By using our services you entrust us with your personal data. We would like to assure you that we feel responsible for it and respect your privacy, therefore we make every effort to ensure its security. By reading the following text you will learn the principles according to which we process personal data.

This Privacy Policy applies to the operation of the mobile application on the Android, iOS platforms. The terms used in this Privacy Policy shall have the meanings given to them in the Terms and Conditions of the ESG ASSURED mobile application.

In all matters relating to our processing of your personal data, you can contact the Application Administrator. The preferred form of contact is electronic correspondence addressed to the e-mail address: info@esgassured.com

§1 General provisions

1. This Privacy Policy (hereinafter referred to as the “Privacy Policy”) sets out howGrywit collects, processes and stores personal data necessary for the performanceof the services provided through the mobile application (hereinafter referred to as the”Application”).

2. The Application is administered by Anna Jankowiak conducting business under thename GRYWIT Anna Jankowiak, with its registered office in Gdańsk, address: ul.Sopocka 7, 80-299 Gdańsk, holding NIP: 5932269424, REGON: 364500350.

3. On the basis of the personal data processing entrustment agreement concluded withthe Organiser, the Application Administrator acts as a processor within the meaningof Article 4(8) of Regulation (EU) 2016/679 of the European Parliament and of theCouncil of 27 April 2016 on the protection of natural persons in relation to theprocessing of personal data and on the free movement of such data and repealingDirective 95/46/EC (hereinafter: “RODO”), which means that it collects andprocesses personal data on behalf of the Organiser.

4. You acknowledge that it is the Organiser who acts as the Controller of your personaldata within the meaning of Article 4(7) of the RODO.

5. The application is available only and exclusively to persons who have a personalisedactivation link for logging in and whose e-mail address is entered by the Organiser tothe database of authorised Users’ imports.

6. A User is any natural person using the services provided through the Application on amobile device.

7. The User acknowledges that the provision of personal data by him/her is voluntary.The provision of personal data by the User to the Application Administrator shall takeplace upon acceptance of the Privacy Policy, as well as upon expressing consent tothe processing of personal data, which shall take place by clicking the appropriatecheckbox. This consent is, pursuant to Article 6(1)(a) of the RODO, the legal basisfor the processing of personal data by the Organiser and the ApplicationAdministrator.

8. For the purposes referred to in section 7, and in order to ensure that the Grywit appworks correctly on Android and iOS devices, you must agree to use the app afterinstallation:

a. Data storage (in device memory) – for installing applications on the device;
b. Access phone data – e.g. to send files to perform tasks;
c. Photo gallery – for the purpose of carrying out tasks;
d. A telephone camera – for the purpose of carrying out tasks.
e. Access to localisation – for the distance counting in sport tasks.

10. the server is administered using SSH (Secure Shell)

11. The Grywit mobile application does not process cookies.

12. By clicking the relevant checkboxes during registration, the User will be deemed to have accepted the rules contained in the Privacy Policy and the Terms of Use.

§2 Data collected automatically

1. The Application Administrator does not collect personal data without the User’s consent, but only data concerning the use of the Application. The collection of this data takes place automatically (“automatic data”).

2. Automated data include:-the name of the device on which the User is using the ESG ASSURED mobile application,-device identifier in the ESG ASSURED system

3. Data collected automatically does not allow for unique identification of the User.

4. The data collected automatically may be used by the Application Administrator to improve the quality of the service provided, in particular in the event of an error in the Application. In the situation described above, the data collected automatically will relate to the error of the Application, including the state of the User’s mobile device at the time the error occurred, the identification of the User’s mobile device.

5. It is not possible to change or delete automatically collected data.

§3 Collection of personal data

1. When using the Application, the Application Administrator may request personal datafrom the User in order to perform the services provided by the Administrator throughthe Application

2. The User’s personal data collected in the manner specified in paragraph 1 abovemay include, but is not limited to: e-mail address, name and surname, organisationalaffiliation, login, password, images and photographs, likeness, video and localisation.

3. The user decides for himself to what extent he provides data via the Application.There are no consequences for not providing such data.

§4 Further processors

The User’s personal data collected will only be processed by the Application Administrator in order to provide the service selected by the Organiser. The following subcontractors of the Application Administrator are an exception:

1) Artnet Sp. z o. o. with its registered office in Gdańsk, ul. Marynarki Polskiej 100, 80-557 Gdańsk, KRS 0000164315, NIP 5832050407 in the scope of data storage in afully automated manner on a physical server in Artnet Data Centre located at ul.Marynarki Polskiej 100 in Gdańsk;

2) HOME.PL S.A. with its registered office in Szczecin, ul. Zbożowa 4, 70-653 Szczecin,KRS 0000431335, NIP 8522103252 for sending activation links. HOME.PL S.A. usesadministrative, technical and physical safeguards to protect personal data providedby users against accidental, unlawful or unauthorised destruction, loss, alteration,disclosure, use or access. Integrated Quality and Information Security ManagementSystems have been introduced throughout the home.pl Group: ISO/IEC 27001:2013,ISO 9001:2013 Personal data processing place: Szczecin.

§5 Data processing by Google Play Store, Apple App Store

Additionally, the Administrator informs that this Privacy Policy is only supplementary in nature to the privacy policies of Google Play Store, Apple App Store, through which the Users download the Grywit application. The Administrator shall not be held liable in any manner whatsoever for the privacy policies applied by the entities managing Google Play Store and Apple App Store applications and for their compliance with the provisions of commonly applicable laws.

§6 Rights and obligations of the Application Administrator

1. The Application Administrator undertakes to process the User’s personal data inaccordance with:
1) the provisions of the personal data processing entrustment agreementconcluded between the Application Administrator and the Organiser;
2) instructions of the Organiser;
3) legal provisions, in particular the RODO and the Act of 10 May 2018 on theprotection of personal data;
4) provisions of the Act on Providing Services by Electronic Means of 18 July2002.

2. The Application Administrator guarantees the provision of appropriate technical andorganisational measures to ensure the security of the personal data processed, inparticular to prevent access by unauthorised third parties or their processing inbreach of the provisions of the generally applicable law, to prevent the loss, damageor destruction of personal data.

3. The User’s personal data will be stored for as long as necessary for the ApplicationAdministrator to perform the services provided through the Application, but notbeyond the termination of the cooperation with the Organiser.

§7 Rights and obligations of the User

1. You have the right to access your personal data through the Application.

2. The User may at any time withdraw consent, modify, amend, rectify, complete, restrict, transfer or delete the personal data provided, through the tools available in the Application or by contacting info@esgassured.com

3. The User may object to further processing of personal data. The Application Administrator shall comply with such requests if it is in accordance with generally accepted legal provisions and after the Organiser has given its consent.

4. If the User permanently deletes personal data necessary for the Administrator to perform the services provided through the Application, the User will lose the possibility to use these services.

5. You may also at any time obtain from the Application Administrator a record of your personal data during processing, including information about that processing.

6. The Application Administrator reserves the right to make changes to the Privacy Policy and will inform you of these changes via the Application. If the User does not agree to the changes, he/she must permanently delete the Application from his/her mobile device.

In order to exercise the above rights, you must contact us by sending an email to info@esgassured.com. A request to exercise any of the above rights will be forwarded by the Application Administrator to the Organiser for determination. The Application Administrator will immediately inform you of the Organiser’s decision regarding the exercise of your rights.

If you send us the above-mentioned request from an e-mail address other than the one used to register the account, we may request additional information to verify the identity of the person making the request.

If you consider that the way we process your personal data violates applicable laws, you have the right to lodge a complaint with the President of the Office for Personal Data Protection.