We value your trust in providing Us your data, thus we are striving to use all commercially acceptable means of protecting it in accordance with the provisions of law, including regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation” or “GDPR”).
Below you will find the necessary information about personal data we collect and process when you:
use Our Services provided via:
- web page and software made available through the web page,
- application programming interface (API) made available for download.
- Contact Us in relation to the Services provided.
Controller of your personal data
If you are a Customer, employee, representative or contractor of the Customer the controller of your personal data for purposes related to ensuring proper operation of the Services and for purposes related to execution of the contract between the Customer and Us for using the Services is Grape Up Spółka z ograniczoną odpowiedzialnością with its seat in Krakow, Gabrieli Zapolskiej 44, 30-126 Kraków, Poland (“Grape Up”, “We”, “Our” or “Us”).
In all cases regarding your personal data you can contact Us:
- by regular mail – our address is Gabrieli Zapolskiej 44, 30-126 Kraków, Poland,
- by e-mail – firstname.lastname@example.org.
The purposes of the processing and legal basis
We will process your personal data that we collect from you when you are using Our Services in order to:
enter into and perform the contract between Us and the Customer, e.g. to ensure the possibility of using the Services, obtain and settle remuneration for the use of the Services:
- on the grounds of art. 6.1.b GDPR (due to the fact that processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract) – when you are our Customer,
- on the grounds of art. 6.1.f GDPR (due to the fact that processing is necessary for the purposes of the legitimate interests pursued by Grape Up) – in case you are an employee, representative or contractor of the Customer,
- contact you in all matters regarding e.g. the operation of the Services or other services provided by Grape Up that you might be interested in – on the grounds of art. 6.1.f GDPR (due to the fact that processing is necessary for the purposes of the legitimate interests pursued by Grape Up),
- improve the quality or security of our Services – on the grounds of art. 6.1.f GDPR (due to the fact that processing is necessary for the purposes of the legitimate interests pursued by Grape Up),
- exercise our claims or defend against claims, whether in court proceedings or in an administrative or out-of-court procedure – on the grounds of art. 6.1.f GDPR (due to the fact that processing is necessary for the purposes of the legitimate interests pursued by Grape Up),
- archive data, keep back-ups and perform other obligations imposed on Us in relation to processing of personal data – on the grounds of art. 6.1.c GDPR (due to the fact that processing is necessary for compliance with a legal obligation to which we are subject),
- provide you with marketing materials regarding other goods and services provided by Grape Up or third parties – on the ground of art. 6.1.a GDPR (in cases when you give Us your consent to such processing).
The scope of personal data being processed
Your following personal data will be processed for the purposes indicated above:
- identification data (first and last name, company name, company details),
- contact data (e-mail address, address of the company),
- data regarding the use of Our Services (quantity of requests sent, your Client ID, Our remuneration),
- other data that you decide to provide Us with when you contact Us (e.g. via contact form, e-mail or by phone or mail),
- each time you use Our Services: the IP address of the device you are using, information on how you use Our Services,
- metadata stored in the photos provided to Us in the course of using Our Services.
In addition, We inform you that Grape Up does not process your personal data required to make a payment (e.g. credit card details). When making a payment you transfer your data to an external entity performing a payment processing service, from which Grape Up only receives a confirmation that a payment for the use of the Services was made. This payment services provider is a separate data controller that processes your personal data on its own behalf and shares with Us also such data as: the quantity of requests sent by you when using our Services, your Client ID, the data in invoices issued at the end of each subscription period).
Transfer of personal data
Your personal data may also be transferred only to our data processors that we cooperate with on the basis of a contract or other legal act or to other companies that are affiliated with Grape Up (i.e. parent company of Grape Up) on the grounds of Our legitimate interests as a data controller. If you are a Customer the data included in the accounting documents will also be transferred to tax authorities to which Grape Up is subject.
We use third party service providers delivering the following services:
- Stripe - payment services provided by Stripe Payments Europe, Ltd. (C/O A & L Goodbody, Ifsc, North Wall Quay Dublin D01 H104, Ireland).
- Vindecoder.eu – VIN number decoding system, provided by Vincario s.r.o. (Vlčí Vrch 433, 25721 Poříčí nad Sázavou, Czech Republic).
- Amazon Web Services - cloud infrastructure provided by Amazon Web Services EMEA SARL (38 Avenue John F. Kennedy, L-1855, Luxembourg).
- MailChimp - mailing services provided by The Rocket Science Group LLC d/b/a MailChimp (675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA). Due to the use of this subprocessor we may from time to time transfer your personal data to a country outside the European Economic Area (the USA). We have taken additional safeguards in order to keep an appropriate level of protection of your personal data, including choosing a subprocessor that applies sufficient security measures (described here: https://mailchimp.com/about/security/) and entered into a data processing agreement incorporating the Standard Contractual Clauses accepted by the EU Commission (the text of the DPA can be found here: https://mailchimp.com/legal/data-processing-addendum/) and describing also the rules of handling government data access requests.
The duration of processing of your personal data will be as follows:
- for the purposes of performance of the contract concluded by the Customer with Grape Up – for the duration of this contract and the time required by the regulations of law due to the obligation to keep accounting records, no longer than until the expiry of Grape Up tax limitation period,
- for using the demonstration version of the VIN Recognition – for the duration of the demonstration version and a reasonable period afterwards in order to contact you to ask if you are interested in a full version of Services,
- for archival purposes, as well as to execute or defend against claims – from the moment of collecting your data to the time that our legitimate interest exists and until the day you express your objection, for no longer than 6 years,
- for the purpose of contacting you e.g. in cases regarding the functioning of the Services – for the time necessary to contact you, or longer if we obtain a different legal basis, e.g. the obligation to resolve a complaint,
- when our processing activities are based on your consent (e.g. when you give us your consent for marketing activities) – for a period not longer that until you withdraw your consent,
- in other cases – not longer that the purpose of processing exists.
You have the right to:
- access your personal data, to receive copy of your personal data and to obtain the rectification of inaccurate data, deletion or restriction of processing,
- in case when the legal basis of processing your data is Our legitimate interest as a data controller you have the right to object to processing of your personal data,
- in case your personal data is processed on the basis of your consent you have the right to withdraw your consent at any time – this will not affect the lawfulness of processing based on consent before its withdrawal,
- in case your personal data is processed on the basis of the necessity to perform a contract or on the basis of your consent you have the right to receive the personal data concerning you, which you have provided to Us, in a structured, commonly used and machine- readable format and have the right to transmit those data to you or to another controller,
- lodge a complaint with a supervisory authority and to an effective judicial remedy.
In order to execute any of the abovementioned rights please contact Us in one of the ways indicated at the beginning of this document.
Providing your personal data may be obligatory – especially with regard to the data of the Customer required to issue invoices. Lack of provision of such data will result in not being able to conclude a contract with Grape Up.
- Our Services are provided via a website, which uses cookie files (text files saved on user´s device or in the web browser) and other similar technologies that identify a user in a way required to allow some operations (jointly referred to as “cookies”).
- The entity publishing cookie files on end device and gaining access to them is Grape Up Spółka z ograniczoną odpowiedzialnością with its seat in Krakow, Gabrieli Zapolskiej 44, 30-126 Kraków, Poland.
The following types of cookie files are used within Our Services:
- "necessary" cookie files that allow the use of services available within the Website, including session, security and functional cookies,
- analytical cookie files (cookies that allow collection of information on the use of our Services, collect statistics that inform on how user´s use the Services which allows e.g. improvement of our Services. These are our own cookies as well as technologies from third parties: Google Ireland Ltd. (including Google Analytics - https://support.google.com/analytics/answer/6004245) and HotJar Ltd (https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies),
- marketing cookie files (cookies that allow to personalize content for marketing purposes). These are third party cookies from: Facebook Ireland Inc. (including Facebook Pixel - https://pl-pl.facebook.com/privacy/explanation), LinkedIn Corp. (including LinkedIn Insight Tag - https://www.linkedin.com/legal/privacy-policy?_l=pl_PL), Hubspot Ireland Ltd. (including tracking code and cookies - https://legal.hubspot.com/cookie-policy).
In many cases software used to view websites (web browser) automatically allows storage of cookie files in user´s end device. Website users can change these settings at any time. These settings can be changed in particular to block automated acceptance of cookie files in web browser settings or to inform on each storage of cookie files on user´s device. Detailed information about the possibility to manage cookies in the most popular web browsers can be found below:
- Google Chrome – https://support.google.com/chrome/answer/95647?Every=GENIE.Platform%3DDesktop&hl=en
- Opera – https://help.opera.com/en/latest/web-preferences/#cookies
- Firefox – https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Apple Safari – https://support.apple.com/en-us/guide/safari/manage-cookies-and-website-data-sfri11471/mac
- Windows Internet Explorer – https://support.microsoft.com/fil-ph/help/17442/windows-internet-explorer-delete-manage-cookies
- Please take note that disabling some of the cookies (in particular the “necessary” ones) may result in also disabling certain functionality and features of of our Services and render them impossible to be provided.
Below you can obtain additional information about options to manage cookies and how they collect, store and further process your data:
- You have the option of disabling the transfer of your data for analytical and statistical purposes using Google Analytics. To do this, you can install the browser extension in accordance with the instructions at this address: https://support.google.com/analytics/answer/181881?hl=en.
- If you are looking to not be tracked by Hotjar or any site that uses Hotjar, you may do so by following the steps on this page: https://www.hotjar.com/privacy/do-not-track/.
- You can manage your privacy settings regarding the LinkedIn Insight Tag here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out?trk=microsites-frontend_legal_cookie-policy.
- You can remove HubSpot's tracking cookies from your browser on this page: https://legal.hubspot.com/cookie-policy#remove-cookies.
- In addition, most advertising networks offer you a way to opt out of targeted advertising. If you would like to do so you may opt out by clicking here: http://www.youronlinechoices.eu/.