This document describes how we collect, use and protect personal data of Users of Private Accounts in the GoTacho Application (hereinafter referred to as the “User”, “You”, “Customer”) in connection with the use of the GoTacho Application and the Services offered as part of the use of the Application under the Terms of Use of the GoTacho Application (“Agreement” or “Terms of Use”).

We are the controller of the data we process for our own purposes, as detailed below.

The issues of personal data processing in connection with visiting our website and using the functionalities offered therein are described in detail in the Privacy Policy for the website www.gotacho.com  (hereinafter referred to as the “Website”).

All capitalized terms used in this document and not otherwise defined herein shall have the meaning given to them in the Regulations.

The Controller of your personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) is GOTACHO SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Poznań (60-288), at 15/1 Promienista Street, entered into the register of entrepreneurs maintained by the Sąd Rejonowy Poznań - Nowe Miasto i Wilda w Poznaniu, 8th Commercial Division of the National Court Register under the KRS number: 0001177082, Tax Identification Number (NIP): 7792589531, National Business Registry Number (REGON): 541928080 (hereinafter referred to as “we”).

You can contact us by mail at the address indicated above or via the contact form available on our website www.gotacho.com  under “Contact”.

To register an Account, it is necessary to indicate:

The data in question are processed by us for the purpose of concluding and implementing the contract for the maintenance of a Private Account pursuant to Article 6 (1) (b) of the GDPR.

In addition, the Customer’s personal data will be processed, where appropriate, for the following purposes:

We will store the data in question for the duration of the Agreement, taking into account, where applicable, the limitation period for claims that may be brought against us and that we may have against you, as well as any legal obligations we may have regarding the storage of personal data.

Providing the data referred to in this section is voluntary but necessary for the conclusion and implementation of the Agreement.

If you have consented to receiving commercial information, your email address will be processed for this purpose based on your consent [Article 6, Section 1, Letter a of the GDPR]—until you withdraw it or we cease conducting such marketing activities. You can withdraw your consent at any time—from your Customer Account or by clicking the unsubscribe link in every commercial message we send. Consent to receive commercial information at the provided email address and the related processing of personal data is voluntary and does not affect your ability to use the Application’s functionality.

To redeem GoTachoCoin, it is necessary to indicate:

The purposes and legal basis for processing the Customer’s personal data and the data storage period will remain unchanged from what is indicated in section 2.1 above.

Providing the data referred to in this section is voluntary but necessary for the conclusion and implementation of the Service Agreement in the Subscription or Top-up model.

If you purchase the Services, we will, where appropriate, process your data and data related to your use of the Services also for the following purposes:

The Customer may delete the Account in the manner specified in the Terms and Conditions, which does not affect our ability to store personal data associated with the Account for the proper settlement of the Services [Article 6 (1)(f) of the GDPR], and, where applicable, in connection with the performance of our obligations under applicable law [Article 6 (1)(c) of the GDPR] and for the establishment, protection and pursuit of claims - based on our legitimate interest [Article 6 (1)(f) of the GDPR].

The App allows you to upload files to the App, add documents, add data, generate reports, and send and manage notifications, among other things. We process this data based on the Agreement concluded with the Client and the Services provided thereunder [Article 6 (1) (b) of the GDPR]. The Client may independently delete any data and documents uploaded or added to the App.

Application Logs will be processed for the following purposes: technical support, application improvement, ensuring security based on our legitimate interest in achieving these purposes [Article 6 (1) (f) GDPR].

The information contained in the Web Application logs includes:

Logs from the Mobile Application include the following information:

The information contained in the Mobile Application logs also includes:

Log retention will be a maximum of 30 days:

In order to diagnose Mobile Application errors and report Application failures, we use the Sentry tool provided by Functional Software, Inc.

The tool collects the following information:

The tool in question runs in the background of the Application.
Collected data will be deleted after 90 days.

The legal basis for this processing is our legitimate interest in diagnosing and reporting errors in the Application [Article 6, paragraph 1 (f) GDPR].

In connection with the use of Sentry, personal data may be transferred outside the EEA. The tool provider complies with the Data Privacy Framework for transfers of personal data from Europe to the United States. In the event that the Data Privacy Framework is invalidated or the Data Privacy Framework does not apply to transfers of European personal data, such transfers will be governed by the Standard Contractual Clauses as set out in your agreement with the tool provider.

The Mobile App (Android version) requires permission to access the location of the device on which the Mobile App is installed (ACCESS_FINE_LOCATION). Obtaining this permission allows you to configure further permissions required for Bluetooth operation or to directly access them, such as scanning and connecting to devices – this is necessary for Bluetooth communication with the device used to read tachograph data. We do not use Bluetooth to determine the device’s precise location.

Without the Mobile Application’s access to the device’s location, reading data from the tachograph will not be possible. The legal basis for processing device location data is the necessity for the performance of the contract under the Regulations [Article 6, paragraph 1 (b) of the GDPR]. We do not store this data. The iOS versions of the mobile application do not require the user to allow the Application to access the location.

We may process your personal data to comply with our obligations under applicable law, including in the event of inquiries from law enforcement or government agencies under Article 6(1)(c) of the GDPR.

We may also process your personal data for the purpose of establishing, protecting and pursuing claims – based on our legitimate interest [Article 6 (1) (f) GDPR].

Where appropriate, we may transfer data to:

The above sections of this document generally specify the retention periods for personal data or (where applicable) the criteria for determining them. The periods for which we retain individual data are closely linked to the purpose of processing and the legal basis for such processing. General information on the principles for determining data retention periods can be found below.

We are entitled to process personal data that we process based on your consent until you withdraw your consent or until the processing of your personal data is no longer necessary to achieve the purpose for which the data is processed, or until the given processing purpose is achieved and completed, whichever occurs first.

We will process data that we process based on our legitimate interest until you object (unless we can demonstrate that our interests override your interests or fundamental rights and freedoms or grounds for establishing, pursuing or defending claims), or until the processing of your personal data is no longer necessary to achieve the purpose for which the data is processed, or until the given processing purpose has been achieved and completed, whichever comes first.

We will store the data we process to fulfill our obligations under the law for the period specified in those provisions.

Providing data is voluntary, but to the extent necessary to conclude the Agreement and use our Services.

In connection with the processing of your personal data, you have the following rights, within the limits set by law and where applicable:

You can exercise your rights by contacting us via the contact form available on our Website under “Contact” or by sending correspondence to our registered office address indicated in point 1 of this document.

We will make every effort to promptly process your request and answer your questions regarding the processing of your personal data. We will respond no later than 30 days from the date we receive your request. If this deadline should be extended, in appropriate cases due to the complex nature of the request or the number of requests we receive, we will inform you of the extension and provide the reasons for the extension.

If there are reasonable doubts as to the identity of the person submitting the request, we may request additional information necessary to confirm the identity of the person submitting the request. Providing such information is not mandatory, but failure to provide it will result in the request being refused.

We retain information regarding the reports we receive in order to demonstrate compliance with the accountability principle set out in the GDPR and to establish, protect and pursue claims.

The processing of Customers’ personal data is not subject to automated decision-making based on the personal data received.

The Web Application and Mobile Application servers are located in the EEA. In addition to data transfers outside the EEA in connection with the Mobile Application’s error reporting tools, transfers may also occur in connection with payment processing by Stripe. The solution provider is Stripe Payments Europe Limited, but data may be transferred to Stripe Inc., based in the United States, as well as to other Stripe subcontractors. Stripe Inc. is certified under the Data Privacy Framework. For all other data transfers outside the EEA , the Standard Contractual Clauses in the relevant modules apply.

Our Services are not intended for use by individuals under the age of 18. We do not knowingly collect personal information from them.

Our goal is to ensure the highest possible level of protection for your data. The information contained in this document is subject to change as technology and our Services evolve. The latest version of the Privacy Notice for Customers using a Personal Account is always available on our Website.