Privacy Policy and Cookies Policy

§1
General remarks

This Privacy Policy specifies the rules for the protection and processing of personal data of users of the service in the form of a team cooperation platform (the "Platform"), accessible under https://web.getcore.app or downloadable from the website https://www.getcore.app (the "Service"), by the personal data controller - the operator of the Platform, which is Kox Company Spółka z ograniczoną odpowiedzialnością (the "Controller").

A User is any individual using the Platform or the Service (the "User"). Where this Privacy Policy refers to Users, it shall also be understood to mean contractors who have entered into an agreement with the Administrator, or any individuals representing or working with or employed by them, unless specified otherwise.

The legal basis for the adoption of this document are the personal data protection regulations, in particular, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the movement of such data, and repealing Directive 95/46/EC (the "GDPR").

The Service uses cookies. Please refer to the cookies policy for details.

§2
Personal data Controller

The controller of your personal data is Kox Company Spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw (00-844) at ul. Grzybowska 87. The controller can be contacted by e-mail at: hello@getcore.app or by letter to: Grzybowska 87, 00-844 Warsaw.

§3
Categories of personal data processed
1The User provides the Controller with the following personal data:
1.1the User's account information (login, password and contact details provided when creating the User's account);
1.2User-generated content (all content posted on the Platform, in particular text messages, voice messages, emoticons, graphics);
1.3payment information (information necessary to make a payment);
1.4information on the actions performed by the User (for example: adding friends, creating groups, moderating content, etc.);
1.5information needed to enable additional functionalities (additional information needed to integrate with services offered by third parties);
1.6any other information provided directly by the user (providing feedback, participating in surveys, research, etc.).
2The provision of personal data is voluntary, but necessary for the Controller to provide its services.
3The Controller processes the followig personal data using the automated data processing:
3.1information about the User's device (IP address, operating system information, browser information and information about device settings such as microphone and/or camera);
3.2information about the use of the Platform (log information related to how and when the services are used - such as pages, servers and channels visited, activities performed or content interacted with);
3.3other information collected by automated means (for example: clicks on advertisements or referral links);
3.4cookies information (described in detail within the Cookies Policy).
4The Controller shall process the personal data of the contractors, their representatives, individuals representing or cooperating with them or employed by them: name, e-mail address, telephone number (if necessary), place of employment/business address, tax identification number (if necessary) and PESEL (Polish citizens only and if necessary).
§4
Purposes of the processing of the personal data
1The User's personal data will be processed for the following purposes:
1.1for the purpose of the performance of the agreement, including:
1.1.1to provide our services - for example: by processing images and sound during a video meeting or storing chat messages;
1.1.2to be able to contact the User - for example: to verify an account being created or to enable the use of two-factor authentication security;
1.1.3to provide customer service - for example: to answer questions about the use of the Platform;
1.2for the purpose of the Controller's legitimate interests, including:
1.2.1to protect the Platform - in particular to ensure security, prevent abuse and enforce compliance with the Terms and Conditions;
1.2.2to report on the results obtained within the Platform by the Controller - in particular for the purposes of tracking activity indicators and preparing financial reports;
1.2.3to personalise the Platform - in particular regarding information on other Users' activities, events and new features;
1.2.4to improve the Platform - in particular, to gain insight into how Users interact with the Platform and how its reception can be improved;
1.2.5to advertise the Platform - in particular to inform about the services and functions offered, and to verify the effectiveness of advertising;
1.2.6to be able to contact the User - in particular for the purpose of sending marketing communications;
1.3for the purpose of the fulfilment of a legal obligation incumbent on the Controller.
1.4for the purpose of the performance of the agreement; the basis for processing is Article 6 section 1 letter b) of the GDPR;
§5
Transfer of personal data – recipients
1The recipients of your personal data are:
1.1entities ensuring the operation and maintenance of the Controller's IT systems;
1.2the Controller's associates to whom access to your personal data is necessary to ensure the proper functioning of the Platform;
1.3entities whose services the Controller uses in connection with ensuring the correct functioning of the Platform, for example: couriers and law firms.
2The Controller shall not transfer, sell or lend collected personal data to other persons or institutions, except with the express consent or at the request of the User or at the request of authorised state authorities for the purposes of their investigations.
§6
Duration of the processing of personal data
1The Controller will process your personal data for the period necessary to fulfil the purpose for which these personal data were collected, namely:
1.1if you enter into an agreement with the Controller - the Controller may process your personal data for the time necessary for the performance of the agreement and subsequently for other lawful purposes, for example: to secure possible claims during the period of limitation;
1.2where the legitimate interests of the Controller are pursued - until you object to the processing of your personal data;
1.3in the event of performance of a legal obligation incumbent on the Controller under generally applicable law - until such time as the Controller has fulfilled its obligations under the law;
1.4in the event of consent - as long as you have not withdrawn it.
2If you give your consent, the Controller shall be entitled to process your personal data even after the termination of the aforementioned agreement. The Controller will not process your personal data if you withdraw your previously given consent. The withdrawal of consent shall not affect the lawfulness of the processing of your personal data performed prior to the withdrawal of consent.
§7
Transfer of personal data outside of the EEA

Some of our service providers may store User data outside the European Economic Area. In such cases, Users' data may be stored in countries that provide an adequate level of protection for personal data, or in countries that do not provide such a level. In the latter case, the Controller secures Users' data by concluding agreements with Controller's service providers containing the so-called Standard Contractual Clauses approved by the European Commission, which provide a guarantee of adequate protection for Users' personal data in third countries, or uses other bases for the transfer of personal data. For more information in this regard, please contact us.

§8
User's rights
1The rights you have regarding the processing of your personal data:
1.1the right to access information regarding what personal data is processed by the Controller and to obtain a copy of that information;
1.2the right to rectify personal data where it is inaccurate or to supplement it where it is incomplete;
1.3the right to erase your personal data, if:
1.3.1when the personal data collected by the Controller is no longer needed by the Controller for the purposes of which you were informed;
1.3.2if you withdraw your consent to the processing of your personal data;
1.3.3insofar as the Controller is not entitled to process your data on any other legal basis;
1.3.4if personal data has been unlawfully processed;
1.3.5the need to erase personal data arises from a legal obligation of the Controller.
1.4the right to data portability, meaning the right to request that the Controller send your personal data to another entity;
1.5the right to restrict the processing of your personal data, if the correctness of your data is contested by you, the processing is unlawful or the Controller no longer needs certain personal data, or when an objection to the processing is raised, you can also request that for a certain, necessary period of time (for example to verify the correctness of your personal data or to assert claims) the Controller does not perform any operations on your personal data, but only stores them;
1.6the right to object where the Controller processes your personal data for purposes arising from legitimate interests including, but not limited to, conducting marketing activities. In such an event, the Controller will stop processing your personal data immediately after you have raised an effective objection;
1.7the right to withdraw your consent applies to all consents you have given for the processing of personal data.
2A request for the exercise of the User's rights can be made:
2.1in writing, by sending a letter to the address: Kox Company sp. z o. o., ul. Grzybowska 87, 00-844 Warsaw;
2.2by sending an e-mail to an electronic mail address: hello@getcore.app.
3The request specified in section 2 should indicate as precisely as possible what the request involves, in particular:
3.1which of the rights specified in §7 section 1 above the User is seeking to exercise;
3.2what personal data processing process is the subject of the request (for example: receipt of a newsletter);
3.3which purposes of the personal data processing the request regards (for example: analytical purposes).
4If the request made is expressed in such a manner that it is not possible to determine the substance of the request or for other reasons it is not possible to comply with the request, the Controller will request additional information from the User.
5The request will be answered within 1 month of its receipt by the Controller. If necessary, this period may be extended by a further two months if the complexity of the request or the number of requests so requires. In the event of such an extension, the Controller shall promptly notify the sender of the request.
6The response will be sent to the e-mail address from which the request was sent and, with regard to requests sent to the Controller's correspondence address, by post to the address indicated on the request, unless it is clear from the content of the letter that a response to the e-mail address is preferred and if such an e-mail address is specified in the request.
7You have the right to file a complaint to the President of the Data Protection Authority if you consider that the processing of your personal data is unlawful.
§9
Security of personal data
1The Controller conducts a risk analysis to ensure that personal data is processed in a secure manner, in particular ensuring that only authorised persons have access to the personal data and only to the extent necessary for the performance of the relevant purposes. The Controller shall ensure that all operations on personal data are recorded and performed only by authorised employees and associates.
2The Controller undertakes all necessary measures to ensure that the Controller's subcontractors and other contracted entities guarantee the application of adequate security measures whenever they process personal data on the Controller's behalf.
§10
Final remarks
1The Controller does not make any decision regarding Users based on automated processing, including profiling.
2This Privacy Policy may be updated. When it is, the effective date below will be changed. Any previous versions of the Privacy Policy will be available upon request.
§11
Last updated: 24 Feb 2024

Cookies Policy

§1
General remarks

This Cookies Policy is directed to Users and defines the use of cookies (the "Cookies") by the Controller.

Cookies are placed on the User's end device.

The Controller processes the information contained in Cookies, while as regards the collection of information on Users, only anonymous data is collected in an aggregated form, which does not include any personal data.

Cookies are informational data, including text files, which are stored on the User's end device. These files are intended for the use of the Platform and the Service. In general, they contain the name and address of the website they come from, a unique number and the duration of storage on the User's end device.

Detailed information on the options and methods of using Cookies is available in the settings of your Internet browser. The Controller hereby informs the User that it is possible to configure the Internet browser in a manner which prevents the storage of Cookies on the User's end device.

The Controller hereby informs that Cookies may be deleted by the User after they have been placed by the Controller, by means of the appropriate functions of the Internet browser, programs designed for this purpose or by using the appropriate tools available within the operating system used by the User.

A banner is displayed to the User indicating the types of Cookies used by the Platform or the Service. The User consents to the storage of, and access to, Cookies by the Controller by continuing to use the Platform or the Website after such banner is displayed.

The Cookies are used for the following purposes:

a) to create statistics which help us to understand how Users use the Platform or Service, so that we can improve them;

b) noting and responding to potential errors (ensuring the correct functioning of the Platform or Service);

c) adapting the content of the Platform or the Service to the User's preferences and optimising the use of the Platform or the Service.

§2
Types of cookies
1The following Cookies are used on the Platform and on the Service:
1.1a) sesion Cookies, which are temporary files and are stored on the User's end device until the User leaves the Platform or Service or the software (web browser) is switched off,
1.2b) permanent Cookies, which are stored on the User's end device for the time specified in the parameters of the Cookies or until they are deleted by the User.
2The following types of cookies are used within this Platform or Service:
2.1a) "necessary" Cookies enabling the use of functions available on the Platform or the Service, for example: authentication Cookies used for services requiring authentication on the Platform or the Service;
2.2b) Cookies for providing security, for example: Cookies used for detecting misuse of authentication on the Platform or the Service;
2.3c) "performance" Cookies, enabling the collection of information about the use of the Platform or the Service;
2.4d) "functional" Cookies, enabling "memorisation" of the User's chosen settings.
3The Controller hereby informs the User that it uses Google Analytics to collect and analyse aggregated information on the use of the Platform or the Service.
4In many instances, the web browser software (Internet browser) allows Cookies to be stored on the User's end device by default. Users may change their settings regarding Cookies at any time. These settings can be changed, in particular, in such a way as to: block the automatic handling of Cookies in the settings of the Internet browser, notify the User each time Cookies are placed on the User's device or delete Cookies previously placed on the User's device. Detailed information on the possibility and methods of using Cookies is available in the settings of your web browser.
5The Controller hereby informs that restrictions on the use of Cookies may affect certain functionalities available on the Platform or the Website.