Privacy Policy
In connection with its economic activity, the Controller collects and processes Personal Data in line with relevant regulations, particularly with the GDPR and the data processing rules set out therein.
The Controller ensures transparency of data processing, in particular it always informs about data processing at the time of collection, including the purpose and legal basis of processing. The Controller always makes sure that the data is collected only in such scope as is necessary for the specified purpose, and that it is processed within the necessary timeframe only.
When processing the data, the Controller ensures data security and confidentiality, and facilitates access to the information on said processing for Data Subjects. Should a Personal Data breach (e.g. a “leak” or loss of data) occur despite the security measures applied, the Controller shall, in a manner compliant with regulations, notify the Data Subjects whose data has been breached.
The Controller can be contacted by e-mail at: service@termasmart.com or by post addressed to: Terma Sp. z o.o., Czaple 100, 80-298 Gdańsk, Poland.
The Controller makes all necessary efforts to protect the Personal Data of customers and users against unauthorized access by third parties. In this respect, it applies high-level organizational and technical security measures. The Controller does not share Personal Data with any unauthorized entities. The Controller may entrust another entity, by way of a written contract, to process Personal Data on behalf of the Controller. Personal Data may be disclosed to the Controller’s employees or associates and entities providing support to the Controller on the basis of outsourced services and in accordance with the entrustment agreements concluded. The Controller also takes all necessary steps to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process Personal Data on behalf of the Controller. Personal Data may also be made available to entities authorized to receive them under the mandatory provisions of law.
The Controller analyses risk on an ongoing basis and monitors the adequacy of applied data safeguards to identified threats. If necessary, the Controller implements additional measures to increase the security of data.
We collect and use the Personal Data provided by the User while interacting with the Controller, as well as while downloading and using the Controller’s application.
Personal Data may include:
The User does not have to provide the above-mentioned Personal Data, but should be aware that failure to provide them will prevent the use of the application or its selected functionalities.
The Controller processes Personal Data of Users in order to enable the use of services offered via mobile applications. Users’ data is processed in order to register and use mobile applications. The legal basis for data processing in this regard is its indispensability to perform the contract (Article 6 (1) (b) of the GDPR).
In addition, the Controller processes Users’ Personal Data in order to manage and maintain business relationships, including creating and maintaining accounts in systems, managing Users’ orders, answering all Users’ questions and recording and sharing such questions internally, as well as analysing and creating statistics in order to improve Controller’s products or services (Article 6 (1) (a) and (b) of the GDPR).
By means of mobile applications, the User may in particular: control the heating system, optimize the heating process by controlling it with geolocation, as well as use heating modes and other functionalities available within them.
In connection with the economic activity which requires the processing of Personal Data, said data may be disclosed to external entities, including providers responsible for the operation and service of the IT systems and hardware, providers of legal, accounting, auditing, consulting services and marketing agencies. The data shall also be disclosed to the affiliates of the Controller (Terma Group). The Controller reserves the right to disclose selected information about the Data Subject to the competent authorities or third parties, who request to be provided with such information, on the basis of appropriate legal grounds and in line with applicable laws.
The level of Personal Data protection outside the European Economic Area (EEA) differs from the level provided by European law. For this reason, the Controller transfers Personal Data outside the EEA only when necessary and with appropriate protection level provided, primarily through:
The Controller always communicates its intention to transfer Personal Data outside the EEA at the collection stage.
The time limit for the processing of data by the Controller depends on the type of service provided and the purpose of processing. The time limit for the processing of data may also result from legal regulations, when such regulations form the basis for the processing. If the data is processed on the basis of the Controller’s legitimate interest – e.g. for security reasons – it shall be processed for a period required to accomplish that interest or until an effective objection is filed with respect to data processing. If the processing is based on a consent, the data shall be processed until the consent is withdrawn. When the processing is based upon the data being needed to conclude and perform a contract, such data shall be processed until the termination thereof.
The time limit for data processing may be extended if the processing is necessary to determine, vindicate or defend against any possible claims, and after that period — only if and to the extent required by law. After the end of the time limit for processing, the data is irrevocably removed or anonymised.
The Data Subject has the following rights with regard to the processing of his or her Personal Data by the Controller:
An application regarding the exercise of Data Subjects’ rights may be submitted:
The applicant is asked to precisely specify as to what his or her application/request refers to, for example:
Should the Controller be unable to determine the content of the request or identify the applicant on the basis of the received application, it will request additional information from the applicant.
The Controller’s reply shall be given within one month of receipt of the application. If this time limit needs to be extended, the Controller shall notify the applicant of the reasons for such extension.
The reply shall be sent to the e-mail address from which the application was sent, and in the case of applications submitted by post, by regular mail to the address indicated by the applicant, unless the content of the letter indicates a desire to receive feedback to the e-mail address (in such case, please provide e-mail address).
The Policy may change at any time without notice, except where such changes may materially affect the rights of natural persons under applicable privacy and data protection laws, in which case the User shall be notified of such changes by appropriate notification.
/
TRENCHLESS TECHNOLOGY ///// HEATING PRODUCTS ///// MEDICAL PRODUCTS ///// INDUSTRIAL SERVICES