The security and transparency of our service is very important to us. We clearly specify the terms and conditions of its operation and provide our actual address, telephone numbers and e-mail addresses.

The Privacy Policy is the place where you will find out who is the controller of your personal data, for what purpose, to what extent and for how long it will be processed. In addition, you will find out who we can share your data with and under what conditions, as well as what rights you have in relation to the processing of your data.

We have created this Privacy Policy so that you will find all the necessary information required by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, which becomes applicable on 25 May 2018. ("RODO").

Whenever we refer to data below, we mean the personal data you provide to us or that we obtain from other sources, such as your name, email address or telephone number.

 Who is the controller of my personal data?

The administrator of the personal data is HowSmart Sp.z.o.o with its registered office in Warsaw, ul.Gubinowska 4/77, 02-956 Warsaw, entered in the KRS register: 0000870772 , NIP:9512510878, REGON:387615546.

How can I contact you about matters relating to my personal data?

The processing of our customers' personal data is supervised by a Data Protection Officer appointed by us. You can contact him by e-mail at biuro@howsmart.pl  or in writing to the following address: Jarosław Koczyński, ul. Bryły 3 lok. 342, 02-685 Warsaw, mark: personal data protection.

In what situations do you process my personal data?

We process your personal data whenever you use our services, when you fill in a contact form or when you take part in competitions and promotional activities organised by us. We also process your personal data every time you contact us with an issue or complaint. We also process your personal data when we send you marketing information about us or our business partners.

Do I have to give you my details?

Your provision of data is voluntary.

What data do you process?

We process both data that you have provided to us yourself and data that we have processed ourselves (e.g. using cookies or other tools that we use) or that has been made available to us or entrusted to us by other data controllers, such as your bank, other payment providers, lending institutions or your payment recipient. We also process data provided to us by the device you use to access our services (cookies). We take care to process only the data that is necessary for the purpose for which we collect it (data minimisation).

For example:

1. If you complete the contact form, we process, among other things, the address data needed to contact you.
2. If you take part in the competitions we organise, we process, among other things, your contact details, address, name and in some cases your bank account number if you have won a cash prize.

For what purpose do you process my data?

We process your data primarily for the purpose necessary for the conclusion and performance of the contract and its execution, including the handling of complaints. If necessary, we may contact you on our own initiative regarding technical matters. The processing of some of your data is also necessary in order for us to comply with legal obligations, such as the obligation to store certain data for a certain period of time, to collect certain information for the purpose of verification and identification of the user, or to provide data to authorised authorities or entities, e.g. under the Payment Services Act, the Consumer Credit Act, the Anti-Money Laundering and Terrorist Financing Act, tax laws, the Accounting Act, the Act on the Handling of Complaints by Financial Market Operators and the Financial Ombudsman, the Act on Out-of-Court Settlement of Consumer Disputes or the Telecommunications Act. We also process your data for other legitimate purposes, including:

1. monitoring your activity on our sites (including by means of cookies and the tools we use),
2. profiling your interests and needs (also by means of cookies) in order to target only those services that may be of interest to you,
3. Direct marketing of our products or services - this allows us to keep you informed about our offerings,
4. the establishment, investigation and defence by us of possible claims arising from our activities,
5. to monitor, deter and detect possible fraud or abuse committed through the services we provide.

If you have given us your consent, we may send you our newsletter or contact you about new offers by phone, email or message to your mobile phone. When you take part in a competition or other promotional activity organised by us, we process your data on the basis of your consent for the purpose of organising the competition or promotion, selecting winners and awarding prizes. If we decide to process your data for a different purpose to the one we collected it for, we will inform you of this and ask for your consent where legally required.

On what legal basis do you process my data?

The legal basis for data processing is:

1. the conclusion and performance of the contract, or
2. your consent, or
3. the pursuit of the legitimate interests of the controller, or
4. to comply with our obligations under applicable legislation, depending on the type of service we provide, these include:
5. Act of 19.08.2011 on payment services
6. Act of 29.09.1994 on accounting
7. Law of 11.03.2004 on tax on goods and services
8. Act of 16.11.2000 on the prevention of money laundering and terrorist financing
9. Act of 29.08.1997. Banking law
10. Act of 12.05.2011 on consumer credit
11. Act of 18.07.2002 on the provision of electronic services
12. Act of 16.07.2014. Telecommunications Law
13. Act of 05.08.2015 on the handling of complaints by financial market entities and the financial ombudsman
14. Act of 23.09.2016 on out-of-court settlement of consumer disputes.

We process your data in accordance with applicable data protection legislation, including the RODO.

How long will you process my data?

We will process your data for as short a time as possible.

For individual cases, the processing times are as follows:

1. If we process your data on the basis of a contract/order without registering an account on the website, your data will only be used for the purpose of processing the order and will not be processed further.
2. If you have consented to processing for a specific purpose - e.g. registering an account on the website - we will process your personal data until you revoke your consent.
3. We will process data that we process in pursuit of a legitimate interest for as long as that interest lasts. In specific cases, which are the processing of data for direct marketing purposes, including profiling, we may process your data until you object.
4. We will process the data processed in order for us to comply with our obligations under applicable legislation for as long as such legislation requires.

Who will you share my data with?

As a general rule, we do not share your data with third parties or entities.

The exception to this rule is when:

1. you voluntarily consent to such sharing. Your consent may be revoked at any time.
2. The sharing is necessary for the performance of the contract/order. Recipients of your data may be:
3. Courier company - data required to fulfil the contract/order
4. Bank or other payment service provider - data necessary for the execution of the payment service,
5. Business and credit information bureaus - data required to obtain information

concerning creditworthiness,

4. Payment recipients - the data accompanying your payment order.
5. In specific cases, your data may be made available to entities entitled to do so on the basis of generally applicable legal provisions (e.g. law enforcement authorities, other payment service providers). Each request for access is carefully examined by us and the transfer of data only takes place if, as a result of this analysis, we determine that there is a valid and effective legal basis for requesting the disclosure of your data to these entities.

At the same time, you must be aware that we use external entities to carry out some tasks, e.g. shipping, provision of cryptocurrency or marketing services. In this case, we entrust your personal data to subcontractors for a specific purpose, while still remaining the controller of your data and responsible for its security.

We do not transfer your data to third countries.

Will my data be subjected to an automated decision-making process (including profiling)?

For some services, we use automated decision-making processes.

For payment services or other financing services (credit), we make decisions based on feedback from the service provider, e.g. if you use a fast payment service, we receive data from the service provider about your payment.

Automated decision-making, including profiling, takes place for online payment security reasons when providing payment services.

How do you protect my data?

We take full responsibility for the security of your data that we process.

We use appropriate technical and organisational security measures designed to ensure confidentiality, protection against unauthorised or unlawful processing and the accidental loss, destruction or damage of your data. We protect your data first and foremost by using state-of-the-art technology, complying not only with the applicable legislation, but also using additional measures to ensure the security of your data. The primary means of protection is the use of secure connections (e.g. SSL protocols), data encryption and the use of other technical, software or organisational solutions (e.g. restriction and control of access to data). We ensure that your data is only processed by authorised persons and entities.

What are my entitlements?

As you entrust us with your personal data, we have obligations to you which you have the right to enforce against us:

1. You have the right to obtain information from us as to whether we are processing your personal data, for what purpose we are processing it, what categories of your data we have, the categories of recipients of your data and our planned retention period for your data.
2. You always have the possibility to access the data we process, to rectify data that is incorrect or to complete incomplete data.
3. You have the possibility to request the deletion of the data processed by us. We will comply with your request without delay, unless we are obliged by law to continue processing your data, an obligation arises from the law that we have to comply with, or your personal data is not necessary for us to establish, assert or defend claims. We will delete your data when:
4. are no longer necessary for the purposes for which they were collected or otherwise processed,
5. we processed them on the basis of your consent, which you have withdrawn, and there is no other legal basis for processing,
6. you have objected to the processing of your data in pursuit of a legitimate interest of the controller, and at the same time there are no other circumstances that justify further processing,
7. personal data were processed unlawfully,
8. personal data must be deleted due to a legal obligation.
9. You can withdraw your consent for us to process your data at any time, as long as the basis for the processing is your consent. The processing of your data will therefore remain legal until you withdraw your consent.
10. You have the right to request us to restrict the processing of your data where:
11. you report that data processed by us is inaccurate; this is limited to the time allowed to verify the accuracy of the data;
12. there is no legal basis for the processing and you object to the definitive deletion

Your data;

3. we no longer need your data for the purposes for which we collected them, but you are

they are needed in order to defend their interests or assert their claims;

4. you have objected to the processing of your data; the restriction shall apply until

to ascertain whether there is no ground, overriding your objection, for the

processing.

6. You have the right to object to our processing of your data in pursuit of a legitimate interest of the controller.
7. We will immediately cease such processing unless there is a basis for

overriding the objection made.

2. Your objection will always be upheld in relation to the processing of data in

for direct marketing purposes, including profiling, to the extent that such profiling

is related to direct marketing.

7. Please be advised that as a result of you exercising the rights set out in paras. 3-6 above, it is possible that we may cease to provide you with certain services (in whole or in part) for the provision of which the processing of certain of your personal data is necessary.
8. You have the right to receive your personal data that you have provided to us in a machine-readable format and to have this data transferred to another controller. This applies to data processed by automated means:
9. which we process on the basis of your consent, or
10. which we process on the basis of a contract concluded with you.
11. If you believe that your rights have been violated, you have the possibility to lodge a complaint with the supervisory authority, i.e. the Inspector General for Personal Data or its successor, the President of the Office for the Protection of Personal Data.
12. You have the right not to be subjected to automated decision-making, including profiling, where such actions produce legal effects on you or otherwise materially affect you. However, we may use automated decision-making where such a decision:
13. is necessary for the conclusion or performance of the contract,
14. is permitted under separate legal provisions or
15. takes place after you have given your consent.
16. In the event that you are subjected to automated decision-making, including profiling, you have the right to obtain the intervention of our employee who will further verify your situation and the decision made, you can present us with your position or challenge the decision made.

What are cookies?

Cookies are IT data, in particular small text files, which are saved and stored on the device through which you use our websites.

How do you use cookies and similar technologies?

We use cookies and similar technologies to store information or access information that is stored on the device through which you use our services. The use of cookies allows us to tailor services to your individual preferences and to profile and monitor your activity on our services. The cookies we use are safe for your device and are free of viruses or unwanted software. Cookies contain the name of the domain from which they originate, the time they are stored on your device and the assigned value. In no case do these cookies allow any information to be retrieved from your device, only access to selected information.

What types of cookies are there?

1. We use different types of cookies - they vary in type and durability. We can divide these cookies by the length of time they are stored on your device into:
2. session cookies - are stored on your device and remain there until

the end of the browser session. The stored information is then permanently deleted from the

device memory.

2. persistent cookies - are stored on your device until you delete them or

expiry. Ending your browser session will therefore not remove them from your

devices.

2. We can also divide the cookies we use by origin into:
3. own cookies - are placed on the services directly by us;
4. external cookies - placed on the sites by external parties whose

page components were called up by us (e.g. Google Analytics )

For what purpose do you use cookie technology?

We use cookies for the following purposes, among others:

1. the configuration of the sites, including adapting their content or functionality to your preferences and optimising their operation,
2. Authentication of the Users of our services in order to maintain the session after logging in - it allows to move between subpages of the services without the necessity of logging in each time,
3. the creation of anonymous statistics that allow us to analyse how our websites are used - this enables us to work on improving their structure and content,
4. to obtain information about the source from which a person accessed our site (e.g. a banner ad displayed on a third party site),
5. adaptation of the advertisements presented through the services,
6. ensure the security and reliability of the services.

How can I manage my consent to your use of cookies?

The use of cookies for the purpose of storing information or gaining access to information stored on your device is only possible if you have given your prior consent to do so, unless storing or accessing the information is necessary for the provision of the telecommunications service or electronically supplied service you have requested, in which case your consent is not required.

1. You can give your consent through the settings of the software you use to use the services, e.g. through the settings of the web browser you use or the software settings of the device you use.
2. You may withhold your consent or revoke it at any time by changing the relevant settings of your browser or the software installed on the device you are using.
3. In many cases, the software that enables you to use our websites (primarily web browsers) allows the handling and storage of cookies on your device by default. We therefore recommend that you check your settings and, if necessary, make changes in line with your privacy preferences. Please note that you have the possibility to change your settings in such a way as to block the automatic handling of cookies.
4. If you agree that the settings of the software you are using allow cookies, this is equivalent to your consent for us to use them in accordance with the principles described in this Privacy Policy. We will then be entitled to use cookies and similar technologies to store information or access information stored on your device.
5. If you choose to disable cookies, you may have difficulty using some of the functionality of our websites.

When providing telecommunications or electronically delivered services, we may also install software on your device or use this software. However, we will inform you before installing it and ask for your consent to install and use it.