Privacy Policy of NMI ERP

Basic data, contact and terms used

In the following document entitled: "Privacy Policy", introduced on the websites of NMI ERP Sp. z o.o. (hereinafter referred to as the Organisation or NMI ER) with its registered office in Kraków at st. Karmelicka 14/5, registered in the Register of Entrepreneurs of the National Court Register by the District Court for Kraków Śródmieście in Kraków, XI Economic Division of the National Court Register under KRS number 0000862154, presents the manner of collecting and processing of personal data of Visitors to the websites available in the domain nmierp.pl together with its subdomains and mobile applications using elements and services placed in the domain.

The Policy also addresses topics related to the privacy and data protection of visitors to the Organisation's official social media profiles more broadly described in the section on "Social media".

Contact with NMI ERP Sp. z o.o. in matters concerning data confidentiality, privacy or issues related to personal data protection is possible in writing - through correspondence address, the same as the registered address, i.e.: NMI ERP Sp. z o.o. ul. Karmelicka 14/5, 31-128 Kraków, electronically by mail privacy@nmierp.pl or by telephone at +48 882 434 229.

Visitor - an individual who visits the nmierp.pl website. A visitor may be anonymous to NMIERP when the identity is not identifiable, due to the impossibility of correlating them with data that can be attributed to a person. A visitor ceases to be anonymous when he or she provides personally identifying information or when an indirect possibility arises - e.g. a person makes contact through the mechanisms available on the website, which will collect personally identifying information without involving additional resources.

Cookies - small files used to store handy information that accompanies the use of the website. Cookies are sent by the websites you visit and stored on the end device used to connect. Cookies may be linked to the nmierp.pl domain or may originate from providers of external content and elements used on the websites - so-called third-party cookies. For more information on the privacy policy in the context of cookies, please see the section on "Cookies and other tracking mechanisms".

Identifiers - information used to recognise the sequence and context of visits, allocated by other websites on the network and used to inform external providers of the activities carried out by visitors to the website. This technology works without the use of cookies and is based on the assignment of unique keys to data sets containing browser and connection data, operating system parameters and version, browser type and version, screen resolutions used or device type. Taken together, these data create a fairly unique device identifier that can be used to roughly identify the identity of visitors.

Provider - A third-party entity providing additional services to NMI ERP, linked to the website in the domain nmierp.pl, performing additional services for NMI ERP. Providers provide an interface to their platforms with tools to collect and analyse data on website traffic, the effectiveness of positioning or the effectiveness of marketing activities. The tools used help to understand how visits to the website are made and what the visitor's behaviour is. Typical functions performed by marketing measurement solution providers also include tools for the creation of reports and data visualisation to help understand the information collected and make further marketing decisions.

EEA - European Economic Area - a free trade and common market area comprising the countries of the European Union and the European Free Trade Association (EFTA), with the exception of Switzerland.

GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.

Data protection

NMI ERP is the Controller of Personal Data in relation to information that identifies or allows the identification of visitors to the nmierp.pl website, and is the joint Controller of personal data of social media users interacting with content posted on NMI ERP social media profiles or providing links there to content posted on the nmierp.pl website.

NMI ERP collects and processes personal data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, together with related national legislation, including:

The personal data entered in the forms of the Website shall be stored for no longer than is necessary for the purposes for which it was collected, but no less than 30 days and no more than 60 days, unless a longer storage period is permitted by applicable law, such as in the case of preserving evidence for ongoing proceedings or the need to assert claims. By default, connection data is deleted three months after it has been stored in accordance with NMI ERP's data retention policies.

The information contained in cookies is stored for 30 days as standard, while the Identifiers created on the server side are created based on each connection characteristic and may be stored by external Providers in accordance with their regulations. Exceptions and details are described in the section entitled: "Cookies and other tracking mechanisms".

Individuals whose data is processed by NMI ERP have the right to request access to their personal data, i.e. to obtain confirmation from NMI ERP as to whether it is processing personal data and the right to obtain access to such data (including a copy thereof).

Within the framework of the rights under Article 15 GDPR, requests may include data on the categories of data processed, their purposes and the indication of the recipients or categories of recipients.

Individuals also have the right to lodge a complaint with the supervisory authority, i.e. the Office for Personal Data Protection (st. Stawki 2, 00-193 Warsaw).

Any person may request information about the use and extent of automated decisions, including profiling and its consequences for their privacy.

Individuals have rights to request rectification, completion, erasure or forgetting of data.

The exercise of the right to erasure or to be forgotten is subject to a feasibility analysis and need not be binding when the processing of the data results from the NMI ERP' s obligations under the law or in the case of legitimate circumstances relating to rights to establish, assert or defend claims.

Acquisition of personal data

The NMI ERP indicates the following scenarios for possible forms of personal data acquisition:

  1. Information is provided voluntarily and directly by visitors when filling in electronic forms on the nmierp.pl website.
  2. Information obtained by the servers operating the nmierp.pl website, whether owned by NMIERP or by Providers supporting the process or providing content, elements and materials used on the website (e.g. fonts, footage or CSS scripts). The data obtained in this way relates to requests for the website address (the so-called URL), queries to name servers (DNS), date and time of the transmitted requests, device data (e.g. hardware model and type of operating system), browser type, data about the network and IP addresses from which the connection is made (directly and indirectly - so-called proxy).
  3. The information sent automatically is not used by NMI ERP in a way that would directly identify visitors, but it may allow identification by Providers who can, with a high degree of probability, identify individuals and, to a certain extent, monitor their online activity - through mechanisms such as Identifiers and cookies and the correlation of logins of individuals from the same device on social networks. NMI ERP relies only on aggregated statistical data provided by Providers in its analyses.
  4. As NMI ERP does not process data identifying specific individuals, but uses solutions available on the market whose Providers have this capability, by not consenting to the transmission of Identifiers or not accepting the use of third-party cookies, such correlations can be avoided or limited. Also, identity identification can be avoided or limited by setting available tracking blocking mechanisms in browsers and general settings for cookies from other providers.
  5. On the nmierp.pl website, there may also be elements related to NMI ERP's activities, which require the provision of certain information needed to specify the offer and to take action to implement the contract. Additional elements embedded on the website may come from external Providers, who use them to carry out the activities entrusted to them related to the provision of services by the Organisation.

Grounds for processing personal data

NMI ERP, as the Controller, collects personal data on the basis of several grounds, described below with a brief justification:

In order to be able to process any complaints and requests, and to answer questions, NMI ERP may process certain personal data provided in the contact forms. In that case, the legal basis is the conscious action of the person to provide the contact data - i.e. consent according to Article 6(1)(a) GDPR.

The Organisation may also process data necessary for the settlement of accounts, including: name, surname, possibly details of the company under which the business is conducted, address and registration details. The legal basis is the fulfilment of the Controller's legal obligation under Article 6(1)(c) of the GDPR.

The Controller may also process personal data on the basis of explicit consent (i.e. voluntary, specific, informed and unambiguous consent). In such cases, prior to the collection or processing of personal data, there will be a clear notice of the purpose and scope for which consent may be given. Any person giving consent has the right to withdraw it at any time. The mere use of certain contact forms is tantamount to giving consent for the Controller to respond to the messages received by replying or conducting further correspondence.

When using services delivered through social networks, individuals make their own decision to interact. These can be activities such as subscribing, commenting on content, tagging or further sharing.

Use of personal data

  1. The main purpose of NMI ERP as Data Controller for the collection of personal data is to enable persons to contact, communicate, provide offers and promote their services. These objectives are linked to the other forms - i.e. correspondence on business matters, enabling contact or social media activity.
  2. Certain information may be used to customise the nmierp.pl website, including interactive communications and other additional services such as operating app shops where NMI ERP offers its products. The website may also include optional forms to facilitate integrated telephone or service contact for selected services, surveys and questionnaires requesting additional information relevant to the purpose.
  3. The measurement data provided by Observers while browsing the pages of the Website may be used to design and create better solutions, to adapt the operation, to improve and to provide advice and assistance regarding the services we provide.
  4. Much of the data may be provided voluntarily, but failure to do so will make it impossible to provide (or continue to provide) the relevant products or services.
  5. The information collected on the basis of informed consents may be used by the Data Controller to build personalised marketing and advertising offers. This type of advertising can be carried out using visible elements on the website, on social networks or on popular search engines.
  6. Visitor information may be used by external parties such as Providers or social networks, which themselves may associate the context of NMI ERP with visitors to other contextually possible pages. Such activities, do not result in the processing of personal data directly by NMI ERP. The use of third-party services is implemented by accepting consents on the first (or subsequent after the removal of cookies) entry, where each visitor can specify whether they want the third-party Providers' mechanisms to be enabled. Rapid acceptance implies agreement to incorporate all Provider solutions. It is also possible to selectively choose them or exclude all external solutions.
  7. Some mechanisms from external Providers are essential to the operation of the website, so their exclusion is not available. The visitor can do this by changing the cookie acceptance settings in the browser or additional tools to block cookies and other resources from external Providers - but then the website may not function properly.
  8. Visitor data are not subject to profiling by NMI ERP (automated decision-making). Profiling is applied independently by Providers.

Social media

NMI ERP owns and operates company pages on a number of social media websites. They are respectively available at:

Individuals' data may be obtained indirectly from social networks, where the identity of individuals interacting with NMI ERP profiles may be disclosed. The applicable privacy policy of the respective social network is prepared by default, but each user of the social network can adapt it to their needs in their account parameters. Details setting out the rules for the use of data are available in the current policies, which can be read accordingly:

Some parts of the Website may include social media tools designed to allow the exchange of information between registered social media users and to facilitate the sharing of links to the content of the nmierp.pl website.

Such interactions are inextricably linked to the processing of visitors' personal data by social networks. Those responsible for a particular social network can confirm correlations between individuals and products or services through this route, selling them in anonymous form to advertisers.

The range of possible processing purposes on social media is driven by the way profiling and display advertising is managed. This may be based on individuals' consents or may be disabled through the use of paid accounts on selected platforms, which are intended to eliminate or limit advertising. NMI ERP uses social media adverts, but has no knowledge of which people the ad is displayed to - only the operator of the social media site in question has this information and NMI ERP has the adverts tailored according to accepted criteria, depending on the context of the campaign.

Cookies and other tracking mechanisms

The nmierp.pl website uses external solutions and libraries that can retrieve data from servers other than nmierp.pl This involves the transmission of the connection information to the relevant Provider, which can, for its own purposes, use the data to identify individuals.

NMI ERP has no knowledge of such activities, but cannot quite rule them out. With this in mind, references to external Provider services and elements are included below:

Transfers of data outside the European Economic Area

Some of the Providers ofthe solutions used by NMI ERPhave their headquarters and part of their technical infrastructure outside the European Economic Area . NMI ERP selects such third-partyproviders that guarantee a level of privacy protection not lower than that applicable in the EEA and based on the provisions of the standard contractual clauses adopted by the Commission (EU) allowing for the exchange of data between the EU and the US under the EU-US Data Privacy Framework adopted on 10 July 2023 by the European Commission:

https://www.dataprivacyframework.gov/s/participant-search

Personal data sent directly to the nmierp.pl server is not transferred outside the European Economic Area (EEA).

When using such services or when such data co-management with social media providers (e.g. Meta) takes place within the framework of a given service and thus processing the data of users of these Websites who visit nmierp.pl, NMI ERP assumes that these entities process the data in accordance with their declarations in accordance with accepted principles that ensure a level of privacy protection not less than that resulting from the provisions of the GDPR.

Information security

All activities carried out on the nmierp.pl website are covered by technical and organisational security measures, such as transmission encryption, which involves encoding the information that is entered by Visitors or that is displayed to them, in such a way that it can only be read by their browsers and the servers serving nmierp.pl. This also applies to other Supplier domainsthatnmierp.pl uses to improve performance.

At the same time, however, as it is technically impossible to guarantee that every data transmission on the Internet is completely secure, despite every effort to ensure the protection of personal data, NMI ERP as Data Controller cannot ensure or otherwise guarantee the complete security of the information transmitted by Visitors via the web.

Changes and updates

Keeping abreast of developments in technology and changes in legislation, NMI ERP adapts the internal policies applied and this Privacy Policy to them, amending or supplementing the provisions contained herein according to changing circumstances.

Any changes or additions will be communicated to the persons whose data is being processed by posting the relevant information on the nmierp.pl website and, in the case of significant changes, by sending separate notifications to the e-mail address indicated.

The Privacy Policy does not limit any of the rights of persons under the service contract and the law.