PRIVACY POLICY

 

This Privacy Policy (hereinafter: “Policy“) contains information on the processing of your personal data in connection with the use of the “V-Tool OBD Scanner” application (hereinafter: “Application“) and the “V-Tool OBD Scanner” website operated at the following address: v-tool.app (hereinafter: “Website“).

Any capitalized terms that are not otherwise defined in the Policy shall have the meaning given to them in the Terms and Conditions of the Application and Service, available at: https://v-tool.app/terms-and-conditions.

Personal Data Controller

The controller of your personal data is “V-Garage Spółka z ograniczoną odpowiedzialnością” based in Łódź (registered office address: aleja Tadeusza Kościuszki 3, lok 4), registered in the Register of Entrepreneurs of the National Court Register maintained by the District Court for Łódź-Śródmieście in Łódź,  Commercial Division XX of the National Court Register under the KRS number 0001113691, TIN PL7252345050, share capital 5000 PLN (hereinafter referred to as the “Controller“).

Contact with the Controller

In all matters related to the processing of personal data, you may contact the Controller by e-mail at: support@v-tool.app

Personal Data Protection Measures

The Controller applies modern organizational and technical safeguards to ensure the best possible protection of your personal data and guarantees that it processes them in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter:  “GDPR“), the Act of 10 May 2018 on the protection of personal data and other provisions on the protection of personal data.

Information about the personal data processed

The use of the Application requires the processing of your personal data. Below you will find detailed information about the purposes and legal grounds of processing, as well as the period of processing and the obligation or voluntariness to provide them.

Purpose of processing Personal data processed Legal basis
Conclusion and performance of the Agreement  data stored in the Google or Apple account that is necessary to authenticate the Service Recipient (Google account name, e-mail address and profile picture)

Article 6(1)(b) GDPR  

(processing is necessary for the performance of an Agreement with the data subject or to take steps to enter into an Agreement with the data subject)  
Providing the above-mentioned personal data is a condition for concluding and performing the Agreement (their provision is voluntary, but the consequence of not providing them will be the inability to conclude and perform the Agreement). The Controller will process the above-mentioned personal data until the claims under the Agreement are time-barred.

Purpose of processing Personal data processed Legal basis
Conclusion and performance of the Newsletter Delivery Agreement e-mail address

Article 6(1)(b) GDPR

(processing is necessary for the performance of the Newsletter Delivery Agreement concluded with the data subject or to take steps to enter into it)   and   Article 6(1)(f) GDPR   (processing is necessary in order to pursue the legitimate interest of the Controller, in this case informing about news and promotions available in the Application)
Providing the above-mentioned personal data is voluntary, but necessary in order to receive the Newsletter (the consequence of not providing them will be the inability to receive the Newsletter).   The Controller will process the above-mentioned personal data until the effective objection is raised or the purpose of the processing is achieved, or until the claims arising from the Newsletter Delivery Agreement expire (whichever occurs first).

Purpose of processing Personal data processed Legal basis
Conducting a complaint procedure
  1. name and surname
  2. e-mail address

Article 6(1)(f) GDPR

(processing is necessary for compliance with a legal obligation to which the Controller is subject, in this case the obligations of: respond to a complaint – Article 7a of the Consumer Rights Act;exercising the rights of the User resulting from the provisions on the Controller’s liability in the event of non-compliance of the Service with the Agreement)
Providing the above-mentioned personal data is a condition for receiving a response to a complaint or exercising the Service Recipient’s rights resulting from the provisions on the Controller’s liability in the event of non-compliance of the Service with the Agreement (their provision is voluntary, but the consequence of not providing them will be the inability to receive a response to the complaint and the exercise of the above-mentioned rights).   The Controller will process the above-mentioned personal data for the duration of the complaint procedure, and in the case of exercising the above-mentioned rights of the Service Recipient – until they expire.

Purpose of processing Personal data processed Legal basis
E-mail notifications e-mail address

Article 6(1)(f) GDPR

(processing is necessary in order to pursue the legitimate interest of the Controller, in this case informing the Service Recipients about the activities undertaken related to the provision of Services)
Providing the above-mentioned personal data is voluntary, but necessary in order to receive information about activities related to the provision of Services (the consequence of not providing them will be the inability to receive the above-mentioned information).   The Controller will process the above-mentioned personal data until an effective objection is raised or the purpose of processing is achieved.

Purpose of processing Personal data processed Legal basis
Fulfilment of personal data protection obligations
  1. name;
  2. surname;
  3. contact details provided by you (e-mail address; mailing address; telephone number).

Article 6(1)(f) GDPR

(processing is necessary for compliance with a legal obligation to which the Controller is subject, in this case obligations under personal data protection laws)
Providing the above-mentioned personal data is voluntary, but necessary in order for the Controller to properly perform its obligations under the provisions on the protection of personal data, m.in. to exercise the rights granted to you by the GDPR (the consequence of not providing the above-mentioned data will be the inability to properly exercise the above-mentioned rights).   The Controller will process the above-mentioned personal data until the expiry of the limitation periods for claims for violation of personal data protection regulations.

Purpose of processing Personal data processed Legal basis
Establishing, exercising or defending legal claims
  1. name and surname
  2. company
  3. e-mail address
  4. address of residence/registered offices
  5. PESEL number
  6. TIN

Article 6(1)(f) GDPR

(processing is necessary for the purpose of pursuing the legitimate interest of the Controller, in this case of establishing, pursuing or defending against claims that may arise in connection with the performance of the Agreements concluded with the Controller)
Providing the above-mentioned personal data is voluntary, but necessary in order to establish, pursue or defend against claims that may arise in connection with the performance of the Agreements concluded with the Controller (the consequence of not providing the above-mentioned data will be the inability of the Controller to take the above-mentioned actions)   The Controller will process the above-mentioned personal data until the expiry of the limitation periods for claims that may arise in connection with the performance of Agreements concluded with the Controller.

Purpose of processing Personal data processed Legal basis
Administration of the Website and the Application
  1. IP address
  2. Server Date and Time
  3. Web Browser Information
  4. Operating System Information

The above data is saved automatically in the so-called server logs, each time the Website and the Application are used (it would not be possible to administer it without the use of server logs and automatic saving).

Article 6(1)(f) GDPR

(processing is necessary in order to pursue the legitimate interest of the Controller, in this case to ensure the proper operation of the Website and the Application)
Providing the above-mentioned personal data is voluntary, but necessary to ensure the proper operation of the Website and the Application (the consequence of not providing them will be the inability to ensure the proper operation of the Website and the Application).   The Controller will process the above-mentioned personal data until an effective objection is raised or the purpose of processing is achieved.

Profiling

Your personal data will not be used for automated decision-making, including profiling.

Recipients of personal data

The recipients of personal data may be the following external entities cooperating with the Controller:

      1. hosting company;
      2. provider of the mailing system;
      3. providers of online payment systems;
      4. accounting office.

    In addition, personal data may also be transferred to public or private entities, if such an obligation arises from generally applicable provisions of law, a final court judgment or a final administrative decision.

    Transfer of personal data to a third country

    In connection with the Controller’s use of the services provided by Google LLC and Apple Inc., your personal data may be transferred to the following third countries: Great Britain, Canada, USA, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia and Australia. The basis for the transfer of data to the above-mentioned third countries are:

        • in the case of the United Kingdom, Canada, Israel, Japan and South Korea, decisions of the European Commission determining the adequacy of the level of protection of personal data in each of the above-mentioned third countries;

        • for the USA, Commission Implementing Decision (EU) 2023/1795 of 10 July 2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council establishing an adequate level of protection of personal data as provided under the EU-US data protection framework;

        • for Chile, Brazil, Saudi Arabia, Qatar, India, China, Singapore, Taiwan (Republic of China), Indonesia and Australia, adequacy Agreementual clauses in line with the standard Agreementual clauses set out in Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard Agreementual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.

      You may obtain from the Controller a copy of the data transferred to a third country.

      Permissions

      In connection with the processing of personal data, you have the following rights:

          1. the right to be informed about what personal data concerning you is processed by the Controller and to receive a copy of this data (the so-called right of access). The issuance of the first copy of the data is free of charge, for subsequent copies the Controller may charge a fee;
          2. if the processed data becomes outdated or incomplete (or otherwise incorrect), you have the right to request that it be rectified;
          3. in certain situations, you may ask the Controller to delete your personal data, e.g. when:
            1. the data will no longer be needed by the Controller for the purposes of which he or she has informed;
            2. you have effectively withdrawn your consent to the processing of data – unless the Controller has the right to process the data on another legal basis;
            3. the processing is unlawful;
            4. the necessity to delete the data results from a legal obligation incumbent on the Controller;
          4. in the event that personal data is processed by the Controller on the basis of your consent to processing or in order to perform the Agreement concluded with him, you have the right to transfer your data to another controller;
          5. if your personal data is processed by the Controller on the basis of your consent to processing, you have the right to withdraw this consent at any time (withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal);
          6. if you decide that the personal data being processed is incorrect, their processing is unlawful, or the Controller no longer needs specific data, you may request that for a specified period of time (e.g. to verify the correctness of the data or pursue claims), the Controller does not perform any operations on the data, but only stores them;
          7. you have the right to object to the processing of your personal data, the basis for which is the legitimate interest of the Controller. In the event of an effective objection, the Controller will cease to process personal data for the above-mentioned purpose;
          8. you have the right to lodge a complaint with the President of the Personal Data Protection Office if you believe that the processing of your personal data violates the provisions of the GDPR.

        Cookies

            1. The Controller informs that the Website uses “cookies” installed on your end device. These are small text files that can be read by the Controller’s system, as well as by systems belonging to other entities whose services are used by the Controller (e.g. Google).
            2. The Controller uses cookies for the following purposes:
              1. ensuring the proper operation of the Website – thanks to cookies, it is possible to operate the Website efficiently, use its functions and conveniently move between individual subpages;
              2. increasing the comfort of browsing the Website – thanks to cookies, it is possible to detect errors on some subpages and constantly improve them;
              3. creation of statistics – cookies are used to analyse the way users use the Website. Thanks to this, it is possible to constantly improve the Website and adapt its operation to the preferences of users;
              4. conducting marketing activities – thanks to cookies, the Controller can direct advertisements tailored to users’ preferences.
            3.  The Controller can place both permanent and temporary (session) files on your device. Session cookies are usually deleted when you close your browser, while closing your browser does not delete persistent cookies.
            4. Information about cookies used by the Controller is displayed in the panel located in the central part of the Website. Depending on your choice, you can enable or disable cookies of particular categories (except for essential cookies) and change these settings at any time.
            5. The data collected by means of cookies do not allow the Controller to identify you.
            6. You can access detailed information about cookies and the cookie management panel at any time by clicking the link displayed in the bottom of the Website. 
            7. Through most used browsers, you can check whether cookies have been installed on your end device, as well as delete installed cookies and block their installation by the Website in the future. Disabling or limiting the use of cookies may, however, cause quite serious difficulties in using the Website.

          Final provisions

          To the extent not regulated by the Policy, generally applicable provisions on the protection of personal data shall apply.

          The policy is effective from 2024-08-01.

           

           

           

          Data deletion request

          You can request all your data to be deleted from V-Tool OBD Scanner database by deleting your account from within the application. Open V-Tool OBD Scanner application and navigate to Settings -> Account -> Manage and follow the instructions. This process is irreversable.