GDPR Data Protection Policy

Last update: May 5, 2022


The Controller of your personal data is XOPERO SOFTWARE S.A. with headquarters in Gorzów Wlkp., ul. Herberta 3, 66-400 Gorzów Wlkp., Registered in the Register of Entrepreneurs of the National Court Register under KRS number: 0000684240, NIP: 599-306-66-03, REGON: 080285693.

Contact e-mail: [email protected]

Telephone +48 95 740 20 40


Our Data Protection Officer is:

Tadeusz Koper
of KBG Law Firm - T. Koper, A. Baś-Gidlewska S.C.,

e-mail address: [email protected]


This document contains the most important information about the rules for the processing of your personal data - in accordance with the requirements of art. 13 and 14 GDPR.

Full rules, procedures and practices can be found in the XOPERO Data Protection Policy, which is available at:


We use your personal data obtained during the creation of a user's account or during the conclusion of a contract and during its term for the following purposes:

a) conclusion and implementation of the contract, including quality assurance of services (including removal of failures and checking the correctness of services) - legal basis: art. 6 par. 1 b) GDPR, hereinafter referred to as: "performance of the contract";

data retention period: duration of the contract and settlements after its completion;

b) fulfillment of legal obligations imposed on us, in particular:

i. issuing and storing invoices as well as accounting and accounting documents;

ii. responding to complaints within the time and form provided for by law;

iii. storage of HR and payroll documentation in the time and form provided for by law;

- legal basis: art. 6 par. 1 c) GDPR; hereinafter referred to as: "legal obligation");

data retention period: performance time, e.g. invoice issuance or time when regulations require us to store data, e.g. tax data, or the time when we can suffer the legal consequences of non-compliance, e.g. obtain a financial penalty from state offices

c) establishing, defending and pursuing claims - legal basis: art. 6 par. 1 f) GDPR; hereinafter referred to as: "a legitimate interest";

data retention period: the duration of the contract, and then the period after which the claims under the contract expire, and in the case of pursuing claims or notifying the competent authorities - for the duration of such proceedings;

d) detection and prevention of fraud - legal basis: performance of the contract, legitimate interest;

data retention period: the period after which the claims under the contract expire;

e) marketing - legal basis: legally legitimate interest;

data retention period: duration of the contract;

f) create statements, analyzes and statistics for our internal needs; this includes, in particular, reporting, marketing research, service or network development planning, development work in information systems, creation of statistical models - legal basis: a legitimate interest;

data retention period: the duration of the contract, and then no longer than for the period after which the claims under the contract expire;

g) service support, including information on failures, adjustment of service based, among others, on o data about the offer that you use, or about complaints submitted so far - legal basis: our legally legitimate interest;

data retention period: duration of the contract.

For the above-mentioned purposes (in addition to the "conclusion and performance of the contract" and "legal obligations"), we will be profiling, that is, automated analysis of your data and preparing predictions about preferences or future behaviors (e.g. in the case of marketing profiling, we will determine which offer you may be most interested).

If you pay via, for example, a bank or payment institution, we will get information about which account in which institution you made the payment. We will process this data to check whether you have made a correct payment and, if necessary, to make refunds (basis: performance of the contract), to establish, investigate and defend claims and for the purposes of statistics and analysis (basis: legally legitimate interest ).

If you consent to the use of your data, the content of this consent will determine the purpose for which we will process this data.


If the use of your data is not necessary for the performance of the contract, the fulfillment of the legal obligation or does not constitute a legitimate interest, we may ask for your consent for certain uses of your data.

You can withdraw your consent at any time (this will not affect the lawful use of your data before withdrawal of such consent).


To conclude a contract, we require you to provide data on the user's account registration form or the contract form. If you do not provide them, we will not set up a user account or we will not enter into a contract.

In addition, we may ask for optional data that does not affect the conclusion of the contract (if we do not receive it, we will not be able to, for example, contact by e-mail).

During the term of the contract, by providing services, we enter into your other data, including the use of our services, devices or from our website. Their appearance with us is a consequence of the technical operation of our services that you use.


We provide your data to:

a) entities processing data on our behalf, participating in the performance of our activities:

i. agents, advertising agencies and other intermediaries in the sale of services or organization of marketing campaigns;

ii. servicing teleinformation systems or providing teleinformatic tools;

iii. subcontractors supporting in the performance of services,

iv. entities servicing and maintaining our telecommunications network;

v. entities that provide us with consulting, consulting, auditing, legal, tax, accounting, research agencies operating on our behalf;

b) other data controllers that process data on their own behalf:

i. entities operating postal or courier;

ii. entities conducting payment activity (banks, payment institutions);

iii. entities cooperating with us in servicing accounting, tax and legal matters - to the extent they become data controllers;


We make automatic decisions that have a significant effect on you in the following situations:

a) when creating an account - we automatically decide to create a user account;

b) when concluding the contract via the form on our website - we make automatic decisions about concluding or about the terms of concluding, extending or extending its scope

c) under the terms of contract, we can specify that reaching or exceeding the thresholds or limits indicated by us (eg data transfer) may cause certain consequences (eg suspension of the service or its operation under other conditions). If IT systems notice thresholds or limits, we will automatically apply a specific solution;

d) in order to detect abuse and use of services, we make automatic decisions to declare a specific non-standard user service traffic to be inconsistent with the essence of the service and contractual terms.

e) if you are behind us with payment, we can automatically decide to limit or prevent your use of our services.


In the case of using our services provided on the Internet, we process your transmission data (about connections) and location data (about the location of the device).

The transmission and location data after their complete anonymization can be processed for the needs of statistics, analyzes regarding the efficiency and development of our services.


You can submit an application (regarding personal data) to us about:

a) correcting the data;

b) deleting data processed unreasonably or placed on our websites;

c) limitation of processing (interruption of data operations or non-deletion of data - according to the submitted application);

d) access to data (for information about the data processed by us and for a copy of data);

e) transfer of data to another data controller or to you (within the scope defined in article 20 of the GDPR).

You can take advantage of these rights by submitting a written application at our headquarters in person or by post (address at the beginning) or through our Inspector of Personal Data Protection (data at the beginning).

To ensure that you are entitled to submit an application, we may ask you to provide additional information that allows us to authenticate you.

The scope of each of these rights and the situations in which they can be used result from the law. The rights you can use will depend, for example, on the legal basis of your use of your data and the purpose of their processing.


Regardless of the rights mentioned above, you may object at any time to the processing of your data (including profiling) for direct marketing purposes. After accepting the application in this matter, we are obliged to stop processing the data for this purpose.

In specific situations, you may object at any time to the processing of your personal data (including profiling) if the basis for the use of the data is our legitimate interest. In such a situation, after considering your application, we will no longer be able to process your personal data on this basis, unless we prove that there are: 1) valid legally valid grounds for processing of data that are legally considered to take precedence over your interests, rights and freedoms, or 2) grounds for establishing, investigating or defending claims.


You have the right to lodge a complaint with the President of the Office for Personal Data Protection if you believe that the processing of your personal data violates the law.