Application Privacy Policy

1. Who we are and how to find us

Our name is LiveKid Software sp. z o.o. based in Krakow, we identify ourselves with the numbers: NIP: 6772450290 and REGON:385372520 and we are the administrator of your personal data. Our office is located in Kraków at ul. Krakusa 11 (30-535 Kraków). You can also contact us by e-mail at: hello@livekid.com or by phone at +48 727 935 248.

2. How and why we process your personal data

We process your personal data in connection with your use of our LiveKid application. If you would like to find out more about how it works, please see the Terms and Conditions.

If you are our client (i.e. an operator of a childcare facility), we process your personal data in order to perform a contract with you and for the purposes of fulfilling our accounting, tax and consumer law obligations.

The legal basis for the processing of your personal data is therefore Article 6(1)(b) of the GDPR (processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract), and Article 6(1)(c) of the GDPR (processing is necessary to comply with a legal obligation incumbent on the controller).

In addition, the legal basis for our processing of your personal data is Article 6(1)(f) GDPR (processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child). This legitimate interest is to ensure that we are able to prove, in the event of a dispute with you, the content of the contract between us and that we have performed it properly.

With your separate consent, we may also process your personal data for marketing purposes (i.e. to invite you by email to take advantage of promotions organised and to send you other marketing information). The legal basis for processing your personal data for these purposes is therefore Article 6(1)(a) of the GDPR (the data subject has consented to the processing of their personal data for one or more specified purposes).

If you are an employee of our client (i.e. an educator) we process your personal data because otherwise we would not be able to perform the contract between us and your employer (the purpose is therefore only to cooperate with your employer).

Such processing is necessary for purposes deriving from the legitimate interests pursued by the controller (Article 6(1)(f) of the GDPR). I hope you will not consider our actions as infringing your rights and freedoms. We make every effort to process only the personal data we need, preferably placed in the application by you directly.

If you are a parent or guardian (i.e. a user of our app who uses it because your child or ward attends a facility that uses our app), we process your personal data in order to perform a contract with you (after all, using our app is nothing more than using the services we provide electronically, such as the service of accessing the content of our app) and under consumer legislation.

The legal basis for the processing of your personal data is therefore Article 6(1)(b) of the GDPR (processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract) and Article 6(1)(c) of the GDPR (processing is necessary for compliance with a legal obligation incumbent on the controller).

In addition, the legal basis for our processing of your personal data is Article 6(1)(f) GDPR (processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child). This legitimate interest is to ensure that we are able to prove, in the event of a dispute with you, the content of the contract between us and that we have performed it properly.

With your separate consent, we may also process your personal data for marketing purposes (i.e. to invite you by email to take advantage of promotions organised and to send you other marketing information). The legal basis for processing your personal data for these purposes is therefore Article 6(1)(a) of the GDPR (the data subject has given consent to the processing of his/her personal data for one or more specified purposes).

In addition, we process the data of each user characterising his/her use of our application (this is so-called usage data). This processing includes the automatic reading of a unique identifier identifying the telecommunications network termination point or the ICT system you are using (i.e. your IP address), as well as the date and time of the server, information about the technical parameters of the software and the device you are using (e.g. whether you are using the application via a laptop or a phone), as well as the location from which you connect to our server. We may use this information for statistical purposes and to improve the operation of the application. The data stored in the server logs are not associated with specific users of the application. The server logs constitute only auxiliary material for the administration of the application.

The legal basis for the operation of exploitation data processing is Article 6(1)(f) GDPR (the processing is necessary for the purposes of the legitimate interests pursued by the controller). This legitimate interest is to enable the diagnosis of application errors and to improve its quality.

We also use cookies in our application. Cookies are small text information stored on your terminal device (e.g. computer, tablet, smartphone) that can be read by our ICT system.

Cookies allow us to:
     •     ensure proper functioning of the application,
     •     improve the speed and safety of using the application,
     •     use analytical tools.

Here, too, the legal basis for our action is Article 6(1)(f) GDPR (processing is necessary for the purposes arising from the legitimate interests pursued by the controller). This legitimate interest is the better performance of the application.

Consent to cookies. When registering in our application, you are shown information on the use of cookies. Accepting and closing this information means that you consent to the use of cookies in accordance with the provisions of this privacy policy. You can always withdraw your consent by deleting cookies and changing the cookies settings on your device. Remember, however, that disabling cookies may cause difficulties in using the application.

Cookies can be divided into own and third party cookies.

Own cookies - we use them to improve the operation of the application.

Third party cookies. Our application, like many others, uses functions provided by third parties, which involves the use of cookies from third parties. The use of such cookies in our application is as follows:

Analytics and statistics. We use cookies to track application statistics, such as the number of users, the type of operating system and web browser used to use the application, the time spent in the application, etc.

3. What personal data we process

We will always endeavour to process only the person's data that is necessary and to the minimum extent, whereby we may process the following personal data about you:

A. if you are a client of ours (a childcare provider)::
1. first name and surname,

2. business name of the entrepreneur,

3. login,

4. phone number,

5. email address,

6. business address,

7. unique identification number of the web browser,

8. in the case of issuing a VAT invoice - additionally - data necessary for issuing the invoice, and sometimes also: data related to exercising your rights from the complaint about services provided electronically.
B. if you are an employee of our client (i.e. an educator):
1) first name and surname, 

2) login, 

3) email address, 

4) phone number.
C. if you are a parent or guardian (i.e. a user of our app, using it because your child or ward attends an establishment that uses our app):
5) your and your child's name,

6) login,

7) e-mail address,

8) gender (parent and child),

9) phone number

10) PESEL number of children attending the institution

11) address of residence of the parent and child
We also process the following personal data of all users of the application:
1. IP address,

2. server date and time,

3. location of the terminal device from which the user connects to the application,

4. technical parameters of the device and software used by the user.

4. To whom we disclose your personal data

To the extent required, we disclose your personal data to governmental authorities entitled to do so by law (such as tax authorities).

Your personal data is processed in an IT system, some of which is located in the so-called public computing cloud provided by third parties. We have guaranteed in our contracts with these entities that they will not be transferred to so-called third countries (outside the European Economic Area), where the GDPR does not apply.

You also need to know that in our business we use the support of specialised third parties who may or must have access to some of your data - these are entities that provide services for us in the field of:

− accounting services,

− IT system support,

− Internet payment processing,

− information about insolvent debtors (e.g. KRD, BIG).

In the relevant contracts with these entities, we have ensured that your data entrusted to them is to be protected in accordance with GDPR and will not be transferred to third countries.

5. How long we will process

Your personal data If you are our customer, we will process your personal data only for as long as it is necessary for tax purposes, i.e. - in accordance with the currently applicable provisions of Polish law - for five years after the tax obligation arises. You are probably well aware that five tax years can mean six, and sometimes almost seven, calendar years.

If we cooperate with you on a regular basis (e.g. by maintaining an account for you in the application), we will, of course, process your data necessary for this purpose for the entire period of cooperation, i.e. maintenance of the account in the application.

Also, if you have any legal or contractual rights (e.g. due to complaints), we must process your personal data for the entire period of their duration in order to be able to provide you with assistance in this regard if necessary.

The processing of your data based on consent, as a legal prerequisite, continues until you withdraw your consent.

6. How we enable you

Your rights We make every effort to ensure that you are happy with your relationship with us. However, please be aware that you have a number of rights which will allow you to influence how we process your personal data and in some cases cause us to stop such processing. These rights are:

• the right of access to your personal data (governed by Article 15 of the GDPR)

Article 15 - Right of access for the data subject

1. The data subject shall be entitled to obtain from the controller confirmation as to whether or not personal data relating to him or her are being processed and, if this is the case, shall be entitled to obtain access to them and the following information:
a) the purposes of the processing;

b) the categories of personal data concerned;

c) information on the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

d) where possible, the intended period of storage of the personal data and, where this is not possible, the criteria for determining this period;

e) information on the right to request from the controller rectification, erasure or restriction of processing of personal data concerning the data subject and to object to such processing

f) information about the right to lodge a complaint with a supervisory authority;

g) if the personal data have not been collected from the data subject, any available information about their source;

h) information on automated decision-making, including profiling as referred to in Article 22(1) and (4), and, at least in those cases, relevant information on the modalities of such decision-making, as well as on the significance and the envisaged consequences of such processing for the data subject.
2. Where personal data are transferred to a third country or an international organisation, the data subject shall have the right to be informed of the appropriate safeguards referred to in Article 46 relating to the transfer.

3. The controller shall provide the data subject with a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. If the data subject requests a copy by electronic means and does not indicate otherwise, the information shall be provided by commonly used electronic means.

4. The right to obtain the copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

• The right to data rectification (as regulated by Article 16 of the GDPR)

Article 16 - Right of rectification

The data subject shall have the right to request the controller to rectify without delay personal data concerning him or her which are inaccurate. Having regard to the purposes of the processing, the data subject shall have the right to request the completion of incomplete personal data, including by means of an additional statement.

• The right to erasure of data (pursuant to Article 17 of GDPR)

Article 17 - Right to erasure ("right to be forgotten")

1. The data subject shall have the right to request from the controller the immediate erasure of personal data concerning him/her, and the controller shall be obliged to erase the personal data without undue delay if one of the following circumstances applies:
a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

b) the data subject has withdrawn the consent on which the processing is based pursuant to Article 6(1)(a) or Article 9(2)(a), and there is no other legal basis for the processing;

c) the data subject objects pursuant to Article 21(1) to the processing and there are no overriding legitimate grounds for the processing or the data subject objects pursuant to Article 21(2) to the processing;

d) the personal data have been unlawfully processed;

e) the personal data must be erased in order to comply with a legal obligation provided for by Union law or the law of a Member State to which the controller is subject;

f) the personal data were collected in relation to the offering of information society services referred to in Article 8(1).
2. Where a controller has made personal data public and is under an obligation under paragraph (1) to erase that personal data, the controller shall, taking into account the technology available and the cost of implementation, take reasonable steps, including technical measures, to inform controllers processing that personal data that the data subject requests those controllers to erase any links to, or copies or replications of, that personal data.

3. Paragraphs 1 and 2 shall not apply, to the extent that the processing is necessary:
a) to exercise the right to freedom of expression and information;

b) for compliance with a legal obligation requiring the processing under Union law or the law of a Member State to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

c) on grounds of public interest in the field of public health in accordance with Article 9(2)(h) and (i) and Article 9(3)

d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), in so far as the right referred to in paragraph 1 is likely to prevent or seriously hamper the purposes of such processing; or

e) for the establishment, exercise or defence of claims.
• the right to restrict processing (regulated in Article 18 GDPR)

Article 18 - Right to restrict processing

1. The data subject shall have the right to request the controller to restrict processing in the following cases:
a) the data subject challenges the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the data;

b) the processing is unlawful and the data subject opposes the erasure of the personal data, requesting instead that the processing be restricted

c) the controller no longer needs the personal data for the purposes of the processing, but they are needed by the data subject for the establishment, exercise or defence of claims

d) the data subject has raised an objection under Article 21(1) to the processing, until such time as it is established whether the legitimate grounds on the part of the controller override the grounds of the data subject's objection.
2. Where processing has been restricted pursuant to paragraph 1, such personal data may, with the exception of storage, only be processed with the consent of the data subject or for the purposes of establishing, pursuing or defending claims or for the protection of the rights of another natural or legal person or for important grounds of public interest of the Union or of a Member State.

3. Before lifting a restriction on processing, the controller shall inform the data subject who requested the restriction under paragraph 1.

• Right to object to the processing (regulated in Article 21 GDPR)

Article 21 - Right to object

1. The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her based on Article 6(1)(e) or (f), including profiling pursuant to those provisions. The controller shall no longer be permitted to process those personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims.

2. Where personal data are processed for the purposes of direct marketing, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, including profiling, insofar as the processing is related to such direct marketing.

3. If the data subject objects to processing for direct marketing purposes, the personal data may no longer be processed for such purposes.

4. At the latest on the occasion of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly informed and shall be presented clearly and separately from any other information.

5. In relation to the use of information society services and without prejudice to Directive 2002/58/EC, the data subject may exercise the right to object by automated means using technical specifications.

6. Where personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1), the data subject shall have the right to object - on grounds relating to his or her particular situation - to the processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out in the public interest.

• the right to data portability (regulated in Article 20 GDPR)

Article 20 - Right to data portability

1. The data subject shall have the right to receive, in a structured, commonly used and machine-readable format, the personal data concerning him or her which he or she has provided to the controller, and shall have the right to transmit that personal data to another controller without hindrance from the controller to whom the personal data was provided, if:
a) processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b); and

b) processing is carried out by automated means.
2. In exercising the right to data portability under paragraph 1, the data subject shall have the right to require that the personal data be sent by the controller directly to another controller insofar as this is technically possible.

3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. This right shall not apply to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

To exercise any of the rights described, please contact us by e-mail at hello@livekid.com. You can also contact us for this purpose by phone at +48 727 935 248.

7. Complaint to the supervisory authority

Pursuant to Article 77 of the GDPR , you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place where the alleged infringement occurred, if you believe that the processing of personal data concerning you infringes the provisions of the GDPR . In Poland, the supervisory authority is the President of the Office for Personal Data Protection - you can lodge a complaint, inter alia, by post to Stawki 2 Street, 00-913 Warsaw or by e-mail to kancelaria@uodo.gov.pl, you can also obtain more detailed information (including current telephone numbers) on the website: https://uodo.gov.pl/

8. Is the provision of data necessary to conclude a contract with us

We collect your personal data primarily to the extent necessary for the conclusion and performance of the contract. Part of the data is also necessary for us to fulfil our legal obligations (tax regulations, accounting regulations, pro-consumer obligations). Failure to provide your personal data will unfortunately prevent the conclusion and execution of the contract.

9. Where we got your personal data from

We obtain your personal data exclusively from you. We collect usage data and data relating to the use of cookies by automated means.

10. Automated processing and profiling

Exploitation data and data related to the use of cookies are processed by automated means and subjected to profiling in the sense adopted by the GDPR . In contrast, other personal data are not processed in this way.
Jarek, Izabela, Maria, Mateusz, Sonia