EN PL

Privacy Policy

This document presents the rules for the processing of personal data within the CrewOps Service.

Effective Date: October 1, 2025

Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings set forth below:

  1. Service – a web application provided by Janusz Kuźnik at https://crewops.devsmith.eu, enabling the provision of SaaS services.
  2. Service Administrator – Janusz Kuźnik, operating as a natural person; in the context of GDPR, acts as:
    • data controller of Clients' personal data (e.g., contact details of individuals registering a company account)
    • data processor for Users' personal data entrusted by the Client
  3. Client – an entity (natural person, company, or other organizational unit) using the Service's services. The Client acts as the data controller of their Users' personal data.
  4. User – a natural person whose personal data has been entered into the Service by the Client (e.g., Client's employee, associate, or contractor).

1. Personal Data Controller

The controller of personal data of Clients using the Service is the Service Administrator - Janusz Kuźnik.

Contact with the Service Administrator is possible via email address: janusz.kuznik@devsmith.eu

The Service Administrator does not disclose their residential address or other contact details in the content of this document for privacy protection reasons. These details may only be provided to the Client or relevant authorities upon their justified request, in accordance with applicable law.

Users' personal data in the Service is processed by the Service Administrator only on behalf of the Client, who is the data controller of their employees, associates, and contractors. In this regard, the Service Administrator acts as a data processor based on a personal data processing entrustment agreement. The Client may process Users' data only to the extent and in the manner made available by the Service; any other actions are prohibited.

2. Scope of Data Collected

Data related to the Client (company) account:

  • company name,
  • tax identification number (NIP),
  • company address,
  • email address provided for contact and registration.

The above data relates to business entities and generally does not constitute personal data within the meaning of GDPR, except when the email address allows for the identification of a natural person.

Data related to User accounts:

  • first and last name,
  • employee identifier (e.g., employee number) assigned by the Client or automatically generated,
  • optional: email address and phone number (usually business) if assigning this data enables the use of additional Service functionalities, such as notifications.

The Administrator indicates that they are not the direct controller of Users' personal data, but process it solely based on a personal data processing entrustment agreement concluded with the Client, who acts as the data controller for their employees, associates, and contractors.

Users' data is processed to the extent necessary for the provision of services offered by the Service and to ensure the functionality assigned to User accounts, including enabling the use of assigned features and notifications.

2.a Technical Data and Cookies

When using the Service, technical data related to the User's device may be processed, including, but not limited to, the type of web browser, operating system, language settings, and other data automatically transmitted as part of standard network communication with the Service.

The Service may use cookies necessary for the proper functioning of the system and to ensure the security of the User's session. The Administrator does not use tracking mechanisms or process data for profiling or delivering personalized content.

In the event of future implementation of login functionality, the Service may also process the User's IP address for security purposes, monitoring abuse, and diagnosing technical problems.

Technical data and information from cookies are processed only to the extent necessary to:

  • ensure the proper functioning of the Service,
  • maintain system security,
  • diagnose and resolve technical issues.

3. Purposes of Personal Data Processing

Users' personal data is processed in the Service only to the extent and for the purposes necessary to provide the services offered by the Service, specifically:

  1. Service Provision
    • enabling the Client (company) to manage its own users,
    • enabling Users to use the functionalities assigned to their accounts, including notifications and access to Service content.
  2. Account Management and Authorization
    • maintaining the correctness and integrity of Client and User accounts,
    • in the case of login implementation: ensuring access security and authorization.
  3. Security and Technical Diagnostics
    • ensuring the security of the Service and user sessions,
    • monitoring system correctness, diagnosing and resolving technical problems,
    • potential monitoring of system abuse (including IP addresses in the future).
  4. Client Communication and Technical Support
    • enabling contact with the Client in administrative, technical, or service-related matters, including via the email address provided during company account registration,
    • providing technical assistance and support in using the Service based on Client or User data.

4. Legal Basis for Personal Data Processing

The processing of Users' personal data in the Service is based on the provisions of GDPR, specifically:

  1. Art. 6(1)(b) GDPR – necessity for the performance of a contract

    Users' data is processed to the extent necessary to provide the Service's services to the Client (company) and to perform the functionalities assigned to user accounts.

  2. Art. 6(1)(f) GDPR – legitimate interests of the controller or processor

    Technical data, including information about the device, sessions, and potential IP addresses, are processed to ensure the security of the Service, monitor system correctness, diagnose technical problems, and prevent abuse. Legitimate interest also includes the ability to provide technical support to Users.

  3. Art. 6(1)(c) GDPR – legal obligation

    To the extent that the Service is obliged to comply with legal obligations (e.g., retaining data necessary for the Client's tax or accounting purposes), processing is carried out to fulfill these obligations.

5. Data Retention Period

Client (company) data is stored for the entire duration of the Service provision. If the Client ceases to use the services, the Client's and directly assigned Users' data is additionally stored for a period of up to 6 months to enable potential re-use of the Service and retain activity history. After this period, the Client's and Users' data is permanently and irreversibly deleted or anonymized, and recovery is not possible.

Users' data is stored as long as the Client uses the Service. This means that if the User's cooperation with the Client ends (e.g., termination of the employment contract, end of contractual cooperation), the User may lose access to the system, but the history of their activity in the Service remains preserved for the Client's needs, in accordance with their business requirements.

Technical data and system logs are stored only to the extent necessary to ensure the security of the Service and to diagnose and resolve technical problems, for no longer than is necessary to achieve these purposes.

6. Rights of Users and Clients

Users have the right to:

  1. Access to data – the right to request information from the controller (Client) about the personal data being processed concerning the User, including the purpose, scope, and storage period.
  2. Rectification of data – the right to request the controller (Client) to correct or complete inaccurate or incomplete personal data.
  3. Erasure of data ("right to be forgotten") – the right to request the controller (Client) to erase personal data, unless there are other justified grounds for their storage.

    Depending on the Client's business needs, the data erasure operation may be carried out in one of two variants:

    1. Irreversible deletion of the User's account along with the entire history of their activity in the Service.
    2. Anonymization of the User's account, as a result of which personal data is no longer linked to a specific person, allowing the preservation of activity history in the system, according to the Client's requirements.

    The Service Administrator carries out these operations solely based on the Client's instruction, who is the personal data controller for the Users.

  4. Restriction of processing – the right to request the controller (Client) to restrict the processing of data in cases provided for by GDPR.
  5. Objection to data processing – the right to object to the processing of personal data in cases provided for by GDPR.
  6. Complaint to the supervisory authority – the right to lodge a complaint with the President of the Personal Data Protection Office if it is considered that the processing of personal data violates the provisions of GDPR.

6.a Client (company) Account Deletion

  1. The Client has the right to request the deletion of their account in the Service.
  2. The deletion of the Client's account is irreversible and results in the immediate deletion of:
    • accounts of all Users assigned to that Client (employees, associates, contractors),
    • the entire data history related to the Client's and their Users' accounts.

7. Contact Regarding Personal Data Protection

Any questions, requests, or demands regarding the processing of personal data in connection with the use of the Service may be directed to the Service Administrator via email:

crewops@devsmith.eu

The Service Administrator considers applications immediately, taking into account the deadlines provided for in Art. 12 of the GDPR.

8. Privacy Policy Updates

The Service Administrator reserves the right to update this Privacy Policy at any time, particularly in the event of changes in the Service's functionality, legal requirements, or data processing practices.

The System Administrator declares that they will inform Service Clients about the planned change to the Privacy Policy with appropriate notice to allow them to familiarize themselves with the new provisions.

Policy updates come into effect upon their publication in the Service at the same URL address. It is recommended to regularly review the Policy content for current information on personal data processing methods.

9. Document Preparation Information

This Privacy Policy document was prepared by the Service Administrator to transparently present the rules for personal data processing in the Service.

Effective Date: October 1, 2025.