purposes, hCaptcha evaluates various information (IP address – used for geolocation and traffic analysis; browser type and version and operating system – data from User-Agent headers; data about interactions with CAPTCHA – e.g., mouse movements, time spent solving a task, clicks; cookies or local browser data, e.g., localStorage – may be used for behavioral analysis; anonymized data about the page on which the CAPTCHA is running – e.g., URL, domain, page code; unique device or session identifiers – generated, for example, by browser fingerprinting). The data is then immediately anonymized by the service provider.

The legal basis for this processing is our legitimate interest in protecting our Website against abuse and spam [Article 6 (1) (f) GDPR].

The Service is provided by Intuition Machines, Inc., based in the USA.

Due to the use of hCaptcha, data may be transferred outside the EEA. The legal basis for this data transfer is the European Commission’s decision of July 10, 2023, to ensure an adequate level of personal data protection through Intuition Machines, Inc.’s participation in the EU-US Data Protection Framework. Where applicable, the European Commission’s Standard Contractual Clauses will also apply. You can find a copy of these clauses HERE.

AIn order to legally enable Users of our Website to consent to the installation of certain cookies and, where applicable, the related processing and sharing of personal data, we use the Cookiebot CMP platform.

User consent is recorded and documented by logging the user’s anonymous IP address, browser user agent, website URL, date and time of consent, and a unique, encrypted key. Consent is automatically deleted from the log after 12 months.

The legal basis for this data processing is our legitimate interest in implementing the accountability principle resulting from the provisions of the GDPR [Article 6 (1) (f) GDPR].

In addition, we collect anonymized statistical data regarding the number of visits to the Website.

We do not collect special categories of personal data (including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, sex life or sexual orientation) on the Website. We also do not collect any information relating to criminal convictions or offences.

Our Site is not intended for use by children, and we do not knowingly collect information from children.

The information you provide to us when interacting with our social media profiles (e.g., Facebook, LinkedIn, YouTube) may include your name/nickname, photo, and other information you provide in messages or comments.

We generally do not combine this information with information you have provided to us in other ways (e.g., by email) unless circumstances indicate otherwise (e.g., if you send us a private message on Facebook in which you provide your email address and ask us to contact you, or if you tag us or create posts with us).

As part of operating our profiles on social media platforms operated by Meta (Facebook), Meta Platforms Ireland Limited provides us with aggregated statistics that help us better understand the types of activities Users engage with on our profile (“Page Insights”).
For more information about the data processed by Facebook Page Insights, click HERE.

Meta Platforms Ireland Limited and we act as joint controllers in connection with data processing for Page Insights. Full information on the joint controllers’ obligations in connection with data processing for Page Insights can be found HERE.
Other social media providers may also provide us with aggregate statistics about activity on our social media profiles.

In connection with your interaction with our social media profiles, your data will be processed by us on the basis of Article 6 (1) (f) of the GDPR for the purpose of responding to comments, messages and reviews posted on our social media profiles, where applicable, maintaining relationships, managing the content published on our profiles, conducting research and analysis on the effectiveness of our communications, and for statistical purposes.

Personal data related to the User’s activity on our social media profiles will be stored until they are deleted or restricted, which the User can do independently using the social media provider’s internal systems.

In addition to the situations indicated above, we may process the personal data of Website Users (if applicable) also for the following purposes:

If you have registered a Customer Account through our Website or have been invited to use an Account Corporate Client – please read the dedicated information on data processing:

We make every effort to secure your data and protect it from third party activities. We employ all necessary security measures for servers, connections, and the Website. In particular, communication between your computer and our server, when we collect your personal data, is encrypted using the SSL (Secure Socket Layer) protocol. Our databases are protected from third-party access. All connections related to your electronic payments will be made via a secure, encrypted connection, taking into account additional security measures implemented by payment processors. When using subcontractors, we carefully verify their credibility and the security measures they employ to protect the data of our Website’s users.

Where appropriate, we may transfer data to:

The above sections of the Policy generally indicate the retention periods for personal data, where applicable, or the criteria for determining them. General information on the principles for determining retention periods can be found below.

We are entitled to process personal data that we process based on your consent until you withdraw your consent or until the processing of your personal data is no longer necessary to achieve the purpose for which the data is processed, or until the given processing purpose is achieved and completed, whichever occurs first.

We will process data that we process based on our legitimate interest until you object (unless we can demonstrate that our interests override your interests or fundamental rights and freedoms or grounds for establishing, pursuing or defending claims), or until the processing of your personal data is no longer necessary to achieve the purpose for which the data is processed, or until the given processing purpose has been achieved and completed, whichever comes first.

We will store the data we process to fulfill our obligations under the law for the period specified in those provisions.

In connection with the processing of your personal data, you have the following rights, within the limits set by law and where applicable:

You can exercise some of the above rights yourself:

You can exercise your other rights by sending a message using the contact form available on our website https://gotacho.com/pl#contact  under the heading “Contact”.

We will make every effort to promptly process your request and answer your questions regarding the processing of your personal data. We will respond no later than 30 days from the date we receive your request. If this deadline should be extended, in appropriate cases due to the complex nature of the request or the number of requests we receive, we will inform you of the extension and provide the reasons for the extension.

If there are reasonable doubts as to the identity of the person submitting the request, we may request additional information necessary to confirm the identity of the person submitting the request. Providing such information is not mandatory, but failure to provide it will result in the request being refused.

We retain information regarding received reports to demonstrate compliance in accordance with the principle of accountability referred to in the GDPR, and to establish, defend, and pursue claims based on our legitimate interest – Article 6(1)(f) of the GDPR – for a period of 5 years from the date the report is processed (i.e., providing a response or terminating further correspondence). This period may be extended in the event of: ongoing court, administrative, or audit proceedings, or if necessary to protect against potential claims or pursue claims. In such cases, data is retained until the proceedings are finally concluded or the claims expire.

Our Website servers are located in the EEA. However, data may be transferred outside the EEA in connection with:

Our goal is to ensure the highest possible protection of your data. Developments in technology and our services mean that this Privacy Policy may change from time to time. The latest version of the Privacy Policy is always available on our website.