Chapter I. General Provisions
- Service Provider – Name: 4B Systems Sp. z o.o., address: al. Solidarności 117/207, 00-140 Warsaw, NIP(tax ID): 575-188-70-93
- Service – access to the CRM Web Application, made available by the Service Provider under the terms of these Regulations, by the specifications posted on the Service Provider’s website.
- Client – a private or corporate entity ordering through the Service Provider’s online service registration form the provision of the Service in the subscription model and paying the Service Access Fee.
- Application – CRM software installed on the Service Provider’s servers, made available to the Client via a web browser, accessible after logging in using a login and password at the address assigned to the User, enabling the provision of the Service.
- Account – an instance of the Application configured and made available to the Client, accessible at an individual web address.
- User – the Customer or the Customer’s employees using the Service, assigned to the Service Account.
- Fee – remuneration paid in advance by the Client for the Service provided during the monthly Billing Period by the price list available on the Service Provider’s website, payable using available payment methods (credit card subscription debit, bank transfer, BLIK).
- Contact – contact information of an organization or individual, entered into the Customer Application with their consent.
- Limit of Number of Users – the maximum number of Users registered in the Service.
- Limit of Number of Contacts – the maximum number of Contacts added to the Application.
- Limit of Number of Funnels – the maximum number of defined filters of Contacts in the Customer Application.
- Data Space Limit – the maximum number of data stored in the Customer Application, expressed in megabytes (MB) and gigabytes (GB).
- Module – a group of functionalities/features of the Application, collected in a thematic interface, performing programmatically assigned tasks, optionally available for activation in Customer Service.
- Customer Panel – available after logging in with a login and password, a unique page provided to Customers to manage their Account and purchased Services.
- Subscription Plan – defines the Limits of the Number of Users, Limits of Number of Contacts, Limits of Number of Funnels, Limits of Data Space, additional services provided by Providers, additional Modules, and the amount or lack of Fee.
- Billing Period – the period of time that allows the use of the Service, lasting from the moment the Customer pays for the subscription to the Service for the period specified in the Subscription Plan.
- Web Browser – software used to communicate with the Service via the Internet.
- Agreement – the agreement concluded between the Service Provider and the Client to offer the Service upon payment of the Fee by the Subscription Plan. These Terms and Conditions are an integral part of the Agreement.
- Provider – a separate business entity providing additional services that the Customer may use in the Application.
- Service Blocking – blocking access to the Application for the Customer’s Users.
- Service Deactivation – complete removal of the Service together with all data.
2. These Regulations set forth the terms and conditions for the use of the Service by the Customer.
3. The Client declares that by ordering the Service he accepts the provisions relating to these Regulations.
4. The Client agrees to receive commercial information regarding the Service Provider’s products and services. Consent may be withdrawn at any time by sending an e-mail to firstname.lastname@example.org.
5. The Service Provider reserves the right to change the Terms and Conditions, of which the Service Provider will inform Clients by e-mail.
Chapter II. Customer’s rights and obligations
- During the registration of the Service, the Customer is obliged to provide correct data of the organization.
- The Customer is obliged to protect the Users’ access data to the Service.
- The Customer has the right to technical assistance for parameterization and implementation of the Service in its own organization.
Chapter III. Rights and obligations of the Service Provider
- The Service Provider undertakes to provide the Service with due diligence.
- The Service Provider shall not be responsible for any problems related to the implementation or access to the Service caused by:
- malfunctioning of the Client’s Internet Browser,
- malfunctioning of the Internet connection,
- incorrect or unauthorized actions of third parties,
- interference with access to services offered by third parties and Providers.
- technical problems on the server side independent of the Service Provider.
- The Service Provider is not responsible for the consequences caused by the Client’s disclosure of the Users’ passwords to the Account to third parties.
- Service Provider reserves the right to Block or Disable the Service in case of:
- the Client provides false data,
- violation by the Client of any of the points of these Regulations,
- use of the Account in an unlawful manner,
- the Client’s failure to pay for access to the Service.
- The Service Provider reserves the right to disable the Service if the Service Lockout lasts continuously for at least 30 days.
- The Service Provider may implement front-end and back-end updates to the Application and reserves the right to periodically block access to the Application during ongoing updates. At the same time, the Service Provider will endeavor to make the updates at the time least troublesome for the Customers.
- The Service Provider may introduce prices for the Service, and the introduced changes will be effective from the introduction of the new price list.
Chapter IV. Activation of the service
- To launch the Service, the potential Customer must perform the following activation procedure:
- complete the registration form on the product’s website, providing his/her e-mail address,
- the Customer will receive an activation link with access to the Customer Panel at the e-mail address provided,
- the customer is required to fill in the data of the organization and establish his own password to the Customer Panel,
- in the Customer Panel, the Customer can select the Service of interest by activating it,
- activation of the Service is carried out by selecting the appropriate Subscription Plan of the Service, defining the chargeable payment card, and making the Fee (when selecting paid Subscription Plans),
- The Customer is required to provide the parameters of the Service to activate it.
- The Customer may use the Free Subscription Plan, which is not time-limited, but has low Limits on the Number of Users, Limits on Number of Contacts, Limits on Number of Funnels, Limits on Data Space, and is limited in terms of integrated Providers’ services.
- Free Subscription Plan constitutes a service provision. The Customer may enter personal data and documents into the Application under the Free Plan.
- Activation of any Subscription Plan is equivalent to the conclusion of the Agreement.
- When selecting a Paid Subscription Plan, the Customer shall pay the Service Fee via payment card.
- The Service Fee also includes additional services by the use of SMS messages, and e-mails, in the amount according to the selected Subscription Plan.
- Customer may cancel the current Subscription Plan of a given Service by withdrawing the subscription in the Customer Panel. Deactivation of the Subscription Plan is done after the expiration of the period for which the Fee was paid.
- The customer has the right to change the Subscription Plan to a higher or lower one at any time during the Billing Period by changing the Plan in the Customer Panel. The change in the Subscription Plan and its billing will be as follows:
- Changing to a cheaper or Free Subscription Plan – will take effect after the end of the current Billing Period, the Customer will not receive a refund of the paid Fee,
- Change to a more expensive Subscription Plan – will take effect immediately after the Payment of the Fee. The Fee will be billed proportionally.
- Termination of the Agreement is equivalent to the Disconnection of the Service.
- The Customer may not claim a refund of any Fees paid in the event of Service Exclusion and termination of the Agreement.
- The customer agrees to issue VAT invoices without the recipient’s signature.
- The customer agrees to issue VAT invoices in the form of electronic documents and to deliver them electronically.
Chapter V. Third-Party Services of Suppliers
- The Service Provider may provide Customers with third-party services (Suppliers), such as:
- sending and receiving message services: SMS, MMS, e-mail
- VoIP services
- invoicing services
- electronic signature services
- The Service Provider shall provide third-party services of the Providers in the Application through the introduced integrations with the Providers’ services.
- The Service Provider may mediate some of the Providers’ services.
- The use of some of the third-party services may require the Customer to conclude separate agreements with the Provider. The consequences of failing to conclude an appropriate agreement and consequently failing to provide a third-party service is not the responsibility of the Service Provider and are the responsibility of the Client.
- The Service Provider shall not be responsible for the quality of the Providers’ services.
Chapter VI. Complaints
- The client may file a complaint by sending it to the e-mail address: email@example.com.
- The complaint will be considered by the Service Provider within 90 days, and the response will be sent to the Client’s e-mail address.
Chapter VII. Protection and processing of personal data
- As part of the Application and the Client’s Account, the Service Provider shall process personal data for which the Service Provider is the personal data controller within the meaning of the data protection regulations. In connection with the performance of this Agreement, Service Provider may access such personal data.
- In connection with the conclusion and execution of the Agreement, the Service Provider shall also process the personal data of the Service Provider or its employees, and representatives involved in the execution of this Agreement.
Chapter VIII. Personal data entrustment agreement and information obligation
Considering that the Service Provider (hereinafter also referred to as the Processor) will process the personal data collected by the Client (hereinafter also referred to as the Data Controller) as part of the Services offered and the Application launched, the following agreement has been concluded:
§ 1 Statements of the Parties
- The Data Administrator entrusts the Service Provider to process the personal data collected within the scope of the Services, which data includes, among others: names and last names, residential addresses, telephone numbers, e-mail addresses, VAT numbers, company sounds, registered office addresses, scans of documents, contracts, sensitive data.
- The Service Provider declares that it has the means to properly process the personal data entrusted by the Data Administrator, to the extent and for the purpose specified in this agreement.
- The Service Provider undertakes that it will not modify, delete or use the personal data entrusted to it for processing in any way other than to provide services to the Data Controller. In addition, the Service Provider undertakes to maintain full confidentiality concerning the data entrusted to it for processing.
- The Service Provider also declares that the persons employed in the processing of the entrusted personal data have been given authorizations to process personal data and that these persons have been acquainted with the regulations on personal data protection and the responsibility for non-compliance with them, have undertaken to comply with them and to maintain indefinitely the secrecy of the processed personal data and the ways of securing them.
§ 2 Purpose, scope, and place of processing of entrusted personal data
- The Administrator entrusts the Service Provider with the processing of personal data referred to in § 1.1 of the Agreement solely to provide the Services.
- The Service Provider undertakes to process the entrusted personal data only for purposes related to the provision of the Services and only to the extent that is necessary for these purposes.
§ 3 Principles of personal data processing
- The Parties undertake to perform the obligations under this Agreement with the utmost professional diligence to safeguard the legal, organizational, and technical interests of the Parties in the processing of entrusted personal data.
- The Service Provider undertakes to apply technical and organizational measures to adequately secure the personal data entrusted for processing, appropriate to the risks and categories of data to be protected, in particular, to protect the data from being accessed by unauthorized persons, from being taken by an unauthorized person, from being processed in violation of the law, and from being altered, lost, damaged or destroyed.
- The Service Provider declares that the IT systems used to process the entrusted data meet the requirements of current legislation.
- The Processor, taking into account the nature of the processing, shall, as far as possible, assist the controller through appropriate technical and organizational measures to comply with the obligation to respond to the data subject’s requests for the exercise of his/her rights.
- The Processor shall notify the Controller of any suspected or confirmed personal data breach – no later than within 24 (in words: twenty-four) hours of becoming aware of the suspected or confirmed personal data breach. In the notification, the Processor shall indicate the circumstances of the incident, the probable causes, and the measures that have been applied in connection with the incident to minimize the negative effects – along with the necessary documentation. The Processor is obliged to provide the Data Controller with the opportunity to participate in the clarification of the circumstances of the incident. The Processor is obliged to provide all information and explanations, as well as to take all actions that will enable the Data Controller to comply with its notification obligations to the President of the Office for Personal Data Protection.
- The Processor shall, taking into account the nature of the processing and the information available to it, assist the Controller in complying with the obligations outlined in Articles 32-36 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons about the processing of personal data and the free movement of such data (General Data Protection Regulation).
- The processor shall, upon the termination of the processing services, delete the data, and any existing copies thereof, unless specific laws prescribe the retention of personal data.
§ 4 Subcontracting
- The Processor may entrust specific personal data processing operations using a written sub-processing agreement to other processors, subject to the prior acceptance of the sub-processor by the Data Controller or the absence of objection. By entering into this agreement, the Service Recipient accepts the following sub-processors:
- LINK Mobility Poland Sp. z o.o. – the scope of sub-processing includes data processing in connection with the Module for sending SMS messages,
- Mailgun Technologies, Inc. – mailgun.com, providing e-mail service,
- cyber_Folks S.A. – kei.pl – to the extent of providing a server.
- Entrusting data processing to sub-processors outside the list referred to in paragraph 1 above requires prior notification to the Data Controller to allow for objection. The Data Controller may raise a documented objection to the entrustment of data to a specific sub-processor for legitimate reasons. If an objection is raised, the Processor shall not be entitled to entrust the data to the objectionable subprocessor, and if the objection concerns a current subprocessor, it must immediately terminate the subprocessing to that subprocessor. The Processor shall report doubts about the legitimacy of the objection and possible negative consequences to the Controller in time to ensure the continuity of processing.
§ 5 Responsibility of the parties
- The Data Controller shall be responsible for compliance with the law on the processing and protection of personal data by Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons about the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
- The above shall not exclude the Processor’s liability for processing the entrusted data contrary to the agreement.
- The Processor shall be liable for damages caused by the processing if the Processor failed to comply with the obligations imposed by this Agreement, or if the Processor acted outside of or contrary to the lawful instructions of the Controller.
§ 6 Final Provisions
- Where this Agreement refers to legal provisions, this shall also mean other provisions relating to the protection of personal data, as well as any amendments that come into force after the date of the Agreement, as well as legal acts that will replace the indicated laws and regulations.
- This Data Processing Entrustment Agreement shall apply for the duration of the provision of services to the Administrator, which services involve the processing of personal data.
Chapter IX. Information obligations
Personal Data Administrator
The administrator of personal data is 4B Systems Sp. z o.o., al. Solidarności 117/207, 00-140 Warsaw, NIP: 575-188-70-93, KRS: 0000520586, registration court: District Court in Częstochowa, XVII Economic Division of KRS, share capital: PLN 5,000.00, e-mail: firstname.lastname@example.org.
Scope of processed data
We process the following personal data:
- Customer data,
- data provided to us in connection with the execution of the contract, such as user data for which user accounts are to be created,
- other data provided in connection with the performance of the contract.
Purposes and grounds for the processing
The data is processed for the following purposes and based on the following legal grounds:
- conclusion and performance of the contract (Article 6(1)(b) GDPR),
- issuing invoices, maintaining and keeping accounting records, which is the fulfillment of legal obligations imposed on us by law as a business entity (Article 6(1)(c) GDPR,
establishing, asserting, or defending claims, which is our legitimate interest (Article 6(1)(f) GDPR).
Recipients of data
Personal data may be processed by the following entities:
- hosting provider – in terms of storing personal data on the server,
- Cloud software providers – in terms of using software in which processing of personal data takes place, such as invoicing software,
- accounting office – in the field of accounting, in which the processing of personal data contained in the content of accounting documents takes place,
- Companies and law firms – in terms of establishing, asserting, or defending claims,
- Other subcontractors who, in connection with the provision of services to us, may gain access to personal data.
All entities involved in the processing of personal data shall ensure an adequate level of protection of personal data.
Data storage period
Personal data will be stored until the expiration of the statute of limitations for claims from the contract concluded with us.
Rights related to processing
In connection with the processing of personal data, you have the following rights:
- the right to access your data and to receive a copy of it,
- the right to rectify (amend) your data,
- the right to erasure (if in your opinion, there are no grounds for us to process your data, you may request that we erase it),
- the right to restrict data processing (you may request that we restrict data processing only to storing the data or performing activities agreed with you if in your opinion we have inaccurate data or are processing the data unreasonably),
- the right to object to processing (you have the right to object to processing based on legitimate interest; you should indicate the particular situation that you think justifies us stopping the processing covered by the objection. We will stop processing your data for these purposes unless we can demonstrate that the grounds for our processing override your rights or that your data are necessary for us to establish, assert or defend claims),
- the right to withdraw consent to the processing of personal data, if the processing is based on such consent,
- the right to data portability (you have the right to receive from us in a structured, commonly used machine-readable format the personal data you have provided to us based on a contract or consent. You may instruct us to send this data directly to another entity),
- the right to lodge a complaint with a supervisory authority (if you find that we are processing your data unlawfully, you may file a complaint to this effect with the President of the Office for Personal Data Protection or other competent supervisory authority).
To exercise your rights, please direct your request to the e-mail address email@example.com. Please note that we will need to adequately identify you before exercising your rights.
Information about the requirement/voluntariness of providing data
The provision of data is a condition for the use of our services.
Chapter X. Final Provisions
- The Regulations shall come into force on the date of publication on the Provider’s website.
- The ownership and copyright of the Application and the Service shall be the sole property of the Service Provider.
- In matters not covered by these Regulations, the provisions of the Civil Code and applicable law shall apply.