PRIVACY POLICY OF THE KAIKAI WEBSITE
Controller – Cosmose sp. z o.o. with its registered office in Warsaw (00-697), ul. Aleje Jerozolimskie 61, entered into the Register of Business Entities by the District Court for the Capital City of Warsaw in Warsaw, XIII Commercial Division of the National Court Register, under KRS No. 0000500335, REGON: 147129607, NIP: 5252580755, with a share capital of PLN 11 000,00.
Personal Data – any information related to an identified or identifiable natural person who can be identified by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, including the IP of a device, location data, Internet identifier and information collected through cookies and other similar forms of technology.
Policy – this Privacy Policy.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC.
Site – an online service operated by the Controller at kaik.ai.
User – any natural person visiting the Site or using one or more of the services or functionalities described in the Policy.
In connection with the use of the Site by the User, the Controller will collect data within the scope necessary for the rendering of the specific services on offer and collect information about the User’s activities while using the Site. The detailed rules for and purposes of the processing of Personal Data collected during the use of the Site by the User are described below.
The Personal Data of all of the natural persons using the Site will be processed by the Controller:
for the rendering of services electronically in terms of providing Users with the content of the Site – in this case the legal basis for the processing of Personal Data is that such processing is necessary for the performance of contracts (Article 6(1)(b) of the GDPR);
for analytical and statistical purposes – in this case the legal basis for the processing of Personal Data is that the Controller is pursuing its legitimate interests (Article 6(1)(f) of the GDPR), i.e. conducting analyses of the activities of Users as well as their preferences to improve the applied functionalities and services rendered; and
for the establishment, if any, and pursuit of claims or defence against claims – in this case the legal basis for the processing of Personal Data is that the Controller is pursuing its legitimate interests (Article 6(1)(f) of the GDPR), which is the protection of its rights.
ACCESS TO THE SITE VIA LOCK SCREEN WALLPAPER
The User may access the Site by utilising a redirecting link leading to the Site via a lock screen wallpaper on the User’s device. In such a case, the Controller may receive and process Personal Data regarding how the User uses the lock screen services on his/her device. Such Personal Data may include collected channels to which the User has subscribed, the APP version, the language and region set for the User's device, the User's device model, the operational system version and resolution, and the encrypted device ID. Data can be used for analytical and statistical purposes, including improving the quality of the Controller's services. In this case, the legal basis for the processing of Personal Data is that the Controller is pursuing its legitimate interests (Article 6(1)(f) of the GDPR), i.e. conducting analyses of the activities of Users as well as their preferences in order to improve the applied functionalities and services rendered.
EMAIL CORRESPONDENCE
Personal Data that is shared by the User in email correspondence addressed to the Controller, including that shared by use of the “Contact us” function provided in the footer of the Site, is processed only for the purpose of communication and addressing the matter to which the correspondence relates.
The legal basis for the processing of Personal Data by the Controller for this purpose is that the Controller is pursuing its legitimate interests (Article 6(1)(f) of the GDPR) involving sending out replies to email correspondence received in connection with its business.
The Controller only processes Personal Data relevant to the matter to which the correspondence relates. The entire correspondence will be stored in a manner ensuring the security of Personal Data (and other information) contained therein, and such data will only be disclosed to authorised persons.
Cookies are small text files placed on a User’s device to store data that can be retrieved by the Site. The Controller uses cookies mostly for the purposes of delivering to the User services rendered electronically and to improve the quality of those services. Therefore, the Controller uses cookies to store information or obtain access to information that had already been stored in the User’s end-use telecommunication equipment (a computer, a telephone, a tablet, etc.). The use of cookies within the Site is not aimed at identification of the User.
REQUIRED COOKIES
The Controller’s use of strictly necessary cookies is required for the proper functioning of the Site. The cookies are used specifically for the purposes of documenting and recalling login sessions and for purposes related to setting privacy options. The User may set their browser so that it blocks or warns of the receipt of strictly necessary and functional cookies, but this action may result in the malfunction or reduced functionality of certain parts of the Site.
MARKETING COOKIES
Advertising cookies are used on the Site to tailor marketing to the User’s interests and to provide the User with more personalised service in the future. These cookies contain information regarding a User’s visits to the Site, and the Controller may share this information with third parties, such as advertisers. Advertising cookies may also be used by such third parties to build a profile of a User’s interests and to show relevant advertisements on other websites. If the User does not allow these cookies, they will experience less targeted advertising.
ANALYTICAL COOKIES
Analytical cookies allow for checking the number of visits and sources of traffic in the Service. They are helpful in determining which websites are more popular and which are less popular and understanding how Users navigate the Site. This allows the Controller to review statistics and improve the productivity of the Site. The information gathered by such cookies is aggregated and thus is not aimed at determining identity. If a User does not allow these cookies, the Controller will not include the User’s use of the Service or navigation of the Site in the aggregated information.
The Controller uses Google Analytics third-party cookies. These cookies capture user interactions on the Site (time of visit, previous visits, the website that recommended the Site, IP address, identifiers and descriptions of browsing devices, etc.). Google Analytics does not provide information about the user’s actual IP address. It only provides the Controller with statistical information consisting of: visits (unique visitors, number of pages viewed, pages viewed, average length of visit, bounce rate, percentage of new visits, new and returning visitors, frequency and recent visits, interactions, pages visited), demographic data (language, country or territory, city), system (browser, operating system, Internet access provider, device category), source and medium. For detailed information on the scope and rules of gathering data in connection with such service, please see: https://www.google.com/intl/pl/policies/privacy/partners.
Google is located in the United States, outside of the European Economic Area, so its data processing involves an international transfer of data to a country that does not have a level of protection comparable to the European one. According to information provided by Google, the company is a signatory to the EU-US Data Privacy Framework (DPF). Through this link you can access the details of the principles and obligations assumed by Google on the basis of its adherence to the DPF:
Cookies may be stored in a User’s browser cache for different lengths of time. Session-based cookies last only while the User’s browser is open, and are automatically deleted after closing the browser. Persistent cookies last until the User or the User’s browser deletes them, or until they expire.
No consent is required only with respect to cookies that are necessary for the rendering of any telecommunication service (data transmission for the presentation of content) – the User has no option to decline the use of such cookies if the User wishes to use the Site. The legal basis for the processing of data in connection with the use of required cookies is that such processing is necessary for the purposes of performing contracts (Article 6(1)((b) of the GDPR).
The use of any other cookies (e.g. analytical, marketing) requires the consent of the User (Article 6(1)((a) of the GDPR). The User has the right to withdraw consent at any time.
The User also has the option to change their browser settings. For detailed information regarding this subject, please click the link relevant to the browser being used:
Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka
Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
For a full overview of all cookies utilised on the Site, including names, types, durations and purposes visit our Cookie Index available at [https://kaik.ai/cookies].
The timeframe for processing Personal Data by the Controller depends on the purpose of such processing. In principle, Personal Data may be processed during the time of rendering services until the withdrawal of consent to the processing of Personal Data or the submission of an effective objection against the processing of Personal Data in cases where the legal basis for the processing of such data is the Controller pursuing its legitimate interests.
The timeframe for the processing of Personal Data may be extended if the processing is required to establish and to enforce any claims or to defend against any claims, and after such time, only in the event, and to the extent, that it is required by law. After the lapse of the timeframe for the processing of Personal Data, such data is irrevocably deleted or anonymised.
The Site contains links to other websites. The Controller has no influence over whether their operators comply with data privacy regulations. The Controller is unable to assume any liability for links to external third-party content.
A User has the right to access the data thereof and to demand the correction of the data, the deletion of the data, the restriction of the processing of the data, the right to transfer the data and the right to object against the processing of the data, as well as the right to lodge a complaint with a supervisory authority responsible for the protection of Personal Data.
To the extent that a User’s data is processed based on consent, such consent may be withdrawn at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent granted before its withdrawal.
A User has the right to object against the processing of their data for marketing purposes if the processing is done in connection with the legitimate interest of the Controller and – for reasons related to any special circumstances applicable to the User – in other cases when the legal basis for the processing is the legitimate interest of the Controller (e.g. in connection with achieving analytical and statistical objectives).
The User may contact the Controller by email at […]
In connection with the performance of services, Personal Data will be disclosed to external entities, including specifically to suppliers responsible for servicing IT systems.
The Controller reserves the right to disclose select information concerning a User to relevant authorities or third parties who request the disclosure of such information based on a legitimate legal basis and in accordance with applicable law.
The Controller carries out, on an ongoing basis, risk analyses to ensure that Personal Data is processed in a secure manner - ensuring, in particular, that only authorised persons have access to such data and only to the extent necessary for the performance of the Controller’s activities. The Controller ensures that all operations conducted in connection with Personal Data are recorded and performed only by authorised employees and contractors.
The Controller takes all necessary actions to ensure that its subcontractors and other cooperating entities also apply appropriate security measures whenever they process Personal Data on behalf of the Controller.
In case of any queries or comments on this Policy or the use of Personal Data, the User may contact Data Protection Officer at:
Data Protection Officer
Email address: [email protected]
We keep this Policy under regular review. This Policy will be verified on an as-needed basis and updated, if required.
The changes of this Policy will be posted on or through the KAIKAI website, https://kaik.ai/privacy-policy.
The existing version of this Policy was adopted on and has been in force since […].