Privacy Policy

Privacy policy

This privacy policy sets out how we can at Citytalks Sp. z o.o. with headquarters in Przyszów, at ul. Cardinal Adam Sapiehy 18, 37-433 Przyszów, Poland ('CITYTALKS') to collect, store and use information about you when you interact with our web citytaks.eu platform ('our website') or the City Talks mobile application on Android or iOS ("our mobile application"), collectively referred to as "our products", and where we otherwise collect or collect information about you.

This privacy policy is effective from July 1, 2018.

DATA ADMINISTRATOR:

Citytalks Sp. z o.o. ( "CITYTALKS ')
Cardinal Adam Sapieha 18
37-433 Przyszów

Tax ID: 8652566424

KRS: 0000682955

REGON: 367549871

Contact details:

+48 570 227 544

contact@citytalks.eu

Management Board / Owners:

Codogni Paulina Magdalena
Siwek Anna Alicja

HOW WE COLLECT OR RECEIVE INFORMATION ABOUT YOU

when you share it with us, including:

- data provided when contacting us using traditional mail, electronic communication means or telephone contact,

- data exchanged during standard business cooperation and ongoing contacts,

- data exchanged through our social channels,

- data sent during voluntary use by the user of City Talks tools - our website or our mobile application on Android or iOS phones

- data collected in the database of business entities prepared by us based on publicly available sources, e.g. websites or provided by entities registering data,

- personal data or (more often) company data registered in publicly available sources, ie from the Register of Entrepreneurs of the National Court Register (KRS), Central Registration and Information on Economic Activity (CEIDG), CSO, foreign office registration,

- using cookies while using our website.

Legal basis for processing: necessary to execute orders or take steps on demand to conclude a contract (Article 6 (1) (b) OF THE REDO.

Reason why you need to perform the contract: if your message concerns us, providing you with goods or services or taking steps at your request before providing you with our goods and services (for example, providing you with information about our goods and services), we will process your information , to do this.

Similarly, when you decide to use our mobile application or our website, we will process your data to register / log you in and allow you to enjoy all the features of our products freely.

When you use our mobile application (and our website - to a lesser extent), we inform you several times about the type of data we receive after you use the function.

This happens, among other things, when you enter the application and ask if we can download your current location. The ability to follow our mobile application behind you is required due to the fact that we are then able to match the view of the urban story maps to your location so that you can use the interrogation of interesting historical objects you pass the most.

This is also the case when you want to use a walk in our mobile application, which is a paid function carried out with the help of mobile payments via Google Play and AppStore, and its purchase will cause us to see the data made available for Google Play and AppStore payments in accordance with the internal the privacy policy of these companies. In this case, we ask if you confirm making a mobile payment to CITYTALKS.

Similarly, if you use the collection of your photos and stories that you listen to while walking with our mobile application, to the "YOUR MEMORIES" function, you agree that your photos and locations will be collected by us in the system so that we can later You share them in the app to view your historical walks around the city.

INFORMATION WE COLLECT / MAY COLLECT:

IP address,
information from cookies,
information about your computer or device (eg device and browser type),
information about how you use our website, for example which pages you have browsed, the time you viewed them, what you clicked, the geographical location where you used our website (based on your IP address),
Your personal data for the use of our products (website and mobile application):
for an e-mail address

about nickname (if applicable)

nickname and e-mail address on facebook (in case of login via facebook)

nickname and email address on google + (when logging in via google +)

about sex (you also have the option of not giving sex)

for the IP address

for location with the help of a GPS / cell phone accelerometer

about UUI Beaco

for information on how you use your phone (phone settings, e.g. phone language, enabled / disabled option of using the camera function by other applications)

for information provided by you to make mobile payments required by Google Play and the AppStore, if you use premium paid features

for your photos, if they were made from the level of our mobile application o Information on the stories you have heard and the walks you have completed, if they were made from the level of our mobile application, along with the date of implementation and type, o Some settings of your phone (e.g. phone language)

for your statistics as a user of our mobile application and website (e.g., the number of stories you have heard and completed walks)

for your results in the ranking of users, if you have agreed to make them available (in your user profile on our website)

for your discount coupons offered in our mobile application and shared with you - we collect them

for your Information about your preferences (preferred topics of history and walks, "loved", added to "YOUR PLAN" for future walks with our mobile application, etc.)
Your contact details for contact / business cooperation with us, including the following:
about name and surname,

for address (if applicable),

o Your e-mail address,

o Your telephone number (if applicable),

for the website address from which you contact,

o company or business name (if applicable),
o company headquarters (if applicable),

o VAT number (if applicable),

o KRS number (if applicable),

for points of sale (if applicable),

Legal basis for processing: necessary to execute orders or take steps on demand to conclude a contract (Article 6 (1) (b) OF THE REDO.

Similarly, when you decide to use our mobile application or our website, we will process your data to register / log you in and allow you to enjoy all the features of our products freely.

HOW WE USE YOUR DATA

For administrative and business purposes ((especially to contact you and to perform our service of providing you with the latest information about the historically interesting places you have visited in the city where you are currently located, if you use our mobile application, or information about all the stories available on our website within the cities served by CITY TALKS, if you use our website.), in particular:

to the extent necessary to perform our service and enable you to use our website and our mobile application,
to enable you to view your past behaviors in our mobile application and website and to plan future activities,
to enable the continuation of cooperation between you and CITY TALKS,
for sending commercial and marketing information,
for handling inquiries and applications,
to carry out advertising campaigns, including e-mailing or telephone campaigns (it does not apply to so-called "intrusive advertising campaigns"),
for a possible conclusion of a commercial: service contract,
to the extent necessary to perform contracts, orders and commitments,
for the fulfillment of the legal obligation to prepare and store documentation including an accountant,
to confirm the performance of obligations and to pursue claims or defend against claims,
to contact you,
to ensure / improve the quality of our website and our mobile application,
to fulfill our contractual obligations,
to analyze the use of our website,
if you subscribed to our mailing list to send you relevant information,
if you subscribed to our mailing list to send you our newsletter.

DISCLOSING YOUR INFORMATION TO THIRD PARTIES

only to the extent necessary to:

service of our service providers, in particular AppStore and Google;
service for our contractors, in particular createIT s.c. Borkowski Bartosz Fredrych Aleksander;
service our partners (we will not disclose your data to them, but only allow them to offer you discount coupons through our mobile application and website);
where it is required by law or to enforce our rights;
for servicing servers;
to service the newsletter;
in the use of cookies.

YOUR RIGHTS WITH RESPECT TO YOUR INFORMATION WITH REGARD TO CERTAIN LIMITATIONS

getting access to and using information;
the possibility of correcting and / or supplementing your information;
we can delete your information;
the ability to delete your data by you (through your user account in our mobile application and on our website);
the ability to limit your use of your information;
the ability to oppose the use of your information;
withdrawing consent to use your information - please note that withdrawal of consent will not affect the legality of our use and processing of your information on the basis of consent before the withdrawal of consent.
submitting a complaint to the supervisory body;
receiving information that you have provided to us in a structured, commonly used and readable form in a computer format (eg in a CSV file) and the right to forward this information to another data controller (including data controller of external entities);
object to the processing of your information for specific purposes (for further information, see the section below, entitled "The right to object to the processing of your data for certain purposes").
In accordance with Article 77 of the GDPR, you also have the right to lodge a complaint with the supervisory authority, in particular in the Member State of your habitual residence, place of work or alleged violation of the GDPR.

Identity verification when requesting access to information

When you request access to your information, we are required by law to take all reasonable steps to verify your identity before doing so.

These measures are designed to protect your information and reduce the risk of identity theft, identity fraud or general unauthorized access to your information.

Sensitive / Confidential Personal Information: Due to the type of service, we may collect selected information that may be considered "confidential." More information can be found in the main section headed "Confidential Personal Information".

OUR DATA

The data controller, in relation to our website and mobile application is

Citytalks Sp. z o.o. ( "CITYTALKS ')
Cardinal Adam Sapieha 18
37-433 Przyszów
Tax ID: 8652566424
KRS: 0000682955
REGON: 367549871

Contact details:

+48 570 227 544

contact@citytalks.eu

Management Board / Owners:

Codogni Paulina Magdalena
Siwek Anna Alicja

You can contact the data administrator, send a letter to: City Talks Sp. z o.o. Maria Konopnicka 5/7 00-491 Warsaw or by sending an e-mail to contact@citytalks.eu.

You can contact the data controller representative by sending an email to contact@citytalks.eu.

If you have any questions regarding this privacy policy, please contact your data administrator.

INFORMATION WE COLLECT WHEN YOU WILL VISIT OUR WEBSITE OR MOBILE APP

We collect and use information from website users in accordance with this section and the section INFORMATION THAT COLLECT / WE CAN COLLECT:

Information about the WWW server log and mobile application

The data is stored and processed in a secure IT infrastructure hosted on a physical, leased server belonging to a reputable host:

AWS cloud (aws.amazon.com)
Amazon Web Services, Inc.
AFTER. Box 81226 Seattle,
WA 98108-1226.

AWS servers are stored within the European Economic Area. They are properly secured. More information about the AWS Privacy Policy here: https://aws.amazon.com/legal/

The use of information from the server's site logs for IT security purposes.

We regularly use remedial technical and organizational measures to protect the data we save, in case of accidental or deliberate manipulation of these data, their loss, destruction or access to unauthorized persons. The security measures we apply are constantly optimized in line with technological development.

We collect and store server logs to ensure the security of networks and information systems, and the server and website remain unaffected. This includes analyzing logs to identify and prevent unauthorized access to our network, distribution of malicious software, denial of service attacks and other cyber attacks by detecting unusual or suspicious activities.

If we do not investigate suspicious or potential criminal activity, we do not take or allow any attempts to identify you based on information collected through the server logs.

We also store a copy of servers on our local private servers at Citytalks Sp. z o.o., Maria Konopnickiej 5/7 00-491 Warsaw

You can contact the data administrator, send a letter to: City Talks Sp. z o.o. Maria Konopnicka 5/7 00-491 Warsaw or by sending an e-mail to contact@citytalks.eu.

You can contact the data controller representative by sending an email to contact@citytalks.eu.

Legal basis for processing: compliance with the legal obligation to which we are subject (Article 6 (1) (c) of the GDPR).

Legal obligation: we have a legal obligation to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing information about us. Recording access to our site using server log files is such a measure.

Use of information contained in the server's log for analysis of website usage and improvement of our website

We use the information collected through our site server logs to analyze how visitors to our site interact with our site and its features. For example, we analyze the number of visits and unique visitors, the time and date of the visit, the location of visits, and the operating system and browser used.

We use the information collected during the analysis of this information to improve our website. For example, we use the information collected to change the information, content and structure of our website and individual pages depending on what users are most involved with and time spent on specific pages on our site.

Legal basis for processing: our legally legitimate interest (Article 6 (1) (f) RODO).

Legally legitimate interest: improving our website for users of our site and learning the preferences of users of our website so that our site can better meet their needs.

Familiarize yourself with full information on the cookies we use here:

https://www.citytalks.eu/pl/polityka-prywatnosci

HOW LONG WE STORE YOUR DATA

This section determines how long we've stored your data. If possible, we've defined specific retention periods. Where this was not possible, we defined the criteria we use to determine the retention period.

Storage periods

Your data of the User of our website or mobile application: we store for 180 days from the day of your last activity in the scope of handling premium features (paid) in our mobile application or until you delete your user account from our website or mobile application.

Server log information: we store information about our server logs for 10 years.

Information about the order: when placing an order for goods and services, we store this information for 10 years after the end of the fiscal year in which you placed the order, in accordance with our legal obligation to store data for tax purposes.

Information related to handling recruitment processes: until the claims expire.

Correspondence and inquiries: if for any reason you conduct an investigation or correspond with us, or for how long we deal with the answer and the solution to your inquiry, we store data related to these activities for the next 10 years from the end of the proceedings.

Criteria for determining retention periods

In other circumstances, we will keep your data no longer than necessary, taking into account:

the purpose and use of your information, both now and in the future (for example, whether it is necessary to keep this information in order to continue to fulfill our obligations under your contract or contact you in the future);
whether we have any legal obligation to further process your information (such as any enrollment obligations imposed by applicable law or regulations);
whether we have a legal basis for further processing of your information (such as your consent);
how valuable your information is (both now and in the future);
any relevant agreed industry practices regarding the time of information retention;
levels of risk, costs and responsibility associated with them, continuing to store information;
how difficult it is to maintain the timeliness and accuracy of information; and
all relevant accompanying circumstances (such as the nature and status of our relationship with you);=

HOW WE PROTECT YOUR DATA

We take appropriate technical and organizational measures to secure your information and protect it against unauthorized or illegal use and accidental loss or destruction, including:

only by providing and providing access to your information to the minimum extent, subject to confidentiality restrictions; in applicable cases and as anonymous;
using secure servers to store information;
verification of the identity of each person who asks for access to information before granting them access to information;
with the help of technical and technological security of our website and mobile application, in particular:
Encryption with the SSL key of the mobile API - the database API communicates with the mobile applications via the https protocol and the SSL encryption layer.
Extended data validation against SQL-injection attacks - The Doctrine abstraction layer automatically protects against such attacks.
Authentication of application installations - Publication of the mobile application in the Google Play and App Store markets ensures authentication of the store and the recipient.
Encrypting sensitive data in the database - The database instance is encrypted. In addition, stored files are located on encrypted disks. The passwords are unilaterally encrypted.
Protection against brute-force attacks - The AWS (Amazon Web Services) infrastructure provides protection against brute-force attacks.
SHA512 algorithm / information encryption - The user passwords encryption algorithm has been used.
GIT code repository - The code is stored in the GIT repository, in the GITLab platform.

Providing us with information by e-mail

The transmission of information via the internet is not completely secure, and if you send us any information via the Internet (via e-mail, through our website or in any other way), you do so at your own risk.

We are not responsible for any costs, expenses, loss of profits, damage to reputation, damages, liabilities or other forms of loss or damage suffered by the user as a result of the decision to provide information there in such a way.

ENTITIES WE PROVIDE DATA

1. AMAZON AWS

AWS cloud (aws.amazon.com)
Amazon Web Services, Inc.
AFTER. Box 81226 Seattle,
WA 98108-1226.

AWS servers used by CITYTALKS are stored within the limits of the European Economic Area. They are properly secured. More information about the AWS Privacy Policy here: https://aws.amazon.com/legal/

Legal basis for processing: compliance with the legal obligation to which we are subject (Article 6 (1) (c) of the GDPR).

Use of information contained in the server's log for analysis of website usage and improvement of our website

Legal basis for processing: our legally legitimate interest (Article 6 (1) (f) RODO).

Legally legitimate interest: improving our website for users of our site and learning the preferences of users of our website so that our site can better meet their needs.

2. APPLE

Apple Inc.
One Apple Park Way,
Cupertino,
California, USA, 95014

The information collected by Apple (the IP address and actions taken in connection with our website and mobile application) is transferred outside the EEA and stored on Apple servers. Here you can access the Apple privacy policy: https://www.apple.com/legal/privacy/

Applied security: Apple adheres to the Privacy Policy of Asia-Pacific Economic Cooperation (APEC). The APEC CBPR system provides organizations with a framework to protect personal data transferred between participating APEC economies. Apple is very serious about the security of the User's personal data. As part of Apple's online services, including Apple Online Store or the iTunes Store, your personal information is encrypted when it is uploaded using the Transport Layer Security (TLS) protocol. Apple uses computer systems with limited access in physically protected rooms to store such personal data. With the exception of the iCloud Mail service, iCloud data is stored encrypted even when Apple uses external storage solutions.

Legal basis for processing: our legally legitimate interest (Article 6 (1) (f) RODO).

Legally legitimate interest: improving our website for users of our site and learning the preferences of users of our website so that our site can better meet their needs.

3. GOOGLE

Information collected by Google (the IP address and actions taken in connection with our website and mobile application) is transferred outside of the EEA and stored on Google's servers. Here you can access Google's privacy policy: https://www.google.com/policies/privacy Country of storage: United States of America. This country is not subject to the European Commission's decision on adequate protection.

Security used: Google has self-certified in accordance with the EU-US Privacy Shield. The privacy shield can be found here: https://www.privacyshield.gov/welcome. Privacy Shield EU-U.S. it is an approved certification mechanism in accordance with Article 42 of the GDPR, which is permitted under Article 42 (2) (f) OF THE REDO. You can access the European Commission's decision regarding the appropriate protection of the EU-U.S. Privacy Shield. here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm

Legal basis for processing: our legally legitimate interest (Article 6 (1) (f) RODO).

Legally legitimate interest: improving our website for users of our site and learning the preferences of users of our website so that our site can better meet their needs.

At CITYTALKS, we care about the appropriate selection of our service providers, but we can not be responsible for who those companies provide the collected data.

4. CREATEIT

createIT s.c. Borkowski Bartosz Fredrych Aleksander
Filter 23
87-100 Toruń
Poland
NI 956 22 888 44

The information collected by createIT in connection with the operation of our website and the mobile application is transmitted within the EEA.

In createIT to optimize the security and performance of a given database, the data is stored and processed:

in a secure IT infrastructure on the local createIT server
or on a physical, leased server in Germany belonging to the renowned hosting company Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany VAT Reg. Well. DE 812871812
or in the AWS cloud (aws.amazon.com) provided by a reputable hosting provider Amazon Web Services, Inc. AFTER. Box 81226 Seattle, WA 98108-1226. Here you can access the Google privacy policy: https://www.createit.com/privacy-policy-website-terms/

Applied safeguards:. createIT took remedial technical and organizational measures to protect the data we save employees, users and suppliers in case of accidental or deliberate manipulation of these data, their loss, destruction or access to unauthorized persons. The security measures used by createIT are constantly optimized in line with technological development.

Legal basis for processing: our legally legitimate interest (Article 6 (1) (f) RODO).

Legally legitimate interest: improving our website for users of our site and learning the preferences of users of our website so that our site can better meet their needs.

At CITYTALKS, we care about the appropriate selection of our service providers, but we can not be responsible for who those companies provide the collected data.

SENSITIVE CONFIDENTIAL DATA

"Sensitive / sensitive personal information" is information about a person who reveals their racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, genetic information, biometric information to uniquely identify a person, information about health, sex life or sexual orientation of a natural person.

CITYTALKS may collect confidential data only for the purpose of providing you with our full range of services in the best quality. We process the following personal data of users of our mobile application and website:

for an e-mail address
about nickname (if applicable)
nickname and e-mail address on facebook (in case of login via facebook)
nickname and email address on google + (when logging in via google +)
about sex (you also have the option of not giving sex)
for the IP address
for location with the help of a GPS / cell phone accelerometer
about UUI Beacon
for information on how you use your phone (phone settings, e.g. phone language, enabled / disabled option of using the camera function by other applications)
for information provided by you to make mobile payments required by Google Play and the AppStore, if you use premium paid features
for your photos, if they were made from the level of our mobile application
o Information on the stories you have heard and the walks you have completed, if they were made from the level of our mobile application, along with the date of implementation and type,
o Some settings of your phone (e.g. phone language)
for your statistics as a user of our mobile application and website (e.g., the number of stories you have heard and completed walks)
for your results in the ranking of users, if you have agreed to make them available (in your user profile on our website)
for your discount coupons offered in our mobile application and shared with you - we collect them for you
o Information about your preferences (preferred topics of history and walks, "loved", added to "YOUR PLAN" for future walks with our mobile application, etc.)

We remind you that you have the right to: require access to your personal data, rectification, deletion or limitation of processing, opposition to processing, data transfer; submit a complaint to the supervisory body, withdrawal of consent at any time.

The data is processed in the secure IT infrastructure of the Amazon AWS hosting provider and our private CITYTALKS servers. The data is secured appropriately.

More on this topic in the section entitled: Information that we collect when you visit our website

The data is made available, in accordance with the contract, to employers. Providing personal data is voluntary, however, it is necessary to perform the service and contract. If personal data is not provided, the service can not be performed and the contract can not be concluded and executed.

Legal basis for processing: necessary to execute orders or take steps on demand to conclude a contract (Article 6 (1) (b) OF THE REDO.

Consent: You agree to the purposes for which we process your data by voluntarily providing us with your data and by ticking the appropriate clauses and agreeing to the access in accordance with the queries sent by our mobile application, listed below.

a) Clause: "I AGREE TO STORE MY DATA IN ACCORDANCE WITH THE PRIVACY POLICY"
b) Clause: I consent to the processing and placing in the CITYTALKS database of my personal data included in the job offer for the purpose of using the services offered by CITYTALKS, including in particular the website and the mobile application. At the same time, I confirm that I was informed about my right to inspect my personal data, to complete it, update it and request removal at any time.

If you inadvertently or deliberately provide confidential personal information, you will be deemed to have explicitly consented to the processing of confidential / sensitive personal information in accordance with Article 9 (2) (a) of the RODO. We will use and process sensitive / confidential personal information to remove them.

CHANGES IN OUR PRIVACY POLICY

From time to time, we update and change our privacy policy available here https://www.citytalks.eu/en/polityka-prywatnosci

Small changes in our privacy policy

If we make minor changes to our privacy policy, we will update our privacy policy with a new date of entry into force as shown at the beginning. Our information processing will be subject to the practices set out in the new version of our privacy policy from the date of its entry into force.

Serious changes to our privacy policy or purposes for which we process your information

If you make significant changes to our privacy policy or if we intend to use your information for a new purpose or for a purpose other than the purposes for which it was originally collected, we will notify you by posting the relevant notice on our website (if possible), and most often the appropriate consent will appear in our mobile application with a request to re-accept settings and access.

We will provide you with information about the change and purpose and all other relevant information before we use your data for the new purpose.

Where required, we will obtain your prior consent before using your information for a purpose other than the purposes for which it was originally downloaded.

PRIVACY OF CHILDREN

Because we care about the safety and privacy of children on the internet, we follow the Children's Privacy Protection Act on the Internet in 1998 (Children's Online Privacy Protection - COPPA). COPPA and the accompanying regulations protect the privacy of children using the internet. We do not consciously contact or collect information about people under 18 years of age. Our website or mobile application is not intended to collect information about people under 18 years of age.

It is possible that we can receive information about persons under 18 not only as a result of fraud or deception of external entities, but also when persons under 18 years of age They want to use our website or mobile application.

If we are notified of this, we will immediately, if required by law, seek immediate consent from the parents to use this information, or, if we are unable to obtain such consent from parents, we will remove this information from our servers.

If you want to notify us that we receive information about people under 18 years of age, please do so by sending us an email to contact@citytalks.eu.

CONTENTS AND AGE OF USERS

We care about the quality of content and audio files that we provide. The content of stories and walks available in the City Talks system are supported by numerous historical sources and verified with historians. We also care about the quality of the language, the lack of profanity, in particular in the content and audio files we provide.

However, due to the fact that they are content related to historical events and "city life" as they actually were, the content of CITYTALKS may contain information inappropriate for people under 18, including stories about, for example, murders, events related to with wars, or existing public homes in the old days.

DO NOT TRACE

Do not Follow" is the privacy settings that users can set in their web browsers. Each user activates the "Do not follow" signal in his / her browser, the browser sends a message to the pages, asking not to follow the user. For information on "Do not Follow" visit: www.allaboutdnt.org