Privacy Policy

§1 GENERAL PROVISIONS

1. The controller of personal data collected through the website app.thekidly.com is CONNECT 4 KIDS SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, entered in the Register of Entrepreneurs by the DISTRICT COURT IN LUBLIN-WSCHÓD IN LUBLIN WITH ITS SEAT IN ŚWIDNIK, 6TH COMMERCIAL DIVISION OF THE NATIONAL COURT REGISTER under KRS number: 0001008474, share capital: PLN 79,200.00, registered office and address for service: ul. Tomasza Zana 11A, 20-601 Lublin, Tax ID (NIP): 7123446524, REGON: 523942154, email address: kontakt@connect4kids.pl, phone number: +48, hereinafter referred to as the “Controller” and also as the “Service Provider”.
2. Personal data collected by the Controller through the website is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as
3. All words or expressions written with a capital letter in this Privacy Policy should be understood in accordance with their definition contained in the Terms and Conditions of the website app.thekidly.com. The provisions of this policy apply to the website app.thekidly.com.

§2 TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION

1. PURPOSE OF PROCESSING AND LEGAL BASIS. The Controller processes personal data of Users of the app.thekidly.com website in the following cases:
   • signing up for the Newsletter to receive commercial information electronically. Personal data is processed after separate consent is given, based on Article 6(1)(a) of the GDPR,
   • registration of a Parent Account, Partner Account, or Facility Account in the Service to create an individual account and manage that Account based on Article 6(1)(b) of the GDPR (performance of a contract for the provision of electronic services in accordance with the Service Terms and Conditions),
   • use of the Review System to enable Users to post Reviews, based on Article 6(1)(f) of the GDPR (legitimate interest of the entrepreneur),
   • use of the Listing/Business Card Posting Form to perform a Sales Agreement based on Article 6(1)(b) of the GDPR (performance of a sales contract),
   • use of the Reservation Form to perform a Sales Agreement based on Article 6(1)(b) of the GDPR (performance of a sales contract),
   • placing an Order in the Service to perform a Sales Agreement based on Article 6(1)(b) of the GDPR (performance of a sales contract),
2. TYPE OF PERSONAL DATA PROCESSED. The User provides, in the case of:
   • Newsletter: first and last name, email address,
   • Account: email address, first and last name, address, phone number, date of birth,
   • Review System: first and last name,
   • Listing/Business Card Posting Form: first and last name, email address, phone number.
   • Reservation Form: first and last name, email address, phone number,
   • Order: first and last name, address, Tax ID, email address, phone number.
3. PERSONAL DATA RETENTION PERIOD. Personal data of Users is stored by the Controller:
   • when the legal basis for data processing is the performance of a contract, for as long as necessary to perform the contract, and thereafter for a period corresponding to the limitation period for claims. Unless a specific provision states otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activities – three years,
   • when the legal basis for data processing is consent, until the consent is withdrawn, and after withdrawal of consent for a period corresponding to the limitation period for claims that the Controller may raise and that may be raised against it. Unless a specific provision states otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activities – three years.
4. While using the Service, additional information may be collected, including: the IP address assigned to the User’s computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.
5. After separate consent is given, based on Article 6(1)(a) of the GDPR, data may also be processed for the purpose of sending commercial information electronically or making telephone calls for direct marketing purposes – respectively in connection with Article 10(2) of the Act of 18 July 2002 on the provision of electronic services or Article 172(1) of the Act of 16 July 2004 – Telecommunications Law, including those directed as a result of profiling, provided the User has given appropriate consent.
6. Navigation data may also be collected from Users, including information about links and references they choose to click or other actions taken in the Service. The legal basis for this type of activity is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services.
7. Providing personal data by the User is voluntary.
8. The Controller takes special care to protect the interests of data subjects, and in particular ensures that the data it collects is:
   • processed lawfully,
   • collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes,
   • substantively correct and adequate in relation to the purposes for which they are processed, and stored in a form that allows identification of data subjects for no longer than necessary to achieve the processing purpose.

 

§3 DISCLOSURE OF PERSONAL DATA

1. Personal data of Users is transferred to service providers used by the Controller in operating the Service, in particular to:
   • hosting provider,
   • Users with whom a given User has entered into a contract or established contact to perform a service,
   • accounting office,
   • review survey providers,
   • software provider enabling business operations,
   • entities providing mailing systems,
   • software provider needed to operate the website.
2. The service providers referred to in point 1 of this paragraph, to whom personal data is transferred, depending on contractual arrangements and circumstances, either follow the Controller’s instructions regarding the purposes and methods of processing such data (processors) or independently determine the purposes and methods of their processing (controllers).
3. Personal data of Users is stored exclusively within the European Economic Area (EEA), subject to §5 point 5 of the Privacy Policy.

 

§4 RIGHT TO CONTROL, ACCESS THE CONTENT OF YOUR OWN DATA AND CORRECT IT

1. The data subject has the right to access the content of their personal data and the right to rectify, delete, restrict processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.
2. Legal basis for User requests:
   • Access to data – Article 15 of the GDPR.
   • Rectification of data – Article 16 of the GDPR.
   • Deletion of data (the so-called right to be forgotten) – Article 17 of the GDPR.
   • Restriction of processing – Article 18 of the GDPR.
   • Data portability – Article 20 of the GDPR.
   • Objection – Article 21 of the GDPR
   • Withdrawal of consent – Article 7(3) of the GDPR.
3. To exercise the rights referred to in point 2, you can send an appropriate email to: kontakt@connect4kids.pl
4. When a User exercises a right arising from the above rights, the Controller fulfills the request or refuses to fulfill it immediately, but no later than one month after receiving it. However, if – due to the complex nature of the request or the number of requests – the Controller is unable to fulfill the request within one month, it will fulfill it within the next two months, informing the User in advance within one month of receiving the request – of the intended extension of the deadline and its reasons.
5. If it is found that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint with the President of the Personal Data Protection Office.

 

§5 “COOKIES” FILES

1. The Controller’s website uses “cookies” files.
2. The installation of “cookies” files is necessary for the proper provision of services on the Service website. “Cookies” files contain information necessary for the proper functioning of the website, and also provide the ability to develop general statistics of website visits.
3. The website uses two types of “cookies” files: “session” and “persistent”.
   • “Session” “cookies” are temporary files that are stored on the User’s end device until logging out (leaving the website),
   • “Persistent” “cookies” files are stored on the User’s end device for the time specified in the “cookies” file parameters or until they are deleted by the User.
4. The Controller uses its own cookies to better understand how Users interact with the website content. The files collect information about how the User uses the website, the type of page from which the User was redirected, and the number of visits and duration of the User’s visit to the website. This information does not record specific personal data of the User, but is used to develop statistics on website usage.
5. The Controller uses external cookies to collect general and anonymous statistical data through Google Analytics analytical tools (external cookie controller: Google LLC. based in the USA).
6. Cookies may also be used by advertising networks, in particular the Google network, to display ads tailored to the way the User uses the Service. For this purpose, they may retain information about the User’s navigation path or time spent on a given page.
7. The User has the right to decide on the access of “cookies” files to their computer by:
   • selecting the types of cookies they consent to collecting immediately after entering the Service website and when a message about cookies appears,
   • changing settings in their browser window. Detailed information about the possibility and methods of handling “cookies” files is also available in the software (web browser) settings.

 

§6 ADDITIONAL SERVICES RELATED TO USER ACTIVITY IN THE APPLICATION

1. The Application uses so-called social media plugins (“plugins”) from social networking sites. When displaying the website app.thekidly.com containing such a plugin, the User’s browser will establish a direct connection with the servers of Facebook, Instagram, and Google.
2. The plugin content is transmitted by the respective service provider directly to the User’s browser and integrated with the page. Through this integration, service providers receive information that the User’s browser has displayed the app.thekidly.com page, even if the User does not have a profile with the given service provider or is not currently logged in. Such information (along with the User’s IP address) is sent by the browser directly to the server of the given service provider (some servers are located in the USA) and stored there.
3. If the User logs into one of the above social networking sites, the service provider will be able to directly associate the visit to the app.thekidly.com page with the User’s profile on the given social networking site.
4. If the User uses a given plugin, for example by clicking the “Like” button or the “Share” button, the corresponding information will also be sent directly to the server of the given service provider and stored there.
5. The purpose and scope of data collection and its further processing and use by service providers, as well as the possibility of contact and the User’s rights in this regard and the possibility of making settings ensuring the User’s privacy protection are described in the service providers’ privacy policies:
   • https://www.facebook.com/policy.php
   • https://help.instagram.com/519522125107875?helpref=page_content
   • https://policies.google.com/privacy?hl=pl&gl=ZZ.
6. If the User does not want social networking sites to associate data collected during visits to the app.thekidly.com page directly with their profile on the given site, they must log out of that site before visiting the app.thekidly.com page. The User can also completely prevent plugins from loading on the page by using appropriate browser extensions, such as blocking scripts with “NoScript”.
7. The Controller uses remarketing tools on its website, i.e. Google Ads. Their use involves the use of cookies from Google LLC. related to the Google Ads service. Within the cookie settings management mechanism, the User has the option to decide whether the Service Provider will be able to use Google Ads (external cookie controller: Google LLC. based in the USA) in relation to them

 

§7 FINAL PROVISIONS

1. The Controller applies technical and organizational measures ensuring the protection of processed personal data appropriate to the threats and categories of data covered by protection, and in particular secures data against disclosure to unauthorized persons, seizure by an unauthorized person, processing in violation of applicable regulations, and alteration, loss, damage, or destruction.
2. The Controller provides appropriate technical measures to prevent the acquisition and modification by unauthorized persons of personal data transmitted electronically.
3. In matters not regulated by this Privacy Policy, the provisions of the GDPR and other applicable provisions of Polish law apply accordingly.