PRIVACY AND COOKIES POLICY

§1. INTRODUCTION AND DATA CONTROLLER

  1. We respect your privacy. This Privacy Policy sets out the rules for the collection, processing, and use of personal data in the Meeting Application website and mobile application (hereinafter: “System”). This document applies to both individual Users and Organizers using the System.
  2. Controller: The Controller of your personal data regarding the maintenance of the User Account, technical support, business relations (B2B), and own marketing activities is: MEETING APPLICATION SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Wrocław, at ul. Św. Antoniego 15, 50-073 Wrocław, entered into the Register of Entrepreneurs of the National Court Register under number: 0000433314, NIP (Tax ID): 8992738060, REGON: 021940356, share capital: PLN 47,200.00 (hereinafter: “We”, “Controller” or “Meeting Application”).
  3. Contact: We have appointed a Data Protection Officer (DPO), whom you can contact in all matters regarding your personal data at the e-mail address: dpo@meetingapplication.com.

§2. KEY DISTINCTION OF ROLES (When are we a Controller and when a Processor?)

Due to the nature of our System (SaaS platform for events), we perform two different functions depending on which services you use. This distinction is crucial for understanding who is responsible for your data.

  1. Role 1: CONTROLLER (Your Global Account and B2B Relations) a. When: When you create an Account in the System, log in, subscribe to our newsletter, report a technical problem to our support, visit our website, or contact us for business purposes (as an Organizer). b. What it means: We decide on the purposes and means of processing this data (e.g., your Login, Password, E-mail, ticket history, invoice data).
  2. Role 2: PROCESSING ENTITY / PROCESSOR (Data inside the Event) a. When: When you join a specific Event, fill out a survey during a conference, ask a speaker a question, chat on the event forum, or buy a ticket. b. What it means: The Administrator of this data is the Event Organizer (e.g., the company organizing the conference). We are merely a “technical contractor” (Processor) who stores this data on the Organizer’s order based on the Data Processing Agreement (DPA) concluded with them. c. Important: In matters concerning strictly event-related data (e.g., removal from the list of participants of a specific conference), you should direct requests directly to the Organizer.

§3. PURPOSES, LEGAL BASES AND RETENTION PERIODS

We process data for specific purposes, based on GDPR regulations.

Purpose of processingScope of dataLegal basis (GDPR)Retention period
Account Maintenance and Service Provision(Logging in, user profile, access to application)E-mail, First Name, Last Name, Password (hash), Avatar, Job Title, User ID.Art. 6(1)(b)(Necessary for the performance of the electronic services agreement)Until the Account is deleted by the User.
Technical Support (Support)(Handling bug reports, troubleshooting, chat communication)E-mail address, content of the report, screenshots, device data (OS, app version).Art. 6(1)(f)(Legitimate interest – ensuring service quality and bug fixing)For the period necessary to handle the report, and then until the statute of limitations for claims (3 years).
Analytics and Statistics(Traffic research, improving functionality)IP Address, cookies, path in the application, visit time.Art. 6(1)(f)(Legitimate interest of the Controller)Until effective objection is raised or cookies are deleted (max 2 years in Google Analytics).
B2B Direct Marketing(Contact with Organizers)Business contact details, contact history.Art. 6(1)(f)(Legitimate interest – marketing of own services)Until objection is raised.
Legal and Accounting Duties(Invoicing, tax settlements)Billing data (NIP, Company Name, Address), payment history, invoice data.Art. 6(1)(c)(Legal obligation resulting from tax regulations)5 years calculated from the end of the calendar year in which the tax payment deadline expired.

§4. DATA RECIPIENTS (Our Trusted Providers)

To ensure the System works efficiently, we use the services of verified technology providers. We have concluded appropriate data entrustment agreements with each of them to guarantee your safety.

  1. Hosting and Infrastructure (System Foundation) a. LH.pl (Poland / EU): This is our main provider of hosting and database services. This is where the servers processing most of the personal data of Users and Organizers are physically located, which guarantees that data does not leave the European Economic Area. b. AWS (Amazon Web Services – Ireland/Frankfurt / EU): We use the secure AWS cloud for storing files (e.g., profile pictures) and use the Amazon SES service for reliable sending of e-mail messages (such as tickets, password reset links, or system notifications).
  2. Analytics and Diagnostics a. Google Services (Google Ireland Ltd. – Ireland / EU): We use a suite of Google tools (Analytics, Firebase, BigQuery, Crashlytics) to analyze traffic, detect errors in the application, and create statistics. This data helps us understand how to improve the application and is processed in a maximally anonymized manner. b. Postman (USA): This is a specialized tool used by our development team to test and monitor the stability of API interfaces, which ensures the smooth operation of the System.
  3. User Support and Sales (CRM) a. Gleap (Gleap GmbH – Austria / EU): This is the “chat/widget” visible in the application, which serves to report bugs and talk directly with our support. Gleap helps us solve your problems faster by collecting (with your consent) technical device data at the moment an error occurs. b. Pipedrive (Pipedrive OÜ – Estonia/Germany / EU): Our CRM system, in which we store contact details for Organizers and business relationship history, to be able to efficiently handle the sales and implementation process.
  4. Operational Tools and Work Organization a. Google Workspace (Google Ireland Ltd. – Ireland / EU): This is our “virtual office”. We use it for secure e-mail and as an office suite (documents, sheets) to create and store company documentation, which may contain data necessary for the provision of services. b. ClickUp (ClickUp, Inc. – data in EU): The command center for our projects. We use it to organize the work of the IT and Support team – this is where tasks regarding implementations, fixes, or handling User reports go.
  5. Accounting and Payments a. Infakt Sp. z o.o. (Poland / EU): The accounting system we use to generate VAT invoices in accordance with Polish tax regulations. If you are our business client, your invoice data will go to this system. b. Payment Operators (Stripe, PayU, Autopay): If you make payments in the System, your data (first name, last name, e-mail address) are processed directly by these certified operators.

Transfer outside the EEA: Our priority is processing data in Europe. Some providers (e.g., ClickUp, Postman) are based in the USA. In such cases, we ensure the legality of the transfer by cooperating exclusively with entities that apply Standard Contractual Clauses (SCC) or participate in the Data Privacy Framework (DPF) program, recognized by the European Commission.

§5. YOUR RIGHTS

You are entitled to the following rights related to the processing of personal data:

  1. Access: The right to obtain information about processing and a copy of the data.
  2. Rectification: The right to correct incorrect data or complete incomplete data.
  3. Deletion (“Right to be forgotten”): The right to demand the deletion of data when there is no basis for its further processing.
  4. Restriction of processing: The right to suspend operations on data.
  5. Portability: The right to receive data in a structured format.
  6. Objection: The right to object to processing based on legitimate interest (e.g., marketing, analytics).
  7. Complaint: You have the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw) if you consider that the processing violates GDPR regulations.

§6. FINAL INFORMATION (Art. 13 GDPR Requirements)

  1. Voluntariness of providing data: Providing personal data in the registration process (E-mail, Password, Name) is voluntary, however, necessary to conclude an agreement for the provision of electronic services (creating an Account). The consequence of not providing data is the inability to use the System.
  2. Profiling: The Controller does not use automated decision-making, including profiling, that would produce legal effects concerning the User or similarly significantly affect them.
  3. Source of data: In the case where your account was created through data import performed by the Event Organizer, the source of your data is that Organizer.

§7. COOKIES

  1. The System uses cookies necessary for the technical operation of the site (maintaining the session) and, with the User’s consent, analytical files.
  2. The User may change settings regarding cookies in their web browser at any time.

§8. ROLE IN PROCESSING EVENT DATA

For the avoidance of doubt, the Controller clarifies that regarding data collected within specific Events (surveys, chats at the event, participation in sessions), Meeting Application acts as a Processing Entity, and the Administrator of this data is the Event Organizer. Any requests for the exercise of rights in this regard should be directed directly to the Organizer.

§9. POLICY CHANGES

Technology and law change, therefore we may update this Policy. We will inform you of any significant change in advance by sending an e-mail message or displaying a notification in the App.