APPLICATION PRIVACY POLICY
SEA ALERT
Please read this privacy policy carefully. It describes the rules for processing personal data collected and processed when the User uses the Sea Alert Application.
GENERAL PROVISIONS
This Application privacy policy is for information only and does not itself create obligations for Application Users. It sets out, in particular, the rules for processing personal data by the Controller in the Application, including the legal bases, purposes and retention periods for personal data, and the rights of data subjects. This Application privacy policy also applies to the Sea Alert website (Sea Alert.info).
The controller of personal data collected through the Application is Wojciech Danilczuk conducting business under the name ARKONA WOJCIECH DANILCZUK, entered in the Central Register and Information on Business Activity of the Republic of Poland kept by the minister competent for economic affairs, with business address and correspondence address: Truskawkowa 12, 55-080 Sadowice, Poland, VAT ID (NIP) 8251892827, e-mail: info@sea-alert.com — hereinafter referred to as the “Controller”, who is also the service provider of the Sea Alert Application.
Personal data in the Application are processed by the Controller in accordance with applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) — hereinafter “GDPR” or “the GDPR”. The official text of the GDPR: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679.
Use of the Sea Alert Application, including making purchases, is voluntary. Likewise, providing personal data by the User using the Sea Alert Application is voluntary, subject to two exceptions: (1) conclusion of a contract — failure to provide, where and to the extent indicated in the Sea Alert Application, the Sea Alert Application Terms of Use and this privacy policy, personal data necessary to conclude a contract for use of the Application or particular Electronic Services (e.g. Account registration, activation of paid access to the Application, etc.) means the User cannot conclude the contract or use the Application services. In such cases, providing personal data is a contractual requirement; if the data subject wishes to use a given Electronic Service available in the Application, they must provide the required data. The scope of data required for specific Application services is each time indicated in advance in the Sea Alert Application and in the Sea Alert Application Terms of Use; (2) Controller’s statutory obligations — providing personal data is a statutory requirement under generally applicable law imposing an obligation on the Controller to process personal data (e.g. for accounting records), and failure to provide them will prevent the Controller from fulfilling those obligations.
The Controller takes special care to protect the interests of data subjects whose personal data it processes and, in particular, is responsible for ensuring that data collected are: (1) processed lawfully; (2) collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes; (3) factually correct and adequate in relation to the purposes for which they are processed; (4) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes of processing; and (5) processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the Controller implements appropriate technical and organisational measures so that processing complies with the GDPR and can be demonstrated. Those measures are reviewed and updated where necessary. The Controller uses technical measures to prevent unauthorised acquisition or modification of personal data transmitted electronically.
Any words, phrases and acronyms used in this privacy policy with an initial capital letter (e.g. Electronic Service, User, Application) have the meanings given in the Sea Alert Application Terms of Use.
LEGAL BASES FOR PROCESSING
The Controller may process personal data where — and to the extent that — at least one of the following applies: (1) the data subject has given consent to the processing for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Controller is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Processing of personal data by the Controller always requires at least one of the bases set out in section 2.1 of this privacy policy. The specific legal bases for processing personal data of Sea Alert Application Users by the Controller are indicated in the following section — in relation to each purpose of processing by the Controller.
PURPOSE, LEGAL BASIS AND RETENTION PERIOD IN THE APPLICATION
The specific purpose, legal basis, retention period and recipients of personal data processed by the Controller depend on the actions taken by each User in the Application.
The Controller may process personal data in the Application for the purposes, on the legal bases and for the retention periods indicated in the table below:
| Purpose of processing | Legal basis for processing | Retention period |
|---|---|---|
| Performance of a contract for use of the Application or another contract, or steps taken at the data subject’s request prior to entering into a contract | Article 6(1)(b) GDPR (contract) — processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract | Data are stored for as long as necessary to perform, terminate or otherwise end the contract. |
| Determining the User’s location in order to display navigational warnings near their current position, including while the Application runs in the background | Article 6(1)(a) GDPR (consent) — processing is based on the User’s explicit consent given before the location function is enabled, and Article 6(1)(b) GDPR (contract) — to the extent necessary to provide the core functionality of the Application | Location data are not permanently stored on the Controller’s servers — they are processed in real time only to determine the User’s position and match navigational warnings to it. Location data sent to the server to synchronise warnings are anonymised and are not assigned to a specific User. Consent may be withdrawn at any time by changing the device system settings. |
| Sending commercial information, including direct marketing, using telecommunications end devices (e.g. e-mail, telephone) or automated calling systems | Article 6(1)(f) GDPR (legitimate interests) — processing is necessary for purposes of the legitimate interests of the Controller, including direct marketing — maintaining the Controller’s interests and good reputation, its Application, and promoting the sale of access packages and services — for example where the data subject has given prior consent (e.g. when signing up for the Newsletter) to receive commercial information using telecommunications end devices such as e-mail or telephone, depending on the scope of consent given | Data are stored for the duration of the legitimate interest pursued by the Controller, but no longer than the limitation period for claims by the Controller against the data subject in connection with its business activity. Limitation periods are set by law, in particular the Civil Code (the general limitation period for business-related claims is three years). |
| Keeping tax records | Article 6(1)(c) GDPR in conjunction with Article 86(1) of the Polish Tax Ordinance of 17 January 2017 (Journal of Laws 2017 item 201 as amended) — processing is necessary for compliance with a legal obligation to which the Controller is subject | Data are stored for the period required by law obliging the Controller to keep tax records (until expiry of the tax liability limitation period unless tax laws provide otherwise). |
| Establishment, exercise or defence of legal claims that the Controller may bring or that may be brought against the Controller | Article 6(1)(f) GDPR (legitimate interests) — processing is necessary for purposes of the legitimate interests of the Controller relating to establishing, exercising or defending claims that the Controller may bring or that may be brought against the Controller | Data are stored for the duration of the legitimate interest pursued by the Controller, but no longer than the limitation period for claims that may be brought against the Controller (the general limitation period for claims against the Controller is six years). |
| Use of the Application and ensuring its proper operation | Article 6(1)(f) GDPR (legitimate interests) — processing is necessary for purposes of the legitimate interests of the Controller relating to operating and maintaining the Application | Data are stored for the duration of the legitimate interest pursued by the Controller, but no longer than the limitation period for claims by the Controller against the data subject in connection with its business activity. Limitation periods are set by law, in particular the Civil Code (the general limitation period for business-related claims is three years). |
| Statistics and analysis of traffic in the Application | Article 6(1)(f) GDPR (legitimate interests) — processing is necessary for purposes of the legitimate interests of the Controller relating to statistics and analysis of traffic in the Application in order to improve how it works | Data are stored for the duration of the legitimate interest pursued by the Controller, but no longer than the limitation period for claims by the Controller against the data subject in connection with its business activity. Limitation periods are set by law, in particular the Civil Code (the general limitation period for business-related claims is three years). |
LOCATION DATA — DETAILED INFORMATION
The Sea Alert Application collects and processes data relating to the User’s geographic location (GPS data), including precise (fine) location, for the following purposes:
- displaying the User’s current position on the map,
- automatically detecting when the User approaches areas covered by navigational warnings,
- sending push notifications about navigational warnings near the User’s position.
The Application may access location data when it runs in the background (i.e. when the device screen is off or when the User uses another application). Background location access is necessary for proximity notification features — the Application must continuously monitor the User’s position to inform them when they enter an area covered by a navigational warning, even when the Application is not actively in use.
Location data are not permanently stored on the Controller’s servers and are not disclosed to third parties in a form that allows identification of the User, except in the cases described in section 5 of this privacy policy (e.g. technical service providers necessary for the Application to operate).
Granting consent for location access is voluntary; however, refusing consent for precise location or background location will prevent use of key Application features, such as displaying the position on the map and receiving proximity notifications.
The User may at any time withdraw consent for location access or change its scope in the device system settings (Settings → Apps → Sea Alert → Permissions → Location). Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.
RECIPIENTS OF DATA IN THE APPLICATION
For the Sea Alert Application to function properly, including provision of Electronic Services, the Controller uses external providers (such as software suppliers and payment processors). The Controller only uses processors who provide sufficient guarantees of appropriate technical and organisational measures so that processing meets GDPR requirements and protects the rights of data subjects.
Personal data may be transferred by the Controller to a third country; in such cases the Controller ensures that this is done in accordance with the GDPR, including with regard to countries ensuring an adequate level of protection, and for other countries on the basis of standard data protection clauses, and the data subject may obtain a copy of their data. Personal data collected are disclosed only when and to the extent necessary to fulfil a processing purpose consistent with this privacy policy.
Disclosure by the Controller does not occur in every case and not to all recipients or categories of recipients mentioned in this privacy policy — the Controller discloses data only when necessary for a given purpose of processing and only to the extent necessary.
Personal data of Sea Alert Application Users may be disclosed to the following recipients or categories of recipients:
Map and location service providers — the Controller may use external providers of map and location functionality (such as Google Maps Platform). In connection with use of those services, the User’s location data may be processed by those providers in accordance with their own privacy policies, available on those entities’ websites.
Entities processing electronic or card payments — where a User purchases paid features in the Application using electronic or card payments, the Controller shares the User’s personal data with the selected payment processor acting on the Controller’s behalf to the extent necessary to process the User’s payment.
Accounting, legal and advisory service providers supporting the Controller (in particular an accounting office, law firm or debt collection agency) — the Controller shares the User’s personal data with the selected provider acting on its behalf only when and to the extent necessary to fulfil a processing purpose consistent with this privacy policy.
Survey / review platform providers — where a User has agreed to submit a review of the Sea Alert Application, the Controller shares the User’s personal data with the selected provider of the review system acting on the Controller’s behalf, to the extent necessary to enable the User to submit a review through that system, in particular to send an invitation to the e-mail address provided by the User.
Providers of technical, IT and organisational solutions enabling the Controller to operate and maintain the Application and provide Electronic Services (in particular the IT provider operating the Sea Alert Application, e-mail and hosting providers, and software providers for business management and technical support to the Controller) — the Controller shares the User’s personal data with the selected provider acting on its behalf only when and to the extent necessary to fulfil a processing purpose consistent with this privacy policy.
PROFILING IN THE APPLICATION
The GDPR requires the Controller to inform data subjects about automated decision-making, including profiling within the meaning of Article 22(1) and (4) GDPR, and — at least in those cases — meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing. Accordingly, this section describes possible profiling.
The Controller may use profiling in the Application for direct marketing purposes, but decisions based solely on such profiling by the Controller do not concern entering into or refusing a contract or the possibility of using Electronic Services in the Application. Profiling may, for example, remind a person of incomplete actions in the Application, grant a discount, send an offer that may match their interests or preferences, or offer better conditions than the standard Application offer. Even where profiling is used, the person remains free to decide whether to use a discount or offer received in this way.
Profiling in the Application consists of automated analysis or prediction of a person’s behaviour in the Sea Alert Application, e.g. by analysing past activity or purchases in the Application. Such profiling requires the Controller to hold personal data about the person in order to send, for example, an offer or discount.
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
RIGHTS OF THE DATA SUBJECT
Right of access, rectification, restriction, erasure and data portability — the data subject has the right to obtain from the Controller access to, rectification or erasure (“right to be forgotten”) of personal data or restriction of processing, the right to object to processing, and the right to data portability. Detailed conditions for exercising these rights are set out in Articles 15–21 GDPR.
Right to withdraw consent at any time — where processing is based on consent (Article 6(1)(a) or Article 9(2)(a) GDPR), the data subject has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Right to lodge a complaint with a supervisory authority — the data subject has the right to lodge a complaint with a supervisory authority in the manner provided for in the GDPR and Polish law, in particular the Act on personal data protection. In Poland, the supervisory authority is the President of the Personal Data Protection Office (UODO).
Right to object — the data subject has the right to object at any time, on grounds relating to their particular situation, to processing of personal data based on Article 6(1)(e) (public interest or official authority) or (f) (legitimate interests), including profiling based on those provisions. The Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Right to object to direct marketing — where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.
To exercise the rights described in this section, you may contact the Controller by post or e-mail at the address indicated at the beginning of this privacy policy.
COOKIES AND ANALYTICS
Cookies are small text files sent by a server and stored on the device of a visitor to the Sea Alert.info website (e.g. on a computer hard drive, laptop or smartphone memory, depending on the device). Further information on cookies and their history can be found for example at https://en.wikipedia.org/wiki/HTTP_cookie.
Cookies that may be sent by the website can be divided into categories according to the following criteria:
By provider: (1) first-party (set by the site) and (2) third-party (entities other than the Controller)
By storage period on the visitor’s device: (1) session (until the visitor leaves the site or closes the browser) and (2) persistent (stored for a defined period set by cookie parameters or until manually deleted)
By purpose: (1) strictly necessary (enabling proper functioning of the site), (2) functional / preference (enabling the site to be tailored to the visitor), (3) analytics and performance (collecting information on how the site is used), (4) marketing, advertising and social (collecting information about the visitor to display and personalise ads and for other marketing activities, including on other sites such as social networks or sites in the same ad network as the Application)
- The Controller may process data contained in cookies when visitors use the site for the following specific purposes:
- remembering data from forms or surveys (strictly necessary and/or functional cookies)
- tailoring site content to user preferences (e.g. colours, font size, layout) and optimising use of the site (functional cookies)
- running anonymous statistics on how the site is used (analytics and performance cookies)
- displaying and rendering ads, limiting ad frequency, measuring ad effectiveness and ad personalisation, including analysing behaviour of visitors to the web version of the Application (e.g. repeat visits, keywords) to build profiles and deliver ads matched to likely interests, including when they visit other sites in the ad network of Google Ireland Ltd. (marketing, advertising and social cookies)
To check which cookies are sent by the site, regardless of browser, tools such as https://www.cookiemetrix.pl or https://www.cookie-checker.com may be used.
Most browsers accept cookies by default. You can set how cookies are handled in your browser settings — you may restrict or disable storage of cookies; disabling cookies entirely may affect some Application features.
Browser cookie settings are relevant for consent to cookies — under applicable law, consent may also be expressed through browser settings. For information on changing cookie settings and deleting cookies in popular browsers, see your browser’s help pages and the following links:
The Controller may use Google Analytics, GA4 and Firebase Analytics provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). These services help the Controller run statistics, analyse traffic and monitor errors on the site. Data are processed under those services to produce statistics useful for administering the site, analysing traffic and improving quality and security for users. Data are aggregated. When using these services on the site, the Controller may collect information such as traffic sources and medium, on-site behaviour, device information, IP address, geographic data, and demographic data (age, gender) and interests.
Firebase may collect data such as which information categories are read most often, which Application features are used most, time spent in the Application, and how many Users are active in a given period. Firebase does not enable identification of individual Users. Firebase also collects information about possible Application errors so the Controller can optimise the Application. More information: https://firebase.google.com/support/privacy.
Where the Controller uses analytics and advertising services from Google Ireland Ltd. on the site, full information on how Google Ireland Ltd. processes data of visitors to the Application (including data stored in cookies) is available in Google’s policies at https://policies.google.com/technologies/partner-sites.
For system-level permissions, the Sea Alert Application uses the following device permissions related to personal data:
ACCESS_FINE_LOCATION (access to precise location) — required to display the User’s position on the navigational map,
ACCESS_BACKGROUND_LOCATION (access to location in the background) — required for proximity notification features informing the User about navigational warning zones when the Application runs in the background.
Before the above permissions are granted, the User is informed of the purpose of their use and asked to give informed consent.
FINAL PROVISIONS
The Application may contain links to other websites or applications. The Controller encourages you to read the privacy policies of those sites when you leave the Application. This privacy policy applies only to the Controller’s Application.