Privacy Policy NMI ERP Sp. z o.o. - Microsoft Dynamics NAV

Privacy Policy of NMI ERP

Basic Information, Contact Details, and Applied Terms

This document, titled "Privacy Policy," is implemented in the online services of NMI ERP Sp. z o.o. (hereinafter referred to as the Organization or NMI ERP), with its registered office in Krakow at ul. św. Filipa 23/3, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Kraków-Śródmieście in Kraków, 11th Commercial Division, under KRS number 0000862154. This document presents the manner of collecting and processing personal data of Visitors to the services available under the nmierp.pl domain, its subdomains, and mobile applications using elements and services embedded in the domain.

The Policy also applies to matters related to privacy and the protection of personal data of individuals visiting the Organization's official social media profiles, as described in the section entitled "Social Media."

Contact with NMI ERP Sp. z o.o. regarding data confidentiality, privacy, or personal data protection issues is possible in writing – at the registered office address: NMI ERP Sp. z o.o., ul. św. Filipa 23/3, 31-150 Kraków, electronically via email at privacy@nmierp.pl, or by phone at +48 882 434 229.

Visitor – a person visiting the nmierp.pl website. A Visitor may remain anonymous to NMI ERP when identification is not possible, due to the inability to correlate with data attributable to an individual. A Visitor ceases to be anonymous when they voluntarily provide identifying data, or indirectly when such identification becomes possible – e.g., by contacting NMI ERP via mechanisms available on the website that collect data enabling identification without additional measures.

Cookies – small files used to store information related to the use of the service. Cookies are sent by visited websites and stored on the end device used to connect. Cookies may be linked to the nmierp.pl domain or may originate from external providers (third-party cookies). More information can be found in the section entitled "Cookies and Other Tracking Mechanisms."

Identifiers – information used to recognize visit sequences and contexts, assigned by other services in the network, applied to notify external providers about activities performed by Visitors. This technology operates without cookies and relies on assigning unique keys to datasets containing information about the browser, connection, operating system parameters and version, browser type and version, screen resolutions, and device type. Collectively, these data allow for creating a relatively unique device identifier.

Provider – an external entity providing NMI ERP with additional services related to the nmierp.pl domain, such as data collection and analysis of website traffic, SEO performance, and marketing effectiveness. Such tools help to understand how Visitors navigate the site and behave, and typically include reporting and visualization features to support decision-making.

EEA – European Economic Area, comprising EU Member States and EFTA states except Switzerland.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, and on the free movement of such data, repealing Directive 95/46/EC.

Personal Data Protection

NMI ERP is the Data Controller of information identifying or allowing the identification of Visitors to the nmierp.pl service, and a joint controller of personal data of social media users interacting with NMI ERP profiles or sharing nmierp.pl content.

NMI ERP collects and processes personal data in compliance with the GDPR and related national regulations, including the

Telecommunications Law (16 July 2004),

the Personal Data Protection Act (10 May 2018),

the Act on Providing Services by Electronic Means (18 July 2002),

Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services and amending Directive 2000/31/EC (Digital Services Act).

The personal data entered in the Service forms are stored no longer than necessary to achieve the purposes for which they were collected, but not less than 30 days and not more than 60 days, unless applicable law allows for a longer retention period, such as in the case of securing evidence for ongoing proceedings or the need to pursue claims. Connection data are by default deleted three months after being recorded, in accordance with the data retention policies adopted by NMI ERP.

The information contained in cookies is typically stored for 30 days, while the identifiers generated on the server side are created based on the specific characteristics of each connection and may be stored by external Providers in accordance with their regulations. Exceptions and details are described in the section entitled: "Cookies and Other Tracking Mechanisms."

Data subjects whose personal data are processed by NMI ERP have the right to submit requests for access to their personal data, i.e. to obtain confirmation from NMI ERP as to whether their personal data are being processed, as well as the right to access such data (including a copy thereof).

Within the rights arising from Article 15 of the GDPR, such requests may include information regarding the categories of data processed, the purposes of processing, and the recipients or categories of recipients.

Data subjects also have the right to lodge a complaint with the supervisory authority, i.e. the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).

Any individual may request information regarding the use and scope of automated decision-making, including profiling, as well as its consequences for their privacy.

Data subjects have the right to request rectification, supplementation, correction, erasure, or the right to be forgotten.

The exercise of the right to erasure or to be forgotten is subject to an assessment of feasibility and may not be binding if the processing of data results from NMI ERP's legal obligations or in cases of justified circumstances related to the establishment, exercise, or defense of legal claims.

Data Acquisition

NMI ERP may obtain personal data in the following scenarios:

Information voluntarily and directly provided by Visitors when completing electronic forms on the nmierp.pl website.

Information obtained by the servers operating the nmierp.pl website, both those owned by NMI ERP and those of Providers supporting this process or supplying content, elements, and materials used on the site (e.g. fonts, video materials, CSS scripts). Such collected data may include page address requests (URLs), domain name server (DNS) queries, the date and time of transmitted requests, device data (e.g. hardware model and operating system type), browser type, network information, and IP addresses from which the connection is made (directly or indirectly – via proxy).

Automatically transmitted information, which is not used by NMI ERP in a manner that directly identifies Visitors, but may enable identification by Providers, who with a high degree of probability can identify individuals and monitor their online activity to some extent – through mechanisms such as identifiers and cookies, as well as correlations of logins from the same device across social media services. NMI ERP relies in its analyses solely on aggregated statistical data provided by such Providers.

Since NMI ERP does not process data identifying specific individuals but uses market-available solutions whose Providers possess such capabilities, refusing consent for the transfer of identifiers or declining acceptance of third-party cookies can prevent or limit such correlations. Identity tracking can also be avoided or limited by configuring browser-based tracking protection mechanisms and general cookie settings for third-party providers.

The nmierp.pl website may also contain elements related to NMI ERP's business activities that require the provision of certain information necessary to tailor offers and to undertake actions necessary to perform a contract. Additional embedded elements on the site may originate from external Providers, who use them to carry out tasks entrusted to them in connection with the Organization's services.

Legal Basis for Processing Data

As the Data Controller, NMI ERP collects personal data on several legal grounds, described below with a brief justification:

To enable the review of possible complaints, claims, or requests, and to respond to questions, NMI ERP may process certain personal data provided in contact forms. In this case, the legal basis is the individual's deliberate action to provide contact data – i.e. consent pursuant to Article 6(1)(a) GDPR.

The Organization may also process data necessary for settlements, including: name, surname, business details (if operating under a company), address, and registration data. The legal basis is the fulfillment of a legal obligation incumbent upon the Controller under Article 6(1)(c) GDPR.

The Controller may also process personal data based on explicit consent (i.e. voluntary, specific, informed, and unambiguous agreement). In such cases, a clear notice regarding the purpose and scope of the consent will be provided before the collection or processing of personal data. Any individual granting consent has the right to withdraw it at any time. The use of certain contact forms is equivalent to granting consent for the Controller to respond to received messages or to continue correspondence.

When using services provided via social media platforms, individuals independently decide to interact. Such actions may include subscribing, commenting on content, tagging, or sharing it further.

Use of Personal Data

The main purpose of NMI ERP as the Data Controller in collecting personal data is to enable individuals to make contact, facilitate communication, present offers, and promote its services. These purposes are linked with other forms of activity, such as conducting business correspondence, enabling contact, or engaging in social media interactions.

Certain information may be used to adapt the nmierp.pl website to individual needs, including interactive communication and additional services such as the operation of app stores where NMI ERP offers its products. The Service may also contain optional forms to facilitate integrated telephone contact, support for selected services, surveys, and questionnaires requesting additional information appropriate for a given purpose.

Measurement data provided by Visitors while browsing the Service websites may be used in the design and development of better solutions, adjustments, improvements, and in providing advice and assistance regarding the services offered.

Many types of data may be provided voluntarily; however, failure to provide them may prevent the delivery (or continuation of delivery) of certain products or services.

Information collected on the basis of expressly granted consents may be used by the Data Controller to create personalized marketing and advertising offers. Such advertising may be displayed on the website, in social media services, or in popular search engines.

Visitor information may also be used by external entities such as Providers or social media services, which independently may associate NMI ERP's context with individuals visiting other websites capable of contextual correlation. Such activities do not involve the direct processing of personal data by NMI ERP. The use of third-party services is subject to consent at the first (or subsequent, after cookies have been deleted) visit, where each Visitor may decide whether to enable mechanisms from external Providers. Quick acceptance means consent to enable all Provider solutions. Selective acceptance or complete rejection of third-party mechanisms is also possible.

Some mechanisms from external Providers are essential for the website's operation; therefore, disabling them is not available within the Service itself. Visitors can, however, do so by adjusting cookie acceptance settings in their browser or by using additional tools blocking cookies and other resources from external Providers – though in such cases the website may not function properly.

Visitor data are not subject to profiling by NMI ERP (automated decision-making). Profiling may be applied independently by Providers.

Social Media

NMI ERP operates official profiles on social media platforms:

• Facebook: https://facebook.com/nmierp/
• Instagram: https://www.instagram.com/nmi.erp/
• YouTube: https://www.youtube.com/@nmierp4528/featured
• LinkedIn: https://www.linkedin.com/company/nmi-erp/

Personal data may be indirectly collected from social media platforms, where the identity of individuals interacting with NMI ERP profiles may be disclosed. The privacy rules applicable to a given social media service are prepared by default, but each user may adjust them according to their needs in their account settings. The details of these rules can be found in the current policies available at:

Facebook Privacy Policy

Instagram Safety Center

Google Privacy Policy

LinkedIn Privacy Policy

In certain parts of the Service, tools for handling social media may be embedded. Their purpose is to enable the exchange of information between registered users of social platforms and to facilitate the sharing of links to nmierp.pl content.

Such interactions are inherently linked to the processing of Visitors' personal data by social media platforms. Entities responsible for a given social media service may use this data to confirm correlations between individuals and products or services, and then sell this information in anonymized form to advertisers.

The scope of possible processing purposes within social media services depends on how profiling and advertisement display are managed. This may be based on individuals' consents or disabled by using paid accounts on certain platforms, which are intended to eliminate or reduce advertising. NMI ERP uses advertising on social media platforms but has no knowledge of which individuals the ads are displayed to – this information is held solely by the operator of the given platform. NMI ERP only commissions the targeting of advertisements according to adopted criteria, depending on the context of the campaign.

Cookies and Other Tracking Mechanisms

The nmierp.pl website uses external solutions and libraries that may collect data from servers other than nmierp.pl. This involves the transfer of connection information to a given Provider, who may, at their own discretion and for their own purposes, use such data to identify individuals.

NMI ERP is not aware of such activities, but cannot entirely exclude them. Bearing this in mind, below are references to external services and elements provided by third-party Providers:

Fonts and CSS styles from Google: fonts.googleapis.com

WordPress Statistics: stats.wp.com

Cookie consent scripts: consent.cookiebot.com

Google Tag Manager: gtm4wp.com

Graphics: 365erp.pl, s.w.org, wordpress.com, twitter.com, linkedin.com, facebook.com, schema.org

Yoast SEO: yoast.com

Data Transfers Outside the European Economic Area

Some of the Providers used by NMI ERP have their headquarters and part of their technical infrastructure outside the territory of the European Economic Area (EEA). NMI ERP selects only such external Providers that guarantee a level of privacy protection no lower than that applicable within the EEA and based on the provisions of standard contractual clauses adopted by the European Commission, allowing the transfer of data between the EU and the USA under the EU–US Data Privacy Framework adopted on 10 July 2023 by the European Commission:

https://www.dataprivacyframework.gov/s/participant-search

Personal data transmitted directly to the nmierp.pl server are not transferred outside the European Economic Area (EEA).

By using such services, or where joint controllership of data arises (e.g., with social media providers such as Meta), NMI ERP assumes that these entities process data in accordance with their own statements and in compliance with rules ensuring a level of privacy protection no lower than required by the GDPR.

Information Security

All activities carried out on the nmierp.pl website are protected by technical and organizational security measures, such as encrypted transmission. This involves encoding information entered by Visitors or displayed to them in such a way that it can only be read by their browsers and the servers operating nmierp.pl. This also applies to other Provider domains used by nmierp.pl to improve performance.

However, since it is technically impossible to guarantee that every data transmission over the Internet is completely secure, despite taking all possible measures to protect personal data, NMI ERP as the Data Controller cannot ensure or otherwise guarantee the absolute security of information transmitted by Visitors over the network.

Changes and Updates

In line with technological developments and changes in the law, NMI ERP adjusts its internal policies and this Privacy Policy, amending or supplementing its provisions as circumstances change.

Any changes or updates will be communicated to data subjects by publishing relevant information on the nmierp.pl website and, in the case of significant changes, by sending separate notifications to the email address provided.

This Privacy Policy does not limit any rights granted to individuals under service agreements or applicable law.