PRIVACY POLICY

This document (hereinafter referred to as the "Policy") contains information on the processing by ARFORTECH Sp. z o.o. based in Jasionka, address: Jasionka 954E, 36-002 Jasionka, entered into the Register of Entrepreneurs of the National Court Register by the District Court in Rzeszów, 12th Commercial Division of the National Court Register under the KRS number: 0000786234, with NIP: 5170399274 and REGON number: 383352825, with a share capital of PLN 5,000.00 (hereinafter referred to as the "Administrator"), personal data of persons using the Application: ARmixer available on Apple App Store and Google Play Store. The policy is made available in order to provide persons whose personal data are processed by the Administrator with the widest possible information on the scope of data processed, methods and principles of data processing and the rights of these persons. The basic legal regulation regarding the protection of personal data is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection (hereinafter referred to as "GDPR").

Each of the Users using the services offered by the Administrator via the Application accepts the provisions of the Policy and agrees to the manner in which the Administrator collects, stores, uses and protects personal data. If the User refuses to provide the Administrator with certain personal data, then it will not be possible to conclude an Agreement with the Administrator, and the Administrator will not be able to provide the Services to the User.

1. GLOSSARY OF TERMS
1. Browser: an IT program used to display websites (e.g. Chrome, Firefox, Safari).
2. Cookies: text files placed by the server on a device with a browser running. Cookies are IT data, in particular text files, which are stored on the User's end device (e.g. in the computer memory) and are intended for using the Application.
3. Third country: a country outside European Economic Area.
4. Personal data: any information about an identified natural person or one who can be identified, in particular on the basis of an identifier such as: name and surname, identification number, location data, internet identifier (including IP address and / or login) or one or both several specific factors determining the physical, physiological, genetic, mental, economic, cultural and social identity of an individual.
5. Profiling: any form of automated processing of personal data, which consists in the use of personal data to evaluate certain personal factors of a natural person, in particular to analyze or forecast aspects related to the effects of that natural person's work, economic situation, health, personal preferences, interests, integrity, behavior, location or movement.
6. Application: ARmixer
7. Services: services provided by the Administrator through the Application to Users, consisting in enabling Users (User Publisher in accordance with the Application Regulations) to provide materials and objects of everyday use with content presenting the actual perception of these materials, objects in real world, and enable other Users (User Reader in accordance with the Application Regulations) - familiarization with these content, i.e. elements of augmented reality added by the Publisher to materials and objects of everyday use.
8. Processing: any operation or set of operations performed on personal data or sets of personal data in an automated or non-automated manner, such as: collecting, recording, organizing, storing, adapting or modifying, downloading, viewing, using, disclosing by sending, disseminating or otherwise providing, adapting or combining, limiting, removing or destroying.
9. Users: persons using the Services provided by the Administrator via the Application, who are Publishers or Readers in accordance with the Application Regulations.
10. Account: an individual User profile created for him in the Application as a result of the registration process.
2. LEGAL BASIS, PURPOSES, RULES AND TIME OF DATA PROCESSING
1. Users may send the Administrator Personal Data when using the Application, filling in forms available in the Application (among others enabling registration), and also by e-mail when reporting problems related to the functioning of the Application.
2. Personal data is processed by the Administrator in order to:
   1. exercising the rights and obligations arising from the contract concluded between the User and the Administrator (Article 6 (1) (b) of the GDPR), as well as providing the User with information and Services ordered, which is necessary to perform mutual contractual obligations - for a period of time necessary for the performance of the contract, and after its completion the data will be stored for the period necessary to demonstrate the correctness of the performance of obligations under the contract until the expiry of the deadlines specified in the provisions on archiving;
   2. providing the User with marketing materials as well as information, instructions and tips necessary to improve the implementation of the Services - the processing of the User's Personal Data takes place then with his consent (Article 6 (1) (a) of the GDPR) and / or in the legitimate interest of the Administrator, which is the improvement of the services provided and direct marketing (Article 6 (1) (f) of the GDPR) for the time necessary to implement the Administrator's legitimate interest or until the User submits a justified objection, and in the case of direct marketing, no longer than until objection is expressed,
   3. sending the User information regarding the Services via e-mail correspondence and / or via text messages and / or any other means of communication, which involves the exercise of mutual rights and obligations arising from the contract concluded between the User and the Administrator (Article 6 (1) letter b) of the GDPR) - for the time necessary to perform the contract, and after its completion, the data will be stored for the period necessary to demonstrate the correct performance of the obligations under the contract until the expiry of the deadlines specified in the provisions on archiving;
   4. ensure that the Administrator performs the Services in accordance with applicable law, including in particular the regulations for the provision of Services and this Policy, which is necessary for the implementation of mutual contractual obligations (Article 6 (1) (b) of the GDPR), and the Administrator fulfills its obligations statutory obligations ((Article 6 (1) (c) of the GDPR) and the exercise and defense of claims arising from the concluded contract (Article 6 (1) (f) of the GDPR) - for the time necessary to perform the contract, and after its completion, data will be kept for the period necessary to demonstrate the correctness of the fulfillment of obligations under the contract until the expiry of the time limits specified in the provisions on archiving; if the Administrator fulfills statutory obligations, the processing of Personal Data will be carried out for the time necessary to perform the statutory obligations of the Administrator; in the case of defense and exercise of claims under the contract for the time necessary to implement the legitimate interest of the Administrator or until the User submits a justified objection,
   5. ensuring the safety of using the Services available on the Application, which is necessary to perform mutual contractual obligations, drawing up, exercising or defending claims arising from the contract (Article 6 (1) (b) of the GDPR), and fulfilling the statutory obligations of the Administrator (Article 6 (1) (c) GDPR), as well as in the legitimate interest of the Administrator (to ensure the security of the Services provided) (Article 6 (1) (f) of the GDPR) - for the time necessary to perform the contract, and after it upon completion, the data will be stored for the period necessary to demonstrate the correctness of the fulfillment of obligations under the contract until the expiry of the deadlines specified in the provisions on archiving; if the Administrator fulfills statutory obligations, the processing of Personal Data will be carried out for the time necessary to perform the statutory obligations of the Administrator; in the case of ensuring security for the time necessary to implement the legitimate interest of the Administrator or until the User submits a justified objection;
   6. performance of other statutory obligations of the Administrator, in particular tax and reporting (Article 6 (1) (c) of the GDPR) - for the time necessary to fulfill the statutory obligations of the Administrator, in particular until the expiry of the limitation period for tax obligations;
   7. in the case of voluntary and optional consents (Article 6 (1) (a) of the GDPR and art. 10 of the Act of July 18, 2002 on the provision of electronic services and art. 172 of the Act of 16.07.2004 - Telecommunications Law), the data will also be processed for marketing purposes consisting in popularizing the applicationalso on the basis of separate consents expressed by e-mail or during a telephone conversation - until the consent is withdrawn;
   8. enabling the User to personalize his profile in the Application, then the processing of data in this way takes place with his consent (Article 6 (1) (a) of the GDPR) until he withdraws his consent;
   9. managing the Application and in order to solve problems related to its use, data analysis, testing, as well as conducting research, analytical and supervision works - the basis for processing the User's Personal Data is then the legitimate interest of the Administrator, which is ensuring the security of the Service provided, as well as improving functions available as part of the Application (Article 6 (1) (f) of the GDPR) - Personal data are then processed for the time necessary to implement the legitimate interest of the Administrator or until the User submits a justified objection;

After the expiry of the processing period, Personal Data is immediately deleted or anonymized.

3. The Administrator will process the following Personal Data provided by the User:
   1. data required to register an Account that will enable the use of the Services, including:
      • e-mail address
      • password.
      All of the above fields are mandatory. If this information is not provided, the Administrator will not be able to provide Users with access to the Services, and thus the User will not be able to register an Account.
      In the case of logging in via social media, the user's login and the token received from the medium used by him will be kept.
   2. information on accounting or financial transactions, including those made via the Application or otherwise (these will include payment card details or User's bank account details);
   3. data on visits to the Application and resources used by the User
   4. data and information that the Administrator may require from the User in the event of reporting problems related to the use of the Application.
4. With regard to Personal Data regarding visits to the Application by the User, the Administrator may (if required and obtained the User's consent for this purpose) obtain data on devices and networks used by the User to access the Services. These data may include: User's IP address, login data, type and version of a web browser, types and versions of plugins used by web browsers, operating system and platform, advertising ID, information about visits, including the URL of the page on which the user was clicked. . there was a link leading to the Application, searched or viewed products, data download errors, time of visits to certain pages, interactions with other pages. These data are obtained by the Administrator in particular through cookies and other technologies.
   The scope of the indicated data complies with the adequacy principle. Failure to provide the above data makes it impossible to use the Services.
   In addition, the Administrator, in order to defend the rights of Users and third parties, as well as to take appropriate action against violations of the provisions of the Regulations and the Policy, will also have access to Users' network data, which will be downloaded automatically. Users using the Services via the Application at the same time consent to the collection of this data by the Administrator. If the User does not consent to the collection of network data, it is impossible to use the Application.
5. In connection with the implementation of the Services, Personal Data will be disclosed to external recipients, which are: the Administrator's business partners, the Administrator's service providers (in particular in the field of technical issues, payments), Administrator's employees and associates (these persons will be authorized to process Personal Data), state authorities, prosecutor's office, police, etc.
6. The Administrator informs that the transfer of Personal Data to external recipients will take place when:
   1. it is necessary to use the services of an external entity,
   2. it is necessary for the implementation of contracts concluded with external entities,
   3. it is necessary for the proper performance of the Service;
   4. it results from the provisions of generally applicable law;
   5. it is necessary to defend the Administrator's claims or rights, including in connection with the ongoing process;
   6. a circumstance has occurred that poses a threat to life, health, property or safety.
   As a rule, the Administrator does not transfer Personal Data to a third country or an international organization outside the European Economic Area, however, bearing in mind that the scope of the Administrator's activity also includes third countries, it may happen that the Provider Administrator's service, e.g. in the field of server maintenance, hosting, the software will be located in a third country, then the User's Personal Data will be transferred outside the European Economic Area - in this case, all transfers of Personal Data will be made on the basis of the so-called standard contractual clauses adopted by the European Commission and ensuring an adequate level of security in accordance with applicable regulations.
7. With regard to marketing messages sent by means of electronic communication: The User may withdraw his consent at any time by unchecking the appropriate box in his Account.
3. PROCESSING OF PERSONAL DATA IN AN AUTOMATED MANNER

The Administrator uses Personal Data for automated decision making, including profiling, taking into account the information contained in cookies. Profiling will affect the functionality and quality of the Application, the content of the profile of a specific User, the content of the offer dedicated to a given User, as well as proposing to the User activities that increase his activity in the Application. In addition, profiling is carried out in order to implement the abovementioned purposes described in point II of the Policy.

Profiling has an impact on the User's use of the Application, because on this basis the Administrator will be able to improve the quality of using the Application, as well as assess the personal preferences and interests of Users. Therefore, profiling also includes monitoring and tracking the behavior of individual Users.

4. USER PERMISSIONS
1. In accordance with the provisions of the GDPR, the User has the following rights related to the control of the processing of Personal Data:
   1. the right to access the content of Personal Data (including obtaining information about what Personal Data are processed by the Administrator, receiving a copy of their Personal Data);
   2. the right to request rectification, update or rectification of Personal Data;
   3. the right to request the deletion of Personal Data if they are incomplete, out of date, untrue or were collected in violation of the law or are unnecessary to achieve the purpose for which they were collected; notwithstanding the foregoing, the User has the option to delete the Account in the Application;
   4. the right to lodge a complaint to the supervisory body dealing with the protection of personal data - i.e. the President of the Office for Personal Data Protection (e.g. in the event that the processing of Personal Data violates the provisions of the GDPR or other provisions on the protection of Personal Data);
   5. the right to request the restriction of the processing of Personal Data;
   6. the right to object to the processing of Personal Data, if the basis for processing is the legitimate interest of the Administrator or for direct marketing.
   In the case of processing Personal Data on the basis of consent, the User is entitled to:
   7. the right to withdraw consent at any time;
   8. the right to transfer Personal Data.
2. In order to exercise his rights, the User may contact the Administrator via the communication channels indicated in the Policy.
5. COOKIES
1. The application uses the information contained in cookies.
2. Cookies are used for the following purposes:
   1. enabling Users to navigate on the website and use its basic functions;
   2. recognizing the User during the next visit to the website;
   3. personalizing and improving the functions offered to the User;
   4. maintaining the User's session;
   5. determining the number of people using the Application and obtaining information on how to use it;
   6. conducting marketing activities (sending advertisements);
   7. remembering login details on the Application;
   8. adjusting the content of the Application to the individual preferences of the User (e.g. page layout);
   9. keeping anonymous statistics allowing the Administrator to improve the functionality of the Application.
3. The Application uses the following types of cookies: session, long-term and third-party cookies.
4. There are cases where the software used for browsing websites (web browser) allows cookies to be stored on the end device by default. It is possible to change cookie settings at any time. These settings can be changed in particular in such a way as to block the automatic handling of cookies in the web browser settings or to inform about their every posting on the device. Restrictions on the use of cookies may affect some of the functionalities available in the Application. Cookies may also be used by advertisers and partners cooperating with the Administrator.
5. Detailed information on cookie settings and their self-removal in the most popular web browsers should be available in the "help" (or other similar) section of the web browser and on the following pages:
   Internet Explorer browser: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
   Chrome browser: https://support.google.com/chrome/answer/95647
   Firefox browser: https://support.mozilla.org/pl/kb/ciasteczka
   pera browser: https://help.opera.com/pl/latest/web-preferences/
   Microsoft Edge browser: https://support.microsoft.com/pl-pl/help/4027947/windows-delete-cookies
6. SECURITY OF PERSONAL DATA

The Administrator implements appropriate security measures to ensure that Personal Data is processed in a safe manner, ensuring, above all, that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks performed by them. The administrator takes all steps to ensure that the entities cooperating with him guarantee the application of appropriate security measures, in each case when they process personal data at the request of the Administrator.


In particular, these are the following security measures:
1. selecting an appropriate certified server service provider;
2. frequent updating of system software;
3. access to an individual Account on the Application only after logging in with a login and password; passwords will not be stored in the database, only their hashes (so-called hash)
4. encryption of Personal Data in the database;
5. an encrypted communication channel using the SSL protocol between the use and the website.
6. CONTACT DETAILS

In case of any questions, requests and requests regarding Personal Data or a desire to exercise a specific right, the User may contact the Administrator in one of the following forms: office@armixer.com

7. CHANGES TO THE PRIVACY POLICY

The Administrator strives to ensure that this Policy is up-to-date and will update it in the event of: changes in the law, judicial decisions, guidelines of authorities responsible for supervising the processing of personal data, introduction of Codes of Good Practice (if the Administrator is bound by such codes), changes in technology, methods, the purposes or legal grounds for processing Personal Data.