Chapter I. General Provisions
1 Definitions
- Service Provider – Name: 4B Systems Sp. z o.o., address: al. Solidarności 117/207, 00-140 Warsaw, NIP: 575-188-70-93
- Service – access to the CRM Web Application provided by the Service Provider under the terms of these Regulations, in accordance with the specifications posted on the Service Provider’s website.
- Client – a private or corporate entity ordering through the Service Provider’s online service registration form the provision of the Service in the subscription model and paying the Service Access Fee.
- Application – CRM software installed on the Provider’s servers, made available to the Client via a web browser, accessible after logging in using a login and password at the address assigned to the User, enabling the provision of the Service.
- Account – an instance of the Application configured and made available to the Customer, accessible at an individual Internet address.
- User – Customer or Customer’s employees using the Service, assigned to the Service Account.
- Fee – remuneration paid in advance by the Client for the Service provided during the monthly Billing Period in accordance with the price list available on the Service Provider’s website, payable using available payment methods (credit card subscription debit, bank transfer, BLIK).
- Contact – contact information of an organization or individual, entered into the Customer Application with their consent.
- Limit of Number of Users – the maximum number of Users registered in the Service.
- Limit on the Number of Contacts – the maximum number of Contacts added to the Application.
- Limit of the Number of Funnels – the maximum number of defined Contact filters in the Customer Application.
- Data Space Limit – the maximum amount of data stored in the Customer Application, expressed in megabytes (MB) and gigabytes (GB).
- Module – a group of functionalities of the Application, collected in a thematic interface, performing programmatically assigned tasks, possible to optionally run in the Customer Service.
- Customer Panel – available after logging in with a login and password, a unique page provided to Customers to manage their Account and purchased Services.
- Subscription Plan – defines the Limits of the Number of Users, Limits of the Number of Contacts, Limits of the Number of Leaves, Limit of Data Space, additional services provided by Providers, additional Modules and the amount or lack of Fee.
- Settlement Period – the period that allows the use of the Service, lasting from the moment the Customer pays for the subscription to the Service for the period specified in the Subscription Plan.
- Web browser – software used to communicate with the Service via the Internet.
- Agreement – an agreement between the Service Provider and the Client to offer the Service upon payment of the Fee in accordance with the Subscription Plan. These Regulations are an integral part of the Agreement.
- Provider – a separate business entity providing additional services that the Customer may use in the Application.
- Service blocking – blocking access to the Application for Customer Users.
- Deactivation of the Service – complete removal of the Service with all data.
(2) These Regulations set forth the terms and conditions for the use of the Service by the Customer.
(3) The Customer declares that by ordering the Service he accepts the provisions relating to these Terms and Conditions.
(4) The Client agrees to receive commercial information regarding the Service Provider’s products and services. Consent may be withdrawn at any time by sending an email to [email protected].
(5) The Service Provider reserves the right to amend the Terms and Conditions, of which the Service Provider will inform Clients by e-mail.
Chapter II. Customer’s rights and obligations
- During the registration of the Service, the customer is required to provide the correct data of the organization.
- The Customer is obliged to protect Users’ access data to the Service.
- The Customer is entitled to technical assistance for parameterization and implementation of the Service in its own organization.
Chapter III. Rights and obligations of the service provider
- The Service Provider undertakes to provide the Service with due diligence.
- The Service Provider is not responsible for any problems in the implementation or access to the Service caused by:
- malfunctioning of the Customer’s Internet Browser,
- The service provider is not responsible for the consequences caused by the Client’s disclosure of the Users’ passwords to the Account to third parties.
- The Service Provider reserves the right to Block or Disable the Service in case of:
- Provision of false data by the customer,
- The Service Provider reserves the right to Disable the Service if the Service Lockout lasts continuously for at least 30 days.
- The Service Provider may implement front-end and back-end updates to the Application and reserves the right to periodically block access to the Application during ongoing updates. At the same time, the Service Provider will endeavor to make the updates at the time least annoying for Customers.
- The Service Provider may introduce prices for the Service, and the introduced changes will be effective from the moment the new price list is introduced.
Chapter IV. Launching the service
- In order to activate the Service, the potential Customer must perform the following activation procedure:
- fill out the registration form on the product’s website with your email address,
- The Customer will receive an activation link with access to the Customer Panel at the e-mail address provided,
- The customer is required to fill in the organization’s data and establish his own password for the Customer Panel,
- In the Customer Panel, the Customer can select the Service of interest by activating it,
- Activation of the Service is performed by selecting the appropriate Subscription Plan of the Service, defining the debit card to be charged, and paying the Fee (when selecting paid Subscription Plans),
- The customer is required to provide the parameters of the Service in order to launch it.
- The Customer can use the Free Subscription Plan, which is not time-limited, but has low Limits on the Number of Users, Limits on the Number of Contacts, Limits on the Number of Leaves, Limit on Data Space, and is limited in terms of integrated Providers’ services.
- Free Subscription Plan constitutes the provision of the service. The Customer can enter personal data and documents into the Application under the Free Plan.
- Activation of any Subscription Plan is tantamount to the conclusion of the Agreement.
- If the Customer selects a Paid Subscription Plan, the Customer shall pay the Service Fee via payment card.
- The Service Fee also includes additional services according to usage: SMS messages, e-mails, in the amount according to the selected Subscription Plan.
- The Customer may cancel the current Subscription Plan of a given Service by withdrawing the subscription in the Customer Panel. Deactivation of the Subscription Plan is made after the expiration of the period for which the Fee was paid.
- The Customer has the right to change to a higher or lower Subscription Plan at any time during the Billing Period by changing the Plan in the Customer Panel. The change of the Subscription Plan and its settlement will be as follows:
- Change to a cheaper or Free Subscription Plan – will take effect after the end of the current Billing Period, the Customer will not receive a refund of the paid Fee,
- Change to a more expensive Subscription Plan – will take effect immediately upon payment of the Fee. The fee will be billed on a pro rata basis.
- The termination of the Agreement is equivalent to the Disconnection of the Service.
- The Customer may not claim a refund of any Fees paid in the event of Service Exclusion and termination of the Agreement.
- The customer agrees to issue VAT invoices without the recipient’s signature.
- The customer agrees to issue VAT invoices in the form of electronic documents and deliver them electronically.
Chapter V. External Services of Suppliers
- The Service Provider may provide Customers with services of third parties (Suppliers), such as:
- message sending and receiving services: SMS, MMS, e-mail
- The Service Provider provides third-party services of Providers in the Application through implemented integrations with Providers’ services.
- The Service Provider may mediate some of the Providers’ services.
- The use of some third-party services may require the Customer to enter into separate agreements with the Provider. The consequences of failing to conclude an appropriate agreement and, consequently, failing to provide a foreign service are not the responsibility of the Service Provider and are borne by the Client.
- The Service Provider is not responsible for the quality of Providers’ services.
Chapter VI. Complaints
- The customer may file a complaint by sending it to the e-mail address: [email protected].
- The complaint will be reviewed by the Service Provider within 90 days, and a response will be sent to the Client’s e-mail address.
Chapter VII. Protection and processing of personal data
- As part of the Application and Customer Account, the Service Provider will process personal data for which it is the personal data controller within the meaning of the data protection regulations. In connection with the performance of this Agreement, the Service Provider may access such personal data.
- In connection with the conclusion and execution of the Agreement, the Service Provider shall also process personal data of the Service Provider or its employees, representatives involved in the execution of this Agreement.
Chapter VIII. Personal data entrustment agreement and information obligation
Given that the Service Provider (hereinafter also referred to as the Processor) will process the personal data collected by the Client (hereinafter also referred to as the Data Controller) as part of the Services offered and the Application launched, the following agreement has been concluded:
§ 1 Statements of the Parties
- The Administrator entrusts the Service Provider with the processing of personal data collected within the scope of the Service, which data includes, among others: names and surnames, residential addresses, telephone numbers, e-mail addresses, VAT numbers, company sounds, registered office addresses, scans of documents, contracts, sensitive data.
- The Service Provider declares that it has the means to properly process the personal data entrusted by the Data Controller, to the extent and for the purpose specified in this agreement.
- The Service Provider agrees that it will not modify, delete or use the personal data entrusted to it for processing in any way other than for the purpose of providing services to the Data Controller. In addition, the Service Provider undertakes to maintain full confidentiality regarding the data entrusted to it for processing.
- The Service Provider also declares that the persons employed in the processing of the entrusted personal data have been given authorizations to process personal data and that these persons have been acquainted with the regulations on personal data protection and the responsibility for non-compliance with them, have undertaken to comply with them and to maintain indefinitely the secrecy of the processed personal data and the ways of securing them.
§ 2 Purpose, scope, place of processing of entrusted personal data
- The Data Controller entrusts the Service Provider with the processing of the personal data referred to in § 1 paragraph. 1 of the agreement solely for the purpose of providing the Services.
- The Service Provider undertakes to process the entrusted personal data only for purposes related to the provision of the Services and only to the extent that is necessary for these purposes.
§ 3 Principles of personal data processing
- The parties undertake to perform the obligations under this agreement with the utmost professional diligence to safeguard the legal, organizational and technical interests of the parties in the processing of the entrusted personal data.
- The Service Provider undertakes to apply technical and organizational measures to adequately secure the personal data entrusted for processing, appropriate to the risks and categories of data to be protected, in particular to protect the data from being accessed by unauthorized persons, from being taken by an unauthorized person, from being processed in violation of the law, and from being altered, lost, damaged or destroyed.
- The Service Provider declares that the IT systems used to process the entrusted data meet the requirements of current legislation.
- The processor, taking into account the nature of the processing, shall, as far as possible, assist the controller through appropriate technical and organizational measures in fulfilling its obligation to respond to the data subject’s requests for the exercise of his or her rights.
- The Processor shall be obliged to notify the Data Controller of any suspected or confirmed personal data breach – no later than 24 (in words: twenty-four) hours from the time of acquiring information about the suspected or confirmed personal data breach. In the notification, the Processor is required to indicate the circumstances of the incident, the probable causes, and the measures that were applied in connection with the incident to minimize the negative effects – along with the necessary documentation. The Processor is required to provide the Data Controller with the opportunity to participate in the investigation of the circumstances of the incident. The processor is obliged to provide all information and explanations, as well as to take all actions that will enable the Controller to comply with its notification obligation to the President of the Office for Personal Data Protection.
- The processor, taking into account the nature of the processing and the information available to it, shall assist the Administrator in complying with the obligations set forth in Art. 32-36 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
- The processor, upon termination of the processing services, shall delete the data, any existing copies thereof, unless specific laws mandate the retention of personal data.
§ 4 Subtitling
- The Processor may entrust specific personal data processing operations by means of a written sub-processing agreement to other processors, subject to prior approval of the sub-processor by the Data Controller or lack of objection. By entering into this Agreement, the Service Recipient accepts the following sub-processors:
- LINK Mobility Poland Sp. z o.o. – The scope of subcontracting includes data processing in connection with the Module for sending SMS messages,
- Entrusting data processing to sub-processors outside the list referred to in paragraph (2). 1 above, requires prior notification to the Data Controller in order to allow objection. The data controller may raise a documented objection to the entrustment of data to a specific sub-processor for legitimate reasons. If an objection is raised, the Processor is not entitled to entrust the data to the objectionable sub-processor, and if the objection is to the current sub-processor, the Processor must immediately terminate the sub-processing to that sub-processor. The Processor shall notify the Controller of any doubts as to the legitimacy of the objection and any negative consequences in time to ensure continuity of processing.
§ 5 Responsibility of the parties
- The data controller is responsible for compliance with the law on the processing and protection of personal data according to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation).
- The above does not exclude the Processor’s liability for processing the entrusted data in violation of the contract.
- The Processor shall be liable for damages caused by processing if it has failed to comply with the obligations imposed by this Agreement, or if it has acted outside of or contrary to the lawful instructions of the Administrator.
§ 6 Final provisions
- Where this Agreement refers to laws, this also means other laws regarding the protection of personal data, as well as any amendments that come into force after the date of the Agreement, as well as acts that will replace the laws and regulations indicated.
- This Data Processing Entrustment Agreement is valid for the duration of the provision of services to the Administrator, which services involve the processing of personal data.
Chapter IX. Onformation obligation
Personal data controller
The administrator of the personal data is 4B Systems Sp. z o.o., al. Solidarności 117/207, 00-140 Warsaw, NIP: 575-188-70-93, KRS: 0000520586, registration court: District Court in Częstochowa, XVII Economic Division of the KRS, share capital: PLN 5,000.00, e-mail: [email protected].
Scope of data processed
We process the following personal data:
- customer data,
- data provided to us in connection with the performance of the contract, such as user data for which user accounts are to be established,
- other data provided in connection with the execution of the contract.
Purposes and basis of processing
Data is processed for the following purposes and on the following legal bases:
- The conclusion and performance of a contract (Article 6(1)(b) of the DPA),
- issuing invoices, keeping and maintaining accounting records, which is the fulfillment of legal obligations imposed on us by law as a business entity (Article 6(1)(c) of the RODO),
- establishment, investigation or defense of claims, which is our legitimate interest (Article 6(1)(f) RODO).
Recipients of data
Personal data may be processed by the following entities:
- Hosting provider – in terms of storing personal data on the server,
- Cloud software providers – for the use of software in which processing of personal data takes place, such as invoicing software,
- accounting office – in the field of accounting, where the processing of personal data contained in the content of accounting documents takes place,
- Companies and law firms – for the establishment, investigation or defense of claims,
- other subcontractors who may access personal data in connection with providing services to us.
All entities involved in the processing of personal data shall ensure an adequate level of protection of personal data.
Data retention period
Personal data will be stored until the expiration of the statute of limitations for claims under the contract with us.
Entitlements related to processing
You have the following rights in connection with the processing of your personal data:
- The right to access the data and receive a copy of it,
- The right to rectification (amendment) of data,
- The right to erasure (if, in your opinion, there is no basis for us to process your data, you may request that we erase it),
- The right to restrict data processing (you may request that we restrict the processing of your data only to storing it or carrying out activities agreed with you, if in your opinion we have inaccurate data or are processing it unduly),
- The right to object to processing (you have the right to object to processing on the basis of legitimate interests; you should indicate your particular situation that you believe justifies us stopping the processing covered by the objection. We will stop processing your data for these purposes unless we can demonstrate that the grounds for our processing override your rights or that your data are necessary for us to establish, assert or defend claims),
- The right to withdraw consent to the processing of personal data, if the processing is based on such consent,
- The right to data portability (you have the right to receive from us in a structured, commonly used machine-readable format the personal data you have provided to us on the basis of a contract or consent. You may instruct us to send this data directly to another entity),
- The right to lodge a complaint with a supervisory authority (if you find that we are processing your data unlawfully, you may file a complaint to this effect with the President of the Office for Personal Data Protection or other competent supervisory authority).
To exercise your rights, please direct your request to the e-mail address [email protected]. Please note that we will need to properly identify you before we can exercise your rights.
Information about the requirement/voluntariness of data provision
Providing data is a condition for using our services.
Chapter X. Final Provisions
- The Regulations shall come into force as of the date of publication on the Service Provider’s website.
- The ownership and copyright of the Application and the Service are the sole property of the Service Provider.
- In matters not regulated by these Regulations, the provisions of the Civil Code and applicable law shall apply.