AUTENTI PLATFORM TERMS & CONDITIONS

These Terms & Conditions specify the rules of providing electronic services by the Administrator as part of the Autenti Platform. Using the Autenti Platform is possible on the rules set out in the Terms & Conditions.

Article 1. Definitions 

The terms used in the Terms & Conditions have the following meaning:

1. Administrator – Autenti sp. z o.o. with its  registered office in Poznań, at ul.  Św. Marcin 29/8, 61-806 Poznań, entered into the register of enterprises kept by the District Court Poznań Nowe Miasto i Wilda in Poznań, 8th Commercial Division of the National Court Register, under KRS No. [National Court Register No.] 0000436998, NIP No. [Tax ID No.] 783-169-32-51 
2. Autenti platform – an IT tool under which the service is provided electronically by the Administrator, available on the website under the name “Autenti”, in accordance with the Terms & Conditions.
3. Terms & Conditions – these Autenti Platform Terms & Conditions.
4. Customer – a natural person, legal person or an organizational unit without legal personality that has an Account on the Autenti Platform.
5. User – a natural person who acts on behalf of or for the benefit of the Customer or another person or on his own behalf and performs factual or legal actions within the Autenti Platform, in particular  affixes an electronic signature.
6. Account – a set of data related to a given Customer, including information provided by the Customer during Registration, as well as information on the activity of the Customer and Users added to this Account as part of the Autenti Platform. The Account enables ordering or full benefit of the services provided as part of the Autenti Platform, assigned to a given Account.
7. Registration – a process of creating the Account within the Autenti Platform.
8. Document – an electronic file entered into the Autenti Platform by the User who, upon affixing the electronic signature, expresses the signatory’s declaration of will concerning the content contained therein with respect to the parties indicated therein or the parties who participated in  signing thereof as part of the Autenti Platform.
9. Signature Card / Autenti Certificate – confirmation issued by the Service Provider, documenting the status of the Trust Service performance and linked with the Document. 
10. eIDAS – Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.

Article 2. Terms of Use of the Autenti Platform

1. In order to use the Autenti Platform, the User must have an ICT system that meets  at least the following technical requirements:
   1. Internet access through an active connection enabling two-way communication via HTTPS protocol;
   2. the ability to use a standard web browser, the settings thereof , in the case of the intention to use the encrypted website when logging in to the Autenti Platform, should enable the encrypted connection,
   3. the ability to use software that allows the reading of files sent by persons with whom the User communicates via the Autenti Platform in various formats (including graphic, audio, multimedia, text, video, etc.), in accordance with the provisions of Art. 5 sec. 1 of the Terms & Conditions,
   4. having an address and access to configured e-mail.
2. The use of some functionalities of the Autenti Platform may require fulfilment of additional conditions, in particular when using qualified electronic signatures – having an appropriate electronic signature creation service and a valid certificate issued by a trust service provider.
3. The Customer and the User are obliged to refrain from any illegal activities, in particular:
   1. using the Autenti Platform directly or indirectly for illegal purposes  or  with the view  of violating the legal provisions,
   2. using the Autenti Platform in a manner inconsistent with the Terms & Conditions, contrary to good  morals or generally accepted principles of using the Internet,
   3. using the Autenti Platform in a manner violating the rights of the Administrator, other Users or third parties, in particular by providing false or other person’s  data,  using the name of another entity unlawfully or abusing the rights held,
   4. providing by or to the Autenti Platform the data that may violate the legal provisions or the rights of third parties, 
   5. providing  by or to the Autenti Platform the data which results in the disruption of work or overload of IT systems or causes unauthorized modification of the data contained in the Autenti Platform.
4. Customers are liable for any and all actions of the Users added to this Customer’s Account, described in the Terms & Conditions as for their own.

Article 3. Registration

1. In order to use certain functionalities of the Autenti Platform, in particular to initiate the process of signing the Documents, the Customer should complete the process of Registration. To this end, it is necessary to complete the electronic form available on the Autenti Platform by providing one’s e-mail address or telephone number. The Administrator sends an activation link necessary to complete the process of Registration  to the indicated e-mail address or telephone number. The Customer confirms his identity and willingness to register by clicking the activation link (Account activation) referring him to the Autenti Platform. Account activation is necessary to ensure the full functionality of the Account and the services provided to the Customer. 
2. The Customer may add Users who will operate within the  Account created. The Administrator adds the User indicated by the Customer to the Account and sends to the e-mail address or telephone number of the User indicated by the Customer the activation link necessary to make it possible for the User to access the Account. The User is obliged to confirm his identity and consent to use the Account by clicking the activation link referring him to the Autenti Platform.
3. The Customer may register, and the User may log in to the Autenti Platform using the username (login) and password on other websites that offer this option and have been functionally related to the Autenti Platform website (hereinafter referred to as the “related websites”). In this case, the data related to the Customer’s or User’s accounts of these websites, provided by and stored in the Autenti Platform profile, is treated as the data submitted by the Customer for Registration on the Autenti Platform. Customers may register, and Users may log in to the Autenti Platform also within other systems on the terms agreed on by the administrators of these systems and the Administrator.
4. The Customer by Registration and the User by logging in to the Autenti Platform,  voluntarily commences using the Autenti Platform and declares that the data contained in the registration form concerns him, is complete and true.
5. Users can use the services of the Autenti Platform and affix electronic signatures within Personal or Business Accounts. Users using the Autenti Platform as part of a given Customer’s Account act for and on behalf of  the Customer on whose behalf the Registration was made. It is forbidden to create Accounts for the data of the entities, without the right to represent them or without being duly empowered by persons authorized to act on behalf of these entities.
6. The Account contains the Customer’s and Users’ data provided during Registration or as part of data update. In the event of any changes to the data entered into the Account, the User is obliged to immediately update them. The Customer and the User are fully liable in the event of providing or maintaining incomplete, outdated or untrue data.
7. The User is not allowed to provide other third parties with the possibility of using the Account, including disclosing the password used to access the Account. The User is obliged to hold an absolute secret of  the  password to the Account  and safeguard  it from disclosure. The User is obliged to promptly notify Autenti if the third party has become aware of the access data to the Accountmand provide the circumstances thereof.
8. The use of the Autenti Platform may take place without a previously registered Account, if the User to whom the document for electronic approval was sent via the Autenti Platform does not have a registered Account. Then the User may – via the Autenti Platform – electronically sign the Document sent to his e-mail address or telephone number by clicking the “sign”  button (or its equivalent).
9. If at any place on the Autenti Platform it is allowed to provide the data of third parties, other than the User (e.g. for recommendation or communication purposes), then the User when entering such data should have the requisite consent to use it in the Autenti Platform, and in the event of unauthorized transfer of the data in question he bears all liability related to the transfer of this data, and declares that he will indemnify and hold the Administrator harmless.
10. The User may not use his Account in a manner inconsistent with the nature and purpose of the services provided by the Administrator as part of the Autenti Platform and in a manner that disrupts the use of these services, in particular with the view  gaining access to the content not intended for a given User or sending unsolicited commercial information via Autenti platforms.
11. Should the User violate the Terms & Conditions, legal provisions or good morals, the Administrator may terminate the agreement to maintain the Account with the Customer or prevent access to a specific Account or a specific User. 
12. It is forbidden to aggregate and process the data and other information available via the Autenti Platform in order to make it available to third parties on other websites and outside the Internet. It is also forbidden to use Autenti designations, including characteristic graphic elements, without the consent of the Administrator.

Article 4. Use of the Autenti Platform

1. The Customer and the User may use their Account for the following purposes:
   1. in order to make declarations of will on their own behalf,
   2. in order to make declarations on behalf of another person, under the authorization held, in particular as a representative or member of the entrepreneur’s authority,
   3. in order to participate in the document circulation process.
2. The Administrator makes the following services available to Customers and Users:

1. 1. SERVICE OF ELECTRONIC SIGNING OF DOCUMENTS – making it possible for Users to read the content of the Document and submit declarations of will on the Document, including: in order to conclude an agreement or accept (authorize) another type of Document, based on the electronic signature Service provided by Autenti in accordance with the Terms & Conditions or other non-qualified or  qualified trust service provided by the Administrator or another service provider;
   2. ELECTRONIC SIGNING OF DOCUMENTS –  confirming the submission of declarations of will by Users, including consensual declarations of will submitted to each other by Customers or Users in order to conclude an agreement or accept (authorize) the content of a document and on this basis create an electronic signature, advanced electronic signature or qualified electronic signature in accordance with eIDAS, also with context meaning, e.g. marking as “signature” or “initial”;
   3. ELECTRONIC SEALING OF DOCUMENTS – ensuring the integrity of the content of the Document and the authenticity of the origin of the Document,  creating on this basis and affixing on the Document an electronic seal, advanced electronic seal or qualified electronic seal in accordance with eIDAS, also with context meaning of the seal;
   4. STORAGE AND SHARING OF ELECTRONIC DOCUMENTS – storing Documents on the servers of the Autenti Platform and enabling Users to share Documents stored on the Autenti Platform with other persons by indicating the method of authorizing access to the Document (e.g. access to a specific e-mail address, telephone number or having an access code);
   5. DIGITAL VERIFIER OF DOCUMENTS – providing the possibility of verifying the authenticity of affixing the signatures by the User;
   6. DURABLE MEDIA OF A DIGITAL DOCUMENT –  storing or transferring the Document online in the manner enabling future access to information, and which makes it possible for the stored information to be restored in an unchanged form.
2. Users who have the Business Account  authorize the Administrator to use the name or designation (logo) of the entrepreneur for whom the Account has been created, in order to designate the Account and the User, as well as to perform the services specified in the Terms & Conditions and to inform about the services provided.
3. Users of the Autenti Platform may enjoy the functionalities marked as “LABS”, the development process of which has not yet been completed, and therefore there is no guarantee of their correct operation, their future provision is uncertain, and the scope may be subject to modification. These functionalities are made available to Users free of charge for the purpose of testing and expressing their opinion, and in the future they may be provided against payment, about what the Users will be informed before the period of the provision of paid services commences.
4. If the provision of a specific service, available as part of the Autenti Platform, requires the operation of another provider (in particular a qualified trust service provider),  these services will be guaranteed by such provider, on the terms specified separately and in detail for a relevant service, about which Users will be informed before using such service.
5. The Administrator undertakes to keep the Document submitted or signed by the Customer or User on the Autenti Platform for a minimum of 12 months, unless otherwise stated separately, in particular in the Price List.

Article 5. Determining the content of the Document and concluding agreements

1. As part of their Account, Customers have the option of uploading to the Autenti Platform the Documents consisting of electronic files containing information that is, in particular, the subject matter of a declaration, approval, consultation or draft agreement (hereinafter referred to as the “files”). The maximum size of one file, available file formats and the number of files that can be sent depend on the Account parameters granted by the Administrator.  Autenti provides the possibility  of sending files in PDF, DOC, DOCX, XLS, XLSX, ODS, ODT formats, and regardless of the entered format, the files are converted into PDF (print to PDF). Files in a different format must be opened in order to read their content using another appropriate software.
2. The Customer or the User may indicate files that will not constitute an integral part of the Document for signature, and which will be made available to the indicated recipients only for viewing or downloading.
3. The Customer or User may indicate other Users who will be granted access to the content of the Document referred to in sec. 1, and define their role in the process of agreeing, accepting the content or circulation of the Document.
4. All persons indicated to sign the Document should be duly authorized to represent the entity on whose behalf the signature is affixed. The Administrator is not liable for the lack of relevant authorization on the part of persons acting on behalf of such an entity.
5. By confirming the “Sign” option (or another option that means acceptance or confirmation of affixing the signature), the User makes  the declaration of will (appropriate to the content of this option) to the content expressed in the Document, and the Document is deemed as signed by the Customer or another entity, respectively, for whom  the User works. The above also applies to making declarations of will to confirm the content of the file, the opening of which requires separate software, therefore Users should make sure that they are familiar with the content of the Document contained in the file before submitting a specific declaration of will.
6. As soon as all entities indicated as [“SIGNATORY”] confirm the “Sign” option,
   a declaration of will is made with the content indicated in the Document (affixing the signature), and if the Document is an agreement, the agreement is concluded in the wording specified in the Document. An electronic version of the Document will appear on the Account of each of the Customers participating in affixing the signatures, along with annotations on the dates and manner of affixing the signatures, as well as the data of the Users who signed the Document.

Article 6. User Verification

1. As part of the Autenti Platform, the User, by submitting a Document to be signed, indicates the person authorized to sign it and provides his  personal and contact details to confirm his  identity. The User bears the full risk related to the truthfulness and correctness of the personal and contact data of  the person indicated for signing the Document.  
2. Verification of Users’ personal data may take place through the identification service provided on the basis of a separate agreement (regulations) by the Administrator or other service providers.

Article 7. Payments

1. Some services provided by the Administrator as part of the Autenti Platform may be offered against payment.
2. The Customer will be informed about the amount of the fee, before it is incurred, in the form of a message requiring the Customer’s approval, or in the form of a Price List available on the Autenti website. 
3. Users will be issued electronic invoices. The Customer may download the invoice in electronic form using the “Download invoice” button available in the Account.
4. The Customer is obliged to effect the payment for the given billing period, at the latest on the date specified in the order / order confirmation. Failure to pay within the indicated time limit entitles the Administrator to suspend the provision of services to the Customer or Users as part of the Customer’s Account, reduce the scope of the available Account functionalities or terminate the agreement to provide the service. 

Article 8. Data protection and confidentiality 

1. The Administrator’s priority is to ensure the confidentiality and security of the data processed as part of the Autenti Platform, including Users’ personal data.
2. The rules for the processing of personal data within the Autenti Platform are set out in the Privacy Policy. 
3. As far as entrusting the processing of personal data by the Customer is concerned, the provisions of Art. 8 sections 4 to 12 constitute another legal instrument within the meaning of Art. 28 sec.  3 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJL 119,  p. 1 as amended (hereinafter referred to as the “GDPR”)).
4. The Customer, if applicable, entrusts the Administrator, pursuant to Art. 28 of GDPR with the processing of personal data for the purpose of  the performance of the agreement, i.e. to use the tools provided as part of the Autenti Platform. The Administrator may process the personal data entrusted to him only to the extent and purpose specified in the preceding sentence and for the purpose and scope necessary to provide services specified in the Terms & Conditions.
5. The Administrator declares that he ensures the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the GDPR regulation and protects the rights of the data subjects.
6. The Customer may entrust the Administrator with such types of personal data such as: name and surname, place of employment, position, e-mail address, telephone number and other identification data, depending on the service provided. The types of personal data may relate in particular to the following categories of persons: Employees or associates of the Customer, persons representing the Customer’s contractors, persons representing the Customer’s clients and other natural persons to whom the Customer sends documents via the Autenti Platform.
7. The administrator undertakes:
   1. to exercise due diligence in the processing of entrusted personal data and to process personal data in accordance with the provisions of applicable legal provisions, in particular the GDPR;
   2. to grant authorizations to process personal data to all persons who will process the entrusted data;
   3. to ensure confidentiality (referred to in Art. 28 sec.  3 let. b of the GDPR) of the data processed by persons who authorize the processing of personal data;
   4. to protect personal data by using appropriate technical and organizational measures ensuring the  adequate level of security corresponding to the risk related to the processing of personal data referred to in Art. 32 of the GDPR, including, but not limited to: (i) pseudonymization and encryption of personal data, (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services, (iii) the ability to quickly restore the availability and access of personal data in the event of a physical or technical incident, and (iv) regular testing, measuring and evaluating the effectiveness of technical and organizational measures to ensure the security of processing;
   5. when assessing whether the level of security is appropriate, the Administrator takes into account, first of all, the risk related to the processing, in particular resulting from accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data sent, stored or otherwise processed;
   6. to provide assistance to the Customer to the extent necessary to fulfil the obligation to respond to the requests of the data subject and to meet the obligations set out in Articles 32-36 of the GDPR;
   7. upon termination of the processing services, to return any personal data or delete any existing copies thereof, unless the Union law or the law of a Member State allows for the storage of personal data for a longer period, then the return or permanent deletion of personal data will take place following the expiry of that period;
   8. to provide the Customer with the information necessary to demonstrate compliance with the obligations stipulated in Art. 28 of the GDPR and make it possible for the Customer to conduct audits after prior arrangement of their date and scope;
   9. the Administrator may entrust the User’s personal data for further processing to another entity (hereinafter referred to as the “Sub-processor”). The sub-processor that processes personal data on behalf of the Administrator and for the benefit of the User, should meet the same guarantees and obligations regarding the protection of personal data that were imposed on the Administrator. Processing entities may be, in particular, entities providing technical services, including hosting, relating to the development and maintenance of IT systems and websites. Detailed information on Sub-processors may be made available to the User at his request.
   10. the Customer has the right to object to the catalogue of the Administrator’s Sub-processors, however, objecting to or not accepting them may result in the need to terminate the Agreement, and thus prevent the Administrator from providing the Service to the Customer, provided that  the Sub-processor is a key entity for the purpose of carrying out the Service.
   11. the transfer of processed personal data to a third country or an international organization by the Administrator may take place only when the conditions set out in Chapter V of the GDPR are met. 
8. After finding a breach of the Customer’s personal data protection, the Administrator reports this fact to the Customer without undue delay.
9. In the event of a breach, the Administrator is obliged to take all possible measures to prevent the consequences of the breach or minimize them.
10. The Administrator is not responsible for any breaches of data protection resulting directly from the Customer’s activities on the Autenti Platform, i.e., inter alia, sending the wrong Document or sending the Document to the wrong recipient.
11. Should the Administrator disclose that the Customer’s use of the Autenti Platform took place in a manner inconsistent with the Terms & Conditions or applicable provisions, the Administrator may process the Customer’s personal data to the extent necessary to determine its liability.
12. Data of Customers, Users or entities represented by Users may be transferred to other Customers, Users or entities represented by Users, should it be necessary for communication purposes, using the services provided by the Administrator, in particular to conclude or perform an agreement made using the tools made available as part of the Autenti Platform.

Article 9. The role and responsibility of the Administrator

1. The Administrator provides IT tools to Users for communication between Users, but is not liable for the conduct of Customers or Users, or for undue performance or failure to perform factual or legal actions by them in connection with Documents processed as part of the Autenti Platform, and is not liable for consequences of actions taken by Customers, Users, entities represented by Users and third parties, and constituting a breach of the provisions of the Terms & Conditions, legal provisions or good morals. In particular, the Administrator is not liable for the failure to conclude or nullity of agreements made by the entities represented by Users and other circumstances resulting from the acts or omissions of Customers or Users, in particular the lack of selection of the appropriate type of signature for the form of an  act in the law in which the Document should be concluded to produce legal effects expressed therein.
2. The Administrator is not liable for the truthfulness and reliability of information provided by Users, or the ability of Customers, Users or other entities represented by Users to be the entity of specific legal actions.
3. In the event that the actions of Customers or the User violate the provisions of the Terms & Conditions, applicable law, the rights of Customers, other Users, persons represented by Users or third parties, as well as in other justified cases, when the Account or the User’s activity on the Autenti Platform requires additional verification data, the Administrator may:
   1. suspend the Account for a definite or indefinite time;
   2. limit the functionality of the Account for a definite or indefinite time  as far as the access to individual services provided within the Autenti Platformis concerned;
   3. make the use of the Autenti Platform dependent on the confirmation by the Customer or the User of their credibility in the manner indicated by the Administrator.
4. Regardless of the suspension of the Account, the Customer or the User is fully liable for  his acts and omissions which are the basis for the suspension of the Account, in particular liability for damages towards the Administrator.
5. The Administrator is liable on general terms for damage caused as a result of failure to perform or undue performance of the obligations set out in these Terms & Conditions, excluding lost profits. In relation to entrepreneurs, the Administrator’s liability is limited to damage caused intentionally or as a result of gross negligence.

Article 10. Complaints 

1. The Customer, User or the entity represented by the User may file a complaint if the services specified in these Terms & Conditions are not provided by the Administrator or are performed contrary to the provisions of the Terms & Conditions.
2. Complaints may be submitted electronically using the contact form or in writing to the Administrator’s address. The complaint should contain at least the e-mail address assigned to the Account, the User or – if the complainant has not provided an e-mail address before – another e-mail address, a description of the objections raised, including – if it relates to a specific Document – the identification of the Document, and expected manner of resolving the issue.
3. If the data or information provided in the complaint needs to be supplemented, in order to properly handle the complaint and satisfy the claimant’s request, the Administrator will ask the person submitting the complaint to supplement it in the indicated scope and time limit. The ineffective expiry of the time-limit means that the complaint cannot be handled and is subject to dismissal. The action of summoning the person submitting the complaint to supplement the complaint interrupts the time limit for the handling thereof. This provision is without prejudice to mandatory legal provisions of law to the extent in which they grant consumers broader protection.
4. The Administrator shall handle the complaint within 14 days from the receipt thereof in a proper form, with the proviso that the Administrator may refuse handling of complaints submitted 90 days after learning about the reasons for complaint.
5. A response to the complaint is sent only to the e-mail address assigned to a given User Account. In specifically justified cases the Administrator may send a response to a another e-mail address indicated by the person submitting the complaint, which is not assigned to the User Account.

Article 11. Duration of the Agreement and its termination

1. Upon registration on the Autenti Platform, an agreement to maintain the Account for an indefinite period is concluded between the Customer and Autenti. The agreement to maintain the Account  may be terminated at any time via the “Delete Autenti Account” option, available from the “My Account” Panel.
2. For important reasons for which the Administrator is not accountable, the agreement to maintain the Account may be terminated by the Administrator upon seven days’ notice.
3. If the agreement to maintain the Account  has been terminated on the basis of the Administrator’s declaration, the Customer may not register again without the Administrator’s prior consent.

Article 12. Consumer right to withdraw from the Agreement

1. An entity acting as a consumer that has concluded a distance agreement with the Administrator, has the right to withdraw from the agreement without providing any reason within 14 days from the date of conclusion of the agreement.
2. The right to withdraw from a distance agreement does not apply if the Administrator has fully performed the service with the express consent of a person acting as a consumer, and – in relation to agreements for the supply of digital content that is not recorded on a tangible medium – if the provision of service commenced with the express consent of that person, in particular: 
   1. in relation to the Customers, the conclusion of the agreement takes place at the time of Registration, and the moment the provision of service commences is the use of the service available under the Account, in particular sending the Document for signature or confirmation of the “sign” button under the Document. 
   2. subject to legal provisions , a person acting as a consumer, who does not have the Account, and who will use the service on the Autenti Platform, by confirming the “sign” button under the Document, due to the automatic performance of the service of affixing the electronic signature, is not entitled to withdraw from a distance agreement.
3. If persons acting as the consumers use additional  services available on the Autenti Platform against payment, the commencement of the service provision is the activation of additional  services against payment in the manner specified for the given service.
4. In order to exercise the right of withdrawal referred to in sec. 1, a statement setting out the decision to  withdraw from the Agreement should be sent to the following e-mail address within 14 days from the conclusion of the agreement:  

[email protected] or in writing to the Administrator’s correspondence address.

Article 13. Final Provisions

1. The Administrator may amend the Terms & Conditions or launch a modified or new version of the services provided under the Autenti Platform, in the event of the following:
   1. the need to adapt to changes in legal provisions or obligations imposed by state authorities;
   2. changes to the Price List;
   3. instances dictated by security reasons, preventing abuse, improving the protection of Users’ privacy, 
   4.  technological or functional change to improve the operation of the Autenti Platform;
   5. changes in the scope or manner  of the services provided;
   6. editorial changes.
2. The amendment towards The Customer and User added to the Account becomes effective on a date indicated by The Administrator from the moment of making the amended Terms & Conditions available.
3. The Customer and User added to the Account will receive the notification of the amendment to the Terms & Conditions to the e-mail address at least 14 days before the amendment enter into the force.
4. The governing law for the Agreement concluded with the Administrator, the subject of which are services provided by the Administrator as part of the Autenti Platform, is Polish law, unless the European Union law with regard to the consumer provides otherwise. Any disputes related to the services provided by the Administrator as part of the Autenti Platform will be settled by the competent common courts. The entity acting as a consumer has the option of applying an out-of-court method of handling complaints and securing claims before the Permanent Consumer Arbitration Court at the Provincial Inspector of the Trade Inspection in Poznań. Information on how to access the above mentioned mode and procedures for resolving disputes can be found at the following address: www.uokik.gov.pl, in the tab “Resolving consumer issues”. The entity who is a consumer also has the option of using the EU ODR internet platform, available at the following address: https://ec.europa.eu/consumers/odr/.
5. Should any provisions of these Terms & Conditions be found invalid in a judgment of a court or another entitled authority , the remaining provisions  remain valid.
6. In matters not covered by the Terms & Conditions, the provisions of generally applicable law apply, in particular the Civil Code, the Act on the provision of electronic services, GDPR and eIDAS.
7. The provisions of these Terms & Conditions in the relationship between the Administrator and the entity operating on consumer rights do not prejudice the applicable legal provisions, the application of which cannot be excluded, and which grant wider protection to consumers.

Protection of Personal Data and privacy is our priority. This Privacy Policy (“Privacy Policy”) describes who we are, how we collect, share and use Personal Data and how people whose data we process can exercise their privacy rights. 

If you have any questions or doubts regarding our use of your Personal Data, please contact us using the contact details provided in Article 7.

Article 1. Definitions

1. Individual terms used in the Policy bear the meaning assigned to them respectively in Article 2 hereinbelow or in the Regulations of the Autenti platform
2. The terms used in the Policy mean:
   a) Administrator – Autenti sp. z o.o. with its registered seat in Poznań at ul. Św. Marcin 29/8, 61-806 Poznań, entered into the register of entrepreneurs kept by the District Court for Poznań Nowe Miasto i Wilda in Poznań VIII Commercial Division of the National Court Register under the following number KRS 0000436998, NIP [Tax ID no] 783-169-32-51 
   b) GDPR – Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data and on repealing the Directive 95/46/EC;
   c) Personal Data – information about a natural person identified or identifiable by one or more specific factors, including, in particular, name, surname, email address, telephone number, device IP number, location data, internet identifier and information collected through cookies and other similar technology;
   d) Service Regulations – separate regulations defining the terms and conditions for the provision Services provided by the Administrator accepted by the Client at the time of placing the order
   e) Services – services provided by the Administrator by electronic means pursuant to applicable Service Regulations. 
   f) User – any natural person who uses the Administrator’s Services;
   g) Client – a natural person acting on his or her own behalf or on behalf of a legal person or an organizational unit without legal personality who entered into agreements with the Administrator for the provision of Services;
   h) Account – a set of data related to a given Client, including information provided by the Client during registration for Services, as well as information on the activity of the Client and Users added to this Account under the Autenti Platform. The Account enables ordering or full use of the services provided under the Autenti Platform, assigned to a given Account.
    

Article 2. Legal basis and the purpose of Personal Data processing

1. The Administrator processes Personal Data for the purpose of:
   a. performance of the agreement for the provision of electronic services (pursuant to art. 6 point 1 letter b of the GDPR), and in particular of;
   i. providing Services of setting up and managing the Accounts, and ensuring their service, document handling and solving technical problems,
   ii. handling notifications submitted, e.g. via the contact form,
   iii. directing any communication related to the Services, including marketing of own services referred to in point i. above, including information regarding the Account, new products or functionalities,
   b. fulfilment of the Administrator’s legal obligation (pursuant to Art. 6 point 1 letter c and point 3 of the GDPR), and in particular for the purposes of:
   i. tax and accounting,
   ii. considering complaints 
   c. implementation of the legitimate interests of the Administrator (pursuant to Art. 6 point 1 letter f of the GDPR): marketing of own products or services, statistical and analytical purposes,
   d. pursuing or securing claims or defending against them (pursuant to Art. 6 point 1letter f of the GDPR).
   e. marketing activities performed by the Administrator, based on the consent expressed by the User, concerning for e.g. 
   i. the Administrator’s provision of the newsletter delivery Service in accordance with the Newsletter Regulations, 
   ii. marketing of own products or Services through the Trusted Partners whom the Administrator cooperates with. Trusted Partners mean entities which Autenti cooperates with in the scope of implementing or providing Services and business partners entered  into the List of Trusted Partners which is available under the following link
2. Detailed information on the processing of Personal Data performed by the Administrator is described in the Principles of Personal Data processing, constituting information clauses pursuant to art. 13 and art. 14 GDPR .
3. In order to use the Services, the User may be required to complete the form available on the Administrator’s website, in accordance with the Service Regulations.
4. In the case of registration and logging in to the Account, using the username (login) and password to access other social media services, the data contained in the User profiles of such services, provided in connection with logging into the Account, are treated as the data provided by the User when registering an Account.
5. The Administrator may process third parties Personal Data made available by the  Clients or Users for the purposes of communication, recommendation or using the  Services, in particular including the conclusion or performance of the agreement concluded through the tools available within the scope of the Services.
6. The Administrator may process Personal Data transferred from external sources, such as public databases, social media platforms, external data providers or Trusted Partners.
7. If the Client or the User submits third party Personal Data to the Administrator for the purposes of communication, recommendation or use of the Services , then – depending on the given situation – the Client provides or entrusts the processing of Personal Data of these third parties to the Administrator. When submitting third party Personal Data, the Client or the User should be entitled to do so, for example, have the appropriate consent of the entity that the Personal Data refer to, as well as fulfil the information obligation towards these entities.
8. If the third party Personal Data are made available to the Administrator, the Administrator becomes the administrator of these Personal Data and, in cases provided for by law, shall fulfil the secondary information obligation towards persons whose Personal Data were obtained in a way other than from the person they concern (in accordance with art. 14 of the GDPR). Complete content of the obligation to provide information.
9. If within the scope of using the Services the User entrusts the processing of Personal Data, the provisions of respective Service Regulations, constituting an agreement for entrusting the processing of Personal Data, will apply.
10. Providing Personal Data is voluntary, however, the consequence of failure to provide personal data may result in the inability to conclude or perform by the Administrator a contract for the provision of specific Services
11. If it is required by the nature of the Service, the Administrator collects the IP addresses during Internet connections and uses them for the purposes of verifying the User’s identity or authentication of the provided Service and for technical purposes related to server administration. In addition, IP addresses are used to collect general, statistical demographic information (e.g. about the region which the connection is made from) and constitute material for statistical analysis and mechanisms for correcting system errors. These data may also be combined with data provided by Users in order to provide Services.
12. Personal Data, may be recorded in the system logs. Information collected in the logs is processed in connection with the provision of services. The Administrator also processes the information collected in the logs for technical purposes – in particular, the data may be temporarily stored and processed in order to ensure the security and proper functioning of IT systems, e.g. in connection with creating backups, testing IT systems, detecting inconsistencies or protecting against misuse and attacks.
13. The Administrator uses “cookie” files. The information collected by means of  “cookie” files allows to customize the services and the content to the individual needs and preferences of Users and other visitors of the Administrator’s website, as well as to develop general statistics regarding their use of the Autenti Platform. Lack of consent to “cookie” files or disabling the option to save “cookies” in the web browser, generally does not prevent the use of the Autenti Platform or the Administrator’s website, but may cause some difficulties. Detailed provisions relating to “cookies” are set out in the Cookie Files Policy.

Article 3. The scope and time of Personal Data processing

1. The Administrator processes only the Personal Data provided by the User or collected in connection with the use of the Service.
2. Personal Data processed in order to perform the agreement for the provision of services specified in the relevant Service Regulations will be stored for the duration of the agreement, and after its expiry for the period necessary to:
   a. provide after-sales client service (e.g. handling complaints);
   b. secure or pursue claims;
   c. if necessary – properly provide services in accordance with the Service Regulations, including documenting declarations of will made towards other Users, if any of the other Users still use the Administrator’s Services;
   d. comply with the legal obligations of the Administrator (e.g. arising from tax or accounting regulations).
3. Personal Data processed for the purposes of marketing of products or own services based on a legitimate legal interest, will be processed until the person concerned declares his or her objection.
4. Personal Data processed on the basis of a submitted consent are processed until the consent is  withdrawn.
5. After the expiry of the processing period, as long as it is technically possible and if the applicable law does not allow or require further processing of Personal Data, then the Personal Data are irreversibly deleted or anonymised.

Article 4. Sharing Personal Data

1. Personal Data can be made available to entities authorized to receive them, under the relevant legal regulations, including those of competent judiciary authorities. Personal Data may also be transferred at the request of the Administrator to entities processing Personal Data indicated by the Administrator, that is service providers providing:
   a. technical services, inter alias hosting (including data storage in the so-called cloud computing), concerning the development and maintenance of IT systems and websites,
   b. marketing services,
   c. debt collection services,
   d. bookkeeping and accounting services,
   e. advisory and consulting services,
   f. trust service or identification service providers
   g. other entities thanks to which the Administrator provides services by electronic means.
2. Personal data of Users or Clients may be made available to other Users or Clients if it is required for the purposes of communication or using the Administrator’s Services.
3. Users’ Personal Data may be transferred to third parties – in cases not indicated by the Administrator or by legal regulations – but upon the consent of the User, which may also be expressed through User’s appropriate and intentional actions
4. If the User agrees, his or her data can also be made available to other entities for their own purposes, including marketing purposes and sending commercial contents by electronic means.
5. With the exception of Services that are used to identify Users’ identities (e.g. Broker ID service), Personal Data may be transferred to a third country or international organization only if that third country, territory or specific sector(s) in that third country or a given international organization where the data are to be transferred ensures an adequate level of protection, pursuant to art. 44-46 GDPR.
6. If the provisions of item 5 above occur to be inapplicable, the Administrator shall apply binding corporate principles, in accordance with art. 47 GDPR or standard contractual clauses in accordance with the Decision of the European Commission of June 15, 2001 on standard contractual clauses for the transfer of personal data to third countries, pursuant to Directive 95/46 / EC. The content of the decision can be found on the website: (https://eur-lex.europa.eu/legal-content/PL/TXT/PDF/?uri=CELEX:32001D0497&from=en).
    

Article 5. Privacy protection principle

1. The Administrator attaches great importance to the protection of the privacy and confidentiality of Personal Data obtained in connection with the conducted activity, including provided Services.
2. Personal data is processed by the Administrator in accordance with the provisions on the protection of personal data, including in particular the GDPR.
3. The Administrator selects and applies appropriate technical and organizational measures with due diligence to ensure adequate protection of the Personal Data processed. Access to Personal Data is granted only to persons authorized by the Administrator who committed to keep them confidential.
4. The Administrator exclusively uses the services of such subcontractors who guarantee an adequate level of security of Personal Data.
5. Personal Data is protected by the Administrator against their disclosure to unauthorized persons, as well as other cases of their disclosure or loss, and against their destruction or unauthorized modification, through the use of appropriate organizational security, as well as technical and programming security, in particular data encryption systems. Passwords are encrypted in such a way that they cannot be read by the Administrator and persons acting on his behalf.
6. During the provision of the Service, the Administrator exercises due diligence to ensure that the data transmission to and from the Administrator takes place in a safe manner, for example through the use of a secure SSL protocol, while the Administrator is not responsible for that part of data transmission that takes place outside of Administrator of e-mail systems.
7. The Administrator may process personal data in an automated manner, also in the form of profiling, however, the automated processing will not lead to making decisions with legal effects or similarly affect the Users in a significant way. This processing may affect the selection of displayed advertisements or the selection of products or Services offered. The User may receive special offers through personalized online advertising, with the exception of Services which are used to identify the Users’ identity (e.g. Broker ID service).
    

Article 6. Rights and obligations of Users

1. Personal Data Subjects have the right to request access to the content of their Personal Data, request a copy thereof, request their rectification or deletion, request to limit the data processing, request to transfer Personal Data, object to the processing of Personal Data based on the Administrator’s legitimate interest or object to their processing for the purpose of direct marketing, withdrawal of consent at any time without affecting the lawfulness of processing (if the processing is based on the consent), which was made on the basis of the consent before its withdrawal.
2. The Client has the right to resign from receiving electronic messages, referred to in art. 2 paragraph 1 letter a, point iii and letter e and demand that the processing of Personal Data be stopped for this purpose. The relevant request should be sent to the following address: [email protected], at any time. The Client also has the right to resign from the abovementioned Services by clicking the link contained in the e-mails received.
3. The User and the Client are committed to provide the Administrator with complete, current and true Personal Data.
4. Using the rights indicated above in paragraph 1, is feasible by contacting with the Data Protection Officer or the Administrator. The request should indicate the subject of the request, and in particular, what right the User wants to exercise, what type of processing the request concerns and what is the expected way of satisfying his/her request.
5. If the Administrator is unable to determine the content of the request or to identify the applicant based on the submitted request, the Administrator will ask the applicant for additional information.
6. The response to the request will be given within one month of its receipt at the latest. If it occurs necessary to extend the above specified period, the Administrator will inform the applicant about the reasons for such extension.
7. If it turns out that the processing of Personal Data violates the provisions of the GDPR or other provisions on the protection of Personal Data, the data subject may submit a complaint to the President of the Personal Data Protection Office

Article 7. Administrator’s contact details

Contact with the Administrator or the Personal Data Protection Inspector appointed by the Administrator is possible through: 

a. electronic form available on the website: https://autenti.com/kontakt/; or
b. at the email address: [email protected]; or 
c. at the traditional mail address: Autenti sp. z o.o, ul. Św. Marcin 29/8, 61-806 Poznań

This Cookies Policy shall apply to Autenti (“Autenti”) comprising both websites and apps.

I. Definitions

1. Data Controller – shall mean Autenti sp. z o.o. with its registered office in Poznań, operator of the website administered as “Autenti” (“Autenti”), providing electronic services, as well as keeping and accessing information on User’s equipment.

2. Cookies – shall mean IT data, in particular text files, saved and kept on User’s terminal equipment (e.g. PC, laptop, smartphone). These files enable the recognition of User’s equipment and relevant adaptation of the website to individual preferences and expectations of the User. Therefore, they make it possible to assess User’s preferences and find out how to improve the website. They usually contain a website name they come from, their validity, e.g. storage time in terminal equipment, and unique number for the identification of the browser used to connect to the website. Cookies are not used to identify the User and no identity is established on their basis.

3. Third-Party Cookies – shall mean Cookies placed by entities other than the Data Controller on their websites. Particular entities are operators of Cookies they have initiated, while the Data Controller may not be able to affect their selection and policy applicable to them.

4. Equipment – shall mean any electronic equipment used by the User to access Autenti.

5. User – shall mean an entity for which electronic services are to be provided in accordance with the Terms of Use and provisions of law, or with which an Electronic Service Provision Agreement is to be concluded.

II. Types of Cookies

1. Autenti shall use Cookies to:

a.authenticate and keep the User logged in – Cookies enable the provision of information if the User is logged in, as a result of which Autenti may provide relevant information and features; they also enable keeping the User logged in, as a result of which the User does not have to provide his login and password on every Autenti website; in addition, they save information on how Users use Autenti. Therefore, authentication and keeping the User logged in allows for easy login, automatic filling out the forms and remembering website settings by the User, which improves the services and comfort of using Autenti services;

b. configure Autenti – Cookies enable setting features and services on Autenti, including without limitation the optimisation of using websites and features of the Autenti app, as well as the adaptation of websites and Autenti app features to User preferences and expectations by saving settings selected by him;

c. ensure security and reliability of Autenti – Cookies enable the verification of connection authenticity and optimisation of Autenti performance;

d. display advertisements – Cookies enable the display of promotional messages and advertisements which are more interesting for Users and, at the same time, more valuable for advertisers to customise an advertising message; they can also be used to display advertisements outside Autenti;

e. set User location – Cookies enable the adaptation of information and Autenti features to User location;

f. review viewing figures – Cookies allow the Data Controller to understand Autenti User preferences better to improve and develop services. The Data Controller shall collect anonymous information and process data on trends without identifying personal data of particular Users.

2. As a rule, the following types of Cookies are used:

a. Session Cookies – temporary files kept on the User’s terminal equipment until he is logged out from Autenti or deactivates the software (internet browser);

b. Permanent Cookies – files kept on the User’s terminal equipment for a definite period of time in cookies parameters or until they are removed by the User manually.

3. The Data Controller shall use Third-Party Cookies to:

a. log in to or register on Autenti automatically using a third-party website (e.g. Google, Microsoft, Facebook),

b. collect general and anonymous statistical data using analytical tools,

c. present multimedia contents on Autenti websites downloaded from a third-party website,

d. use interactive functions to facilitate communication or increase the popularity on Autenti using utilities and social media,

e. present opinions and contents on Autenti websites downloaded from a third-party website.

III. Browser settings and Cookies

1. As a rule, software used to browse websites enables placing Cookies on terminal equipment by default. These settings may be changed so as to block automatic processing of Cookies in internet browser settings or inform the User each time they are transmitted to such equipment. For more information on the possibilities and methods used to process Cookies, please check your software (internet browser) settings. If the option enabling Cookies to be saved is deactivated in the internet browser, it usually does not make it impossible to use Autenti websites; however, it may cause some inconvenience and diminish user experience, while it is necessary to accept Session Cookies to use the Autenti app to authenticate and keep the User logged in.

2. An Autenti User using terminal equipment in cooperation with third parties should remember to log out from Autenti after the end of work.

3. The User may remove Cookies at any time, using features available in the internet browser.