Privacy Policy US and non-EU users
Since your privacy is important to us, please read the information below.
In our business, we process personal data of individuals. If you use our services, website, mobile application, or otherwise communicate with us, this means that we most likely process your personal data. By using our services, you understand that we will process personal data in accordance with this Privacy Policy, and you agree to be subject to, and comply with, the applicable terms of this Privacy Policy.
In this Policy you will find relevant information, including who we are, in what situations, for what purposes and to what extent we process your personal data, and what rights you have.
For your convenience and clarity, we have included a table of contents at the beginning to help you navigate through the document and easily find the information you are looking for.
Should anything be unclear to you or need to be discussed, you can always contact us – see below for contact information.
Table of Contents
Who are we and how can you contact us?
Controller
The controller of your personal data is NapoleonCat, Inc. with its registered office in NEW YORK, NEW YORK CITY – SPACES 1740 BROADWAY
Whenever used herein, words “controller”, “we”, “us”, “our”, etc. mean NapoleonCat, Inc.
Contact data
You can contact us:
- via email at [email protected]
- by mail sent to the following address: NapoleonCat, Inc. NEW YORK, NEW YORK CITY – SPACES 1740 BROADWAY
What we do?
We provide our users with services (hereinafter “services”) consisting of providing tools for marketing on social media platforms, e.g. for managing presence on these platforms, profiles, fan pages, etc. To this end, we use the NapoleonCat application (hereafter “application”), available in a software-as-a-service model. We operate a website at napoleoncat.com, as well as the NapoleonCat mobile application, which our users can use to benefit from our services (collectively,“site”).
Our users are mainly companies and organizations that enter into a services agreement with us. Details of how we provide services are set forth in the Terms and Conditions.
What personal data do we process?
General information
The data we process depends on your situation, including your use of the site, as well as the data you provide to us and your role as a business or associate. We may specifically process the following categories of your personal data:
- first and last name:
- business name, TIN, EIN, business address;
- your title;
- data that identifies you on social media platforms (e.g., the nickname you use);
- email address, phone number – which you provide, for example, when registering or for marketing based on a separate consent;
- information about which of our services you use;
- data required for the purpose of paying for our services (e.g. your bank account number and the name of the bank maintaining the account);
- information about your use of our site collected through cookies (if you have given your consent to the use of cookies – for details on the use of cookies, see the Cookies section).
- IP address from which you communicate with our site, information about the device you use when visiting the site, including its settings (e.g. browser, screen resolution);
- information you include in your statements and communications sent to us – such as email correspondence or telephone conversations, as well as complaints, for example;
- the content and scope of the consents you have given on the site.
Data collected automatically
During your presence on the site and use of our application, some of your data will be collected automatically.
Data acquired automatically on the Site
We process so-called usage data (data characterizing the use of the site), including in particular identifying data, your IP address, data identifying the telecommunications network termination or information and communication system you use, browser type, browser language, information about the use of our services, information about the start, end and scope of your use of the site each time, type and version of the operating system, screen resolution, data collected in server logs and other similar information.
Data acquired automatically via the application
If you use our application we will collect and gather data such as: certain information about the mobile phone or tablet used to access the application, including the mobile device ID (Device ID), user ID (User ID), type and version of the operating program.
Our application may ask, depending on the needs and functions of the application, for access to various peripheral devices, which you may not consent to.
Purposes of processing automatically collected data
We will use the above data (i.e., data collected through the site and application), among other things, to transmit communications on the site and application, as well as to provide the service requested by you.
Notwithstanding the above, we will use the data we collect automatically to customize the content and advertise our services, within and outside of our site as part of remarketing (for more details, see the Cookies section). Data collected automatically may be used for profiling.
We will also use the data collected automatically to monitor traffic on the site pages and in the application.
For what purpose and on what basis do we process your data?
For what purpose and on what basis we process your data depends on how you use our services or contact us and what your role is. We have described each of the situations below.
Use of the site without registration
We process your data in order to provide the functionality of our site. These functionalities are mainly the ability to browse the content of the site, the ability to use the web chat and contact forms, customizing the content of the site according to your preferences.
In such case, we do this to enable you to use the site and its functionality.
We process data about your use of the site, which we obtain through essential cookies and similar technologies and use to ensure the proper operation of the Site, in particular the ability to navigate the Site and use its basic functions.
We process data about your use of the site, which we obtain through functional cookies and similar technologies and use to “remember” the settings you have selected and to personalize the site, on the basis of our legitimate interest in enabling us to “remember” the settings you have selected and to personalize the site.
We process data about your use of the site, which we obtain through analytical cookies and similar technologies and use to provide analytics and statistics on users’ use of the site in order to improve its performance – which involves, for example, analyzing how users navigate the site to understand how users use the site and make it more intuitive and convenient to use in the future, on the basis of your consent to the processing of personal data.
We process data about your use of the site, which we obtain through advertising cookies and similar technologies and use for marketing purposes, such as personalizing ads and content based on your interests, measuring the performance of ads and content, and gaining insight into the audiences who have seen ads and content, based on your consent to the processing of personal data.
For details on cookies, see the Cookies Policy.
Registration on the site and provision of services
Registration is required for the user to use our services via the NapoleonCat application.
Due to the nature of the social media platforms for which we provide services, registration is always performed by a specific individual. It can be an individual user on such individual’s own behalf (a “user”), or it can be an individual on behalf of a user (e.g. an employee or agent of a user) (an “associate” of the user).
As such, we may process your personal data if you are our user or an associate of the user registered on our site.
When registering, you will be asked to provide your personal data. In the case of a user who is an individual, this will be such user’s personal data. If, however, registration is performed by an associate of the user on behalf of the user, the associate will be asked to provide personal data of both the associate and the user.
In both cases, data is processed for the purpose of entering into and performing a services agreement between us and the user, in connection with registration.
Business contacts – users, business partners and their associates
Whether you register on our site or not, in the course of our business we interact with current or potential users (customers), business partners, suppliers, as well as individuals who are their associates (e.g., members of bodies, proxies, employees, contractors, associates, etc.). Such communication can take place through various channels – for example, in the form of emails or by telephone, and in such a case we process personal data of individuals involved in such communication. In addition to this, the data of such individuals may be provided, for example, in our commercial agreements (as the data of signatories or contact persons).
As such, we may process your personal data if you are one of the above-named individuals.
Where a commercial agreement is entered into with an individual, we process data to establish, exercise or defend potential legal claims that may arise in connection with the performance of such agreement. As regards associates of our users, business partners, suppliers, etc., we process data for day-to-day contacts in the course of business and the conclusion and performance of agreements and the possibility of establishing, exercising or defending potential legal claims that may arise in connection with the performance of agreements.
Marketing
We process your data for our own marketing purposes—i.e. promoting our services.
Marketing purposes include presenting you with offers and promotions, offering you additional functionalities, including but not limited to, broadcasting advertisements on third-party sites (such as Facebook or Google).
If you consent, we may also send you commercial information about our products in the manner of your choice – e.g., via email, SMS/MMS, telephone, push notifications or other electronic communications. In such case, we will use your data to send you commercial information in the manner of your choice.
Some of our marketing activities, based on separate legislation may require additional consent from you. This includes activities such as sending newsletters or using cookies for advertising purposes.
Contact forms
We provide contact forms and web chat on the site to make it easier for you to contact us. To use a form, you need to provide your personal data necessary to be contacted and to receive a reply to your inquiry. You may also provide other data to facilitate contact or handle your inquiry. In such case, we process your data in order to identify you and handle your inquiry.
Profiles on social media platforms – owned by the user
As part of our services, we provide our users with an interface and IT tools that enable them to communicate on their profiles on the social media platforms included in our site. Users (or, on their behalf, their associates) may post content on these social media platforms and communicate with other end users of these social media platforms. This includes direct communication platforms like Facebook Messenger.
Providing our service, we process all data that our users (or their associates, respectively) post to or receive from such social media platforms or communication platforms through us. This information may include personal data about you or your associates and third-party visitors to your profiles on the social media platforms covered by our service (e.g., identifying information on the social media platforms), as well as the content of communications (posts, comments, etc.)
We process this data by acting as a processor of our users, who are the controllers of such data. The legal basis for such processing of personal data is a data processing agreement. The conclusion of such an agreement occurs during acceptance of the Terms and Conditions, of which the data processing agreement is an integral part (Appendix No. 1 to the Terms and Conditions). Accordingly, the user accepting the
provisions of the Terms and Conditions simultaneously also concludes with us a data processing agreement.
Notwithstanding the above, operators of social media platforms process the data as independent data controllers.
The privacy policies of our currently supported platforms are:
- we make use of YouTube API Services to analyze YouTube channels. Google’s Privacy Policy must be followed when using this feature.
- Twitter’s privacy policy can be found at https://twitter.com/en/privacy#current
- Facebook’s privacy policy is located at https://www.facebook.com/privacy/policy
- Instagram privacy policy is located at https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect
LinkedIn privacy policy is located at https://www.linkedin.com/legal/privacy-policy - TikTok privacy policy can be found at https://www.tiktok.com/legal/page/eea/privacy-policy/
Profiles on social media platforms – owned by NapoleonCat
We also process personal data of users visiting our profiles maintained on social media platforms (e.g. Facebook, YouTube, Instagram, Twitter, Google My Business, LinkedIn). This data is processed in connection with the maintenance of our profile, including for the purpose of informing users about our activities and promoting various events, services and products, as well as communicating with users through these social media platforms. If you communicate with us on such social media platforms, we may process your data contained in such communications in order to promote our own brand and building and maintaining a brand-related community.
In addition, we would like to inform you that the operators of the social media platforms on which we have profiles process the personal data of their users and visitors to those profiles, including through the use of cookies. For details on the processing of personal data by operators of social media platforms, please refer to their published privacy policies or terms of use.
Controller’s other own purposes
We also process your data for other purposes that constitute our legitimate interests, such as:
- establishing, exercising or defending legal claims, including in connection with the provision of our services;
- contacting you – to respond to your notifications and requests for contact, complaints, to be able to contact you on matters related to the provision of our services, to inform you of any amendments to the Terms and Conditions and Privacy Policy;
- verifying accounts, investigating suspicious activity, detecting and preventing fraud and other violations of law or the Terms and Conditions;
- for the purpose of monitoring, testing and improving our services and resolving any related issues;
In addition to this, we process the data of our users, contractors, suppliers as well as individuals who are their associates (e.g., members of bodies, attorneys, employees, co-workers, etc.) for the purpose of complying with our legal obligations, arising in particular from tax and accounting regulations, including to ensure accountability (to demonstrate our compliance with legal obligations). We cooperate with law enforcement agencies and other institutions authorized to request access to your data based on applicable laws.
From whom we collect your personal data
Data collected directly from the data subject or the user
We collect your personal data mainly from you. You provide data to us, for example, when you create an account on the site, sign up for newsletters or other forms of marketing.
If you are an associate of our user or business partner, we may have received your data from the user or business partner or from other of their associates – for example, if you are a contact person in respect of a particular agreement or involved in a particular project, or if you interact with the user on the social media platforms covered by our service.
You can also provide us with your personal data by communicating with us – e.g. asking questions about services, submitting complaints – on the site via e-mail, on social media platforms, by phone or by mail.
In addition, we process your data on how you use the site from our offers and services.
Registration and login using your Facebook or Google account
Your personal data may also be provided to us by the social network Facebook, at your request. This applies if you want to register with us using Facebook functionality. Using this option, you will first be asked by Facebook to confirm that it can provide us with your data to the extent necessary to register with us. With your consent, Facebook will provide us with some of your data for registration purposes. To complete the registration process, you may need to complete your profile with additional personal data. Once you have created an account with us, you will be able to log in to our site using the functionality offered by Facebook or Google.
Sending commercial information by electronic means
If you consent to receiving commercial information by electronic means (e.g., via e-mail or through tools such as push notifications, web chat or chatbot), sending such information shall mean sending commercial information by electronic means and may also constitute direct marketing through the use of telecommunications terminal equipment conducted using automatic calling devices – depending on the device on which you receive such communications.
If you consent to being contacted by phone or SMS for marketing purposes, commercial information shall be transmitted by phone to the phone number provided by you for this purpose. Such contact will constitute direct marketing using telecommunications terminal equipment and may be conducted using automated calling devices.
You can withdraw such consents at any time, or restrict the manner which we use to send you such information – for details see below under “Withdrawal of consent and objection to processing” section.
Profiling for marketing purposes
In some cases, we use profiling of your personal data when marketing. Profiling is a method of automated processing of personal data that involves, among other things, using personal data to analyze or predict personal preferences, interests, etc. The use of profiling enables personalization of advertisements and content presented to you.
In some cases, for marketing purposes, we make automated decisions based on profiling, i.e. automatic processing of your personal data. Profiling is a way of processing personal data that involves, among other things, using personal data to analyze or predict personal preferences, interests, etc. The use of profiling makes it possible to customize advertising and content presented to the user.
The profiling we use involves using computer algorithms to analyze your personal data (your behavior on the site, how you use the application, data collected through cookies, as well as the personal data you provide) in order to display to you directly on the site, or in direct marketing (emails, SMS/MMS, phone marketing, push notifications, web chat or chatbot, etc.), as well as on third-party websites (so-called remarketing), customized offers based on your potential preferences and interests that may relate to our services.
As a rule, the basis for profiling is our legitimate interest in marketing our own services in a way that matches your hypothetical preferences. However, in some cases we ask you to give consent to selected forms of marketing or automated decision-making towards you on the basis of profiling.
How long do we retain your data?
The period of time for which we may retain your personal data depends on the purpose for processing and compliance with applicable law. More specifically:
- where we process your personal data on the basis of your consent – until you withdraw such consent;
- in the case of processing for the purpose of performing an agreement with you – for the term or performance of the agreement, and thereafter, for the period of limitation of claims that may arise in connection with the performance of the agreement under the law;
- in the case of processing for the purpose of complying with our legal obligations – for a period of time resulting from generally applicable laws;
- in the case of processing on the basis of our legitimate interest – until such interest ceases to exist (e.g., the period of limitation for claims) or until you object – in situations where such an objection should be accepted in accordance with the law.
However, the data processing period may be extended where the processing is necessary to establish, exercise and defend any legal claims, or for the purpose of complying with obligations relating to the accountability of the processing, and thereafter only if and to the extent permitted by law.
Whom do we share your data with?
Entities processing data on our behalf
We provide your personal data to companies whose services we use to comply with our obligations to you or to conduct our business, in accordance with the purposes of the processing. Accordingly, your personal data that is required for the relevant purpose may be transferred in particular the following recipients:
- in the case of payments for our services – entities that act as intermediaries in processing payments, for the purposes of such service, banks;
- companies that provide us with technology solutions and services required to provide the functionality of our site;
- marketing, analytics and statistical service providers that help us understand what our customers are interested in and create offers, promotions, as well as customize marketing;
- companies that conduct direct marketing on our behalf (e.g., sending emails) or other advertising services;
- companies that provide ongoing customer service – to provide such service;
- companies that provide accounting, legal, auditing, consulting or tax advisory services for us;
- providers of standard services related to handling and storage of information – providers of hosting, email, IT infrastructure, database maintenance and other IT services.
We also share your data with our authorized employees and associates.
Operators of social media platforms
In addition to the above, as specified under “Profiles on social media platforms – owned by the User” section above, to the extent that we provide a data transfer tool between the user (or the user’s associate) and the social media platforms, we share information relating to users their associates which may contain their personal data, with the operators of those social media platforms, and we transfer to the user (or user’s associate), from the operators of the social media platforms information relating to third parties who contact the user via those platforms, which may contain personal information.
However, given the principles of integrating our service with social media platforms, each of our users (or user’s associate) and a third party has his or her own account with a social media platform, and the operator of the social media platform is also the controller of his or her data under a separate agreement entered into by the operator directly with the user (or the user’s associate, respectively) or the third party. As such, in terms of such data transfer, we act only as a processor of our users’ data providing a tool for data transfer between our user (or user’s associate) and a separate controller, which is the operator of the social platform in question.
Public authorities
We may also be required to share personal data with entities authorized to obtain them under applicable laws, such as law enforcement agencies and other public institutions.
Transfer of data outside the United States
Data in the NapoleonCat application are processed outside of the United States. At the same time, we use services and IT tools provided by external companies in the provision of our services. Among them include companies from countries inside the European Economic Area as well as entities from the US, UK, Canada and Ukraine. The use of such services and tools may involve the need for these entities to access your personal data. This results in the transfer of data to a third country. In such cases, the transfer of data will be secured through an appropriate transfer mechanism.
To receive detailed information on the safeguards in place, please contact us by sending an inquiry to: [email protected].
Withdrawal of consent and objection to processing
Withdrawal of consent
Where the processing of personal data is based on your consent, you may withdraw such consent at any time, without giving any reason. Withdrawal of consent does not affect the lawfulness of the processing based on the consent before its withdrawal.
However, please note that in some cases your consent is necessary to provide certain services or perform a transaction – of which we give you notice when collecting your consent. In such case, withdrawal of consent will make it impossible to provide such service or to perform such a transaction.
Objection to data processing
You may also at any time:
- object to the processing of data for direct marketing purposes, including profiling, and
- object, on grounds related to your particular situation, to the processing of data on the basis of our legitimate interest.
If you object to processing for direct marketing purposes, including profiling, we will no longer process your data for such purposes.
If you object on grounds related to your particular situation to processing based on our legitimate interests, we will no longer process your data for the purposes of our legitimate interests, unless we demonstrate the existence of valid legitimate grounds for processing that override your interests, rights and freedoms, or grounds for establishing, exercising or defending legal claims.
We would like to point out that if you object to the processing of your data for a specific purpose (e.g., for marketing), we will be able to continue to process your data for other purposes – such as the performance of a contract, etc.
How can you withdraw consent or object
You can withdraw your consent or object by sending an e-mail to [email protected].
If you have authorized us to access your data via the API Services, then in addition to our normal procedure for deleting stored data, you may revoke our access to your data via:
- In the case of YouTube, Google’s security settings, located at https://security.google.com/settings/security/permissions
- For Twitter: https://help.twitter.com/en/managing-your-account/connect-or-revoke-access-to-third-party-apps
- For Facebook and Instagram: https://www.facebook.com/help/204306713029340
- For LinkedIn: https://www.linkedin.com/pulse/remove-third-party-apps-connected-your-linkedin-hector-rodriguez/
- For TikTok: https://support.tiktok.com/en/safety-hc/account-and-user-safety/connect-to-third-party-apps
Other rights you have
The law provides for a number of rights you have in connection with our processing of your personal data.
Right to access your personal data
You can request confirmation from us as to whether we are processing your personal data, and if so, you can request access to your data.
Right to obtain a copy of data
On this basis, we provide you with a copy of your data that we process.
Right to rectification of data
If your personal data that we process is inaccurate, you have the right to request correction, as well as completion of any incomplete data.
Right to erasure of data – right to deletion
You have the right to request that we delete your data if there are grounds specified in the law, such as the data are no longer necessary for the purposes for which they were collected, or you withdraw your consent to processing and there is no other legal basis for processing or retaining such data.
Right to restriction of use of data
You have the right to request the restriction of certain uses of data.
Right to transfer data to another controller
Where data processing is based on consent or contract and by automated means, you have the right to data portability, i.e. the right to receive in a structured, commonly used machine-readable format the personal data concerning you that you have provided to us, and you have the right to send the personal data to another controller.
How to exercise your rights
You can withdraw your consent or object by sending an e-mail to [email protected].
You may exercise these rights at no charge. However, if the data subject’s requests are manifestly unfounded or excessive, in particular because of their repetitive character (e.g., unfounded, repetitive requests for information), then we will be able to charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, as well as refuse to act on the request.
We stipulate that the exercise of the rights described above may require verification of your identity. If we fail to successfully verify your identity, we may refuse to act on your request.
We will provide you with information about the steps taken on your request within one month of receiving the request. If necessary, we may extend this deadline for another two months if the request is complex or if there are numerous requests. In such case, we will inform you within one month of receiving your request of such an extension and provide the reasons for the delay.
Right to lodge a complaint with the supervisory authority
If, in your opinion, we have violated your rights in connection with the processing of your personal data, you may lodge a complaint by sending an e-mail to [email protected]. In your complaint, you should include a description of the situation and indicate what action you consider to have violated your rights or freedoms.
Voluntary provision of data
Provision of data is voluntary, but may be necessary for some purposes – for example, to enter into an agreement and create an account on the site. Provision of data and consent for marketing purposes is voluntary.
Where data are processed for the purpose of complying with our legal obligations, provision of personal data is a requirement under certain legal regulations..
Where processing is based on our legitimate interests, the provision of personal data is voluntary, but necessary for the purposes of our legitimate interests.
Age
The site is neither designed nor intended for minors (i.e. persons under the age of 18). We do not provide for the targeted collection of data, concerning minors.
If we become aware of the fact that a user of the service is a minor, we will take appropriate steps to remove such user’s information from the database and restrict such user’s future access to the service.
Amendments to the Privacy Policy
This Policy shall be verified on as-necessary basis and updated, if necessary.
Privacy Policy EU and UK users
Since your privacy is important to us, please read the information below.
In our business, we process personal data of individuals. If you use our services, website, mobile application, or otherwise communicate with us, this means that we most likely process your personal data.
In this Policy you will find all relevant information, including who we are, in what situations, for what purposes and to what extent we process your personal data, and what rights you have.
For your convenience and clarity, we have included a table of contents at the beginning to help you navigate through the document and easily find the information you are looking for.
Should anything be unclear to you or need to be discussed, you can always contact us – see below for contact information.
Table of Contents
- Who we are and how to reach us?
- What do we do?
-
For what purpose and on what grounds do we process your data?
- Use of the site without registration
- Registration on the site and provision of services
- Business contacts – users, business partners and their associates
- Marketing
- Contact forms
- Profiles on social media platforms – owned by the User
- Profiles on social media platforms – owned by NapoleonCat
- Controller’s other own purposes
- From whom we collect your personal data
- Sending commercial information via e-mail
- Profiling for marketing purposes
- What personal data do we process?
- How long do we retain your data?
- Whom do we share your data with?
- Transfer of data outside the European Economic Area
- Withdrawal of consent and objection to processing
-
Other rights you have
- Right to access your personal data
- Right to obtain a copy of data
- Right to rectification of data
- Right to erasure – Right to be forgotten
- Right to restriction of processing
- Right to transfer data to another controller
- How to exercise your rights?
- Right to lodge a complaint with the supervisory authority
- Voluntary data provision
- Age
- Amendments to the Privacy Policy
Who we are and how to reach us?
The controller of your personal data is Napoleon sp. z o.o., with its registered office in Warsaw, at Czackiego 15/17 lok 48, 00-043 Warsaw, entered in the Business Register of the National Court Register by the District Court for the Capital City of Warsaw, 12th Commercial Division of the National Court Register, under number 0000470410, with a share capital of PLN 6.132.800,00, NIP (Tax ID No.) 521-365-09-77.
Controller
Whenever used herein, words “controller”, “we”, “us”, “our”, etc. mean Napoleon sp. z o.o.
Contact data
You can contact us:
- via email at [email protected]
- by phone, Monday through Friday from 9:00 a.m. to 5:00 p.m., at +48 22 378 32 99
- by mail sent to the following address: Napoleon Sp. z o.o., ul. Czackiego 15/17 lok. 49, 00-043 Warsaw, Poland
What do we do?
We provide our users with services (hereinafter “services”) consisting of providing tools for marketing on social media platforms, e.g. for managing presence on these platforms, profiles, fan pages, etc. To this end, we use the NapoleonCat application (hereafter “application”), available in a software-as-a-service model. We operate a website at napoleoncat.com, as well as the NapoleonCat mobile application, which our Users can use to benefit from our services (collectively, ”site”). Our users are mainly companies and organizations that enter into a services agreement with us. Details of how we provide services are regulated in the Terms and Conditions.
For what purpose and on what basis do we process your data?
For what purpose and on what basis we process your data depends on how you use our services or contact us and what your role is. We have described each of the situations below.
Use of the site without registration
We process your data in order to provide the functionality of our site. These functionalities are mainly the ability to browse the content of the site, the ability to use the web chat and contact forms, customizing the content of the site according to your preferences.
In such case, the legal basis for our data processing is our legitimate interest in enabling you to use the site and its functionality, including to enable you to contact us in accordance with Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, hereinafter “GDPR”.
We process data about your use of the site, which we obtain through essential cookies and similar technologies and use to ensure the proper operation of the Site, in particular the ability to navigate the Site and use its basic functions, the legal basis for processing your personal data is the necessity to perform a contract for the provision of services by electronic means to which you are a party in connection with the use of services available on the site (Article 6(1)(b) of the RODO).
We process data about your use of the site, which we obtain through functional cookies and similar technologies and use to “remember” the settings you have selected and to personalize the site, on the basis of our legitimate interest in enabling us to “remember” the settings you have selected and to personalize the site (Article 6(1)(f) GDPR).
We process data about your use of the site, which we obtain through analytical cookies and similar technologies and use to provide analytics and statistics on users’ use of the site in order to improve its performance – which involves, for example, analyzing how users navigate the site to understand how users use the site and make it more intuitive and convenient to use in the future, on the basis of our legally legitimate interest, which is the analysis of statistics on visits and activity of users on the site in order to improve its performance (Article 6(1)(f) GDPR).
We process data about your use of the site, which we obtain through advertising cookies and similar technologies and use for marketing purposes, such as personalizing ads and content based on your interests, measuring the performance of ads and content, and gaining insight into the audiences who have seen ads and content, based on our legitimate interest to ensure the optimization of our advertising and sales activities (Article 6(1)(f) GDPR)
Installation of certain categories of cookies may require your consent. For details on cookies, see Cookies Policy.
Registration on the site and provision of services
Registration is required for the user to use our services via the NapoleonCat application.
Due to the nature of the social media platforms for which we provide services, registration is always performed by a specific individual. It can be the user himself/herself, if s/he is an individual, but it can be an individual who is a member of a body, a proxy, an employee or a civil associate of the user, in which case the individual acts on behalf of the user. For the sake of simplicity, we will refer to such individuals as “associates”, without prejudging the specific legal basis on which such an individual acts for the user.
As such, we may process your personal data if you are our user or an associate of the user registered on our site.
When registering, please provide your personal data. In the case of a user who is an individual, this will be his/her personal data. If, however, registration is performed by an associate of the user on behalf of the latter, please provide personal data of both the associate and the user himself/herself.
In both cases, the data are processed for the purpose of entering into and performing a services agreement between us and the user, in connection with registration.
In the case of users who are individuals, the legal basis for processing their data is the necessity for the performance of an agreement an agreement to which the user is a party (Article 6(1)(b) GDPR) and our legitimate interest in being able to establish, exercise or defend potential legal claims that may arise in connection with the performance of an agreement to which the user is a party (Article 6(1)(f) GDPR). In the case of users’ associates, the legal basis for processing their data is our legitimate interest in ensuring the proper conclusion and performance of the agreement to which the user is a party, in particular ensuring contact with the user during the period of performance of the Agreement, verifying that the associate is authorized to take steps and make statements on behalf of the user, and establishing, exercising or defending potential legal claims that may arise in connection with the performance of the agreement to which the user is a party (Article 6(1)(f) GDPR).
Business contacts – users, business partners and their associates
Whether you register on our site or not, in the course of our business we interact with current or potential users (customers), business partners, suppliers, as well as individuals who are their associates (e.g., members of bodies, proxies, employees, associates, etc.). Such communication can take place through various channels – for example, in the form of emails or by telephone, and in such a case we process personal data of individuals involved in such communication. In addition to this, the data of such individuals may be provided, for example, in our commercial agreements (as the data of signatories or contact persons).
As such, we may process your personal data if you are one of the above-named individuals.
Where a commercial agreement is entered into with an individual, the legal basis for the processing of such individual’s data is the necessity to enter into and perform such agreement (Article 6(1)(b) GDPR) and our legitimate interest in being able to establish, exercise or defend potential legal claims that may arise in connection with the performance of such agreement (Article 6(1)(f) GDPR). As regards associates of our users, business partners, suppliers, etc., the legal basis for data processing is our legitimate interest in day-to-day contacts in the course of business and the conclusion and performance of agreements (Article 6(1)(f) GDPR) and the possibility of establishing, exercising or defending potential legal claims that may arise in connection with the performance of agreements (Article 6(1)(f) GDPR).
Marketing
We process your data for our own marketing purposes, i.e. promoting our services.
Marketing purposes include presenting you with offers and promotions, offering you additional functionalities, etc., including broadcasting advertisements on third-party sites (such as Facebook or Google, for example).
If you consent, we may also send you commercial information about our products in the manner of your choice – e.g., via email, SMS/MMS, telephone, push notifications or other electronic communications. In such case, we will use your data to send you commercial information in the manner of your choice.
The legal basis for the processing of your data for marketing purposes is our legitimate interest in enabling us to exercise our rights based on your consent to receive commercial information regarding our products in the manner of your choice (Article 6(1)(f) GDPR).
Some of our marketing activities, based on separate legislation may require additional consent from you. This includes activities such as sending newsletters or using cookies for advertising purposes.
Contact forms
We provide contact forms and web chat on the site to make it easier for you to contact us. To use a form, you need to provide your personal data necessary to be contacted and to receive a reply to your inquiry. You may also provide other data to facilitate contact or handle your inquiry. In such case, we process your data in order to identify you and handle your inquiry – the legal basis for the processing is our legitimate interest in communicating with our customers and handling inquiries made via contact forms and web chat (Article 6(1)(f) GDPR).
Profiles on social media platforms – owned by the user
As part of our services, we provide our users with an interface and IT tools that enable them to communicate on their profiles on the social media platforms included in our site. Users (or, on their behalf, their associates) may post content on these social media platforms and communicate with other end users of these social media platforms. This includes direct communication platforms like Facebook Messenger.
Providing our service, we process all data that our users (or their associates, respectively) post to or receive from such social media platforms or communication platforms through us. This information may include personal data about you or your associates and third-party visitors to your profiles on the social media platforms covered by our service (e.g., identifying information on the social media platforms), as well as the content of communications (posts, comments, etc.).
We process this data by acting as a processor of our users, who are the controllers of such data. The legal basis for such processing of personal data is a data processing agreement (Article 28 GDPR). The conclusion of such an agreement occurs during acceptance of the Terms and Conditions, of which the data processing agreement is an integral part (Appendix No. 1 to the Terms and Conditions). Accordingly, the user accepting the provisions of the Terms and Conditions simultaneously also concludes with us a data processing agreement.
Notwithstanding the above, operators of social media platforms process the data as independent data controllers.
The privacy policies of our currently supported platforms are:
- we make use of YouTube API Services to analyze YouTube channels. Google’s Privacy Policy must be followed when using this feature.
- Twitter’s privacy policy can be found at https://twitter.com/en/privacy#current
- Facebook’s privacy policy is located at https://www.facebook.com/privacy/policy
- Instagram privacy policy is located at https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect
- LinkedIn privacy policy is located at https://www.linkedin.com/legal/privacy-policy
- TikTok privacy policy can be found at https://www.tiktok.com/legal/page/eea/privacy-policy/
Profiles on social media platforms – owned by NapoleonCat
We also process personal data of users visiting our profiles maintained on social media platforms (e.g. Facebook, YouTube, Instagram, Twitter, Google My Business, LinkedIn). These data are processed in connection with the maintenance of our profile, including for the purpose of informing users about our activities and promoting various events, services and products, as well as communicating with users through these social media platforms. If you communicate with us on such social media platforms, we may process your data contained in such communications. The legal basis for the processing of data for this purpose is our legitimate interest (Article 6(1)(f) GDPR) in promoting our own brand and building and maintaining a brand-related community.
In addition, we would like to inform you that the operators of the social media platforms on which we have profiles process the personal data of their users and visitors to those profiles, including through the use of cookies. For details on the processing of personal data by operators of social media platforms, please refer to their published privacy policies or terms of use.
Controller’s other own purposes
We also process your data for other purposes that constitute our legitimate interests, such as:
- establishing, exercising or defending legal claims, including in connection with the provision of our services;
- contacting you – to respond to your notifications and requests for contact, complaints, to be able to contact you on matters related to the provision of our services, to inform you of any amendments to the Terms and Conditions and Privacy Policy;
- verifying accounts, investigating suspicious activity, detecting and preventing fraud and other violations of law or the Terms and Conditions;
- for the purpose of monitoring, testing and improving our services and resolving any related issues;
The legal basis for such processing is Article 6(1)(f) GDPR.
In addition to this, we process the data of our users, contractors, suppliers as well as individuals who are their associates (e.g., members of bodies, attorneys, employees, co-workers, etc.) for the purpose of complying with our legal obligations, arising in particular from tax and accounting regulations, including to ensure accountability (to demonstrate our compliance with legal obligations). We cooperate with law enforcement agencies and other institutions authorized to request access to your data based on applicable laws. The legal basis for such processing is a legal obligation (Article 6(1)(c) GDPR).
From whom we collect your personal data
Data collected directly from the data subject or the user user
We collect your personal data mainly from you. You provide them to us, for example, when you create an account on the site, sign up for newsletters or other forms of marketing.
If you are an associate of our user or business partner, we may have received your data from the user or business partner or from other of their associates – for example, if you are a contact person in respect of a particular agreement or involved in a particular project, or if you interact with the user on the social media platforms covered by our service.
You can also provide us with your personal data by communicating with us – e.g. asking questions about services, submitting complaints – on the site via e-mail, on social media platforms, by phone or by mail.
In addition, we process your data on how you use the site, our offers and services.
Registration and login using your Facebook or Google account
Your personal data may also be provided to us by the social network Facebook or Google, at your request. This applies if you want to register with us using Facebook or Google functionality. Using this option, you will first be asked by Facebook or Google to confirm that it can provide us with your data to the extent necessary to register with us. With your consent, Facebook or Google will provide us with some of your data for registration purposes. To complete the registration process, you may need to complete your profile with additional personal data. Once you have created an account with us, you will be able to log in to our site using the functionality offered by Facebook or Google.
Sending commercial information by electronic means
If you consent to receiving commercial information by electronic means (e.g., via e-mail or through tools such as push notifications, web chat or chatbot), sending such information shall mean sending commercial information by electronic means and may also constitute direct marketing through the use of telecommunications terminal equipment conducted using automatic calling devices – depending on the device on which you receive such communications.
If you consent to being contacted by phone or SMS for marketing purposes, commercial information shall be transmitted by phone to the phone number provided by you for this purpose. Such contact will constitute direct marketing using telecommunications terminal equipment and may be conducted using automated calling devices.You can withdraw such consents at any time, or restrict the manner which we use to send you such information – for details see below under “Withdrawal of consent and objection to processing” section.
Profiling for marketing purposes
In some cases, we use profiling of your personal data when marketing. Profiling is a method of automated processing of personal data that involves, among other things, using personal data to analyze or predict personal preferences, interests, etc. The use of profiling enables personalization of advertisements and content presented to you.
The profiling we use involves using computer algorithms to analyze your personal data (your behavior on the site, how you use the application, data collected through cookies, as well as the personal data you provide) in order to display to you directly on the site, or in direct marketing (emails, SMS/MMS, phone marketing, push notifications, web chat or chatbot, etc.), as well as on third-party websites (so-called remarketing), customized offers based on your potential preferences and interests that may relate to our services.
The legal basis for such processing of your data is our legitimate interest in the form of marketing of our own services in a manner consistent with your hypothetical preferences (Article 6 (1)(f) GDPR).
What personal data do we process?
General information
What data we process depends on your situation, including your use of the site, as well as the data you provide to us and your role. We may specifically process the following categories of your personal data:
- first and last name:
- business name, TIN, business address;
- your title;
- data that identifies you on social media platforms (e.g., the nickname you use);
- email address, phone number – which you provide, for example, when registering or for marketing based on a separate consent;
- information about which of our services you use;
- data required for the purpose of paying for our services (e.g. your bank account number and the name of the bank maintaining the account);
- information about your use of our website collected using cookies, including the cookie ID (in case cookies are installed on the device you are using – for details on the use of cookies, see the Cookie Policy)
- IP address from which you communicate with our site, information about the device you use when visiting the site, including its settings (e.g. browser, screen resolution);
- information you include in your statements and communications sent to us – such as email correspondence or telephone conversations, as well as complaints, for example;
- the content and scope of the consents you have given on the site.
Data collected automatically
During your presence on the site and use of our application, some of your data will be collected automatically.
Data acquired automatically on the Site
We process so-called usage data (data characterizing the use of the site), including in particular identifying data, your IP address, data identifying the telecommunications network termination or information and communication system you use, browser type, browser language, information about the use of our services, information about the start, end and scope of your use of the site each time, type and version of the operating system, screen resolution, data collected in server logs and other similar information.
Data acquired automatically via the application
If you use our mobile application we will collect and gather data such as: certain information about the mobile phone or tablet used to access the application, including the mobile device ID (Device ID), user ID (User ID), type and version of the operating program.
Our application may ask, depending on the needs and functions of the application, for access to various peripheral devices, which you may not consent to.
Purposes of processing automatically collected data
We will use the above data (i.e., data collected through the site and application), among other things, to transmit communications on the site and application, as well as to provide the service requested by you.
Notwithstanding the foregoing, we may also use the data we collect automatically to personalize the content and advertising of our services, within and outside of our website as part of remarketing (more on this topic can be found in the Cookies Policy document). Data collected automatically may be used for profiling.
We will also use the data collected automatically to monitor traffic on the site pages and in the application.
How long do we retain your data?
The period of time for which we may retain your personal data depends on the purpose and legal basis for processing. More specifically:
- where we process your personal data on the basis of your consent – until you withdraw such consent;
- in the case of processing for the purpose of performing an agreement with you – for the term or performance of the agreement, and thereafter, for the period of limitation of claims that may arise in connection with the performance of the agreement under the law;
- in the case of processing for the purpose of complying with our legal obligations – for a period of time resulting from generally applicable laws;
- in the case of processing on the basis of our legitimate interest – until such interest ceases to exist (e.g., the period of limitation for claims) or until you object – in situations where such an objection should be accepted in accordance with the law.
However, the data processing period may be extended where the processing is necessary to establish, exercise and defend any legal claims, or for the purpose of complying with obligations relating to the accountability of the processing, and thereafter only if and to the extent required by law.
Whom do we share your data with?
Entities that provide services to us
We provide your personal data to companies whose services we use to comply with our obligations to you or to conduct our business, in accordance with the purposes of the processing. Accordingly, your personal data that are required for the relevant purpose may be transferred in particular to the following recipients:
- in the case of payments for our services – entities that act as intermediaries in processing payments, for the purposes of such service, banks;
- companies that provide us with technology solutions and services required to provide the functionality of our site;
- marketing, analytics and statistical service providers that help us understand what our customers are interested in and create offers, promotions, as well as customize marketing;
- companies that conduct direct marketing on our behalf (e.g., sending emails) or other advertising services;
- companies that provide ongoing customer service – to provide such service;
- companies that provide accounting, legal, auditing, consulting or tax advisory services for us;
- providers of standard services related to handling and storage of information – providers of hosting, email, IT infrastructure, database maintenance and other IT services.
We also share your data with our authorized employees and associates.
Operators of social media platforms
In addition to the above, as specified under “Profiles on social media platforms – owned by the User” section above, to the extent that we provide a data transfer tool between the user (or the user’s associate) and the social media platforms, we share information relating to users their associates which may contain their personal data, with the operators of those social media platforms, and we transfer to the user (or user’s associate), from the operators of the social media platforms information relating to third parties who contact the user via those platforms, which may contain personal information.
However, given the principles of integrating our service with social media platforms, each of our users (or user’s associate) and a third party has his or her own account with a social media platform, and the operator of the social media platform is also the controller of his or her data under a separate agreement entered into by the operator directly with the user (or the user’s associate, respectively) or the third party. As such, in terms of such data transfer, we act only as a processor of our users’ data providing a tool for data transfer between our user (or user’s associate) and a separate controller, which is the operator of the social platform in question.
Public authorities
We may also be required to share personal data with entities authorized to obtain them under applicable laws, such as law enforcement agencies and other public institutions.
Transfer of data outside the European Economic Area
Data in the NapoleonCat application are processed in the European Economic Area. At the same time, we use services and IT tools provided by external companies in the provision of our services. Among them include companies from third countries (i.e., countries outside the European Economic Area), including entities from the US, UK, Canada and Ukraine. The use of such services and tools may involve the need for these entities to access your personal data. This results in the transfer of data to a third country. In such cases, the transfer of data will be secured through an appropriate transfer mechanism under the provisions of the GDPR, i.e. a decision of the European Commission finding an adequate level of protection for personal data under Article 45 of the GDPR (in the case of the US, this is the so-called Privacy Shield Framework https://www.dataprivacyframework.gov/s/) or based on standard data protection clauses adopted by the European Commission under Article 46(2) of the GDPR.
To receive detailed information on the safeguards in place, please contact us by sending an inquiry to: [email protected].
Withdrawal of consent and objection to processing
Withdrawal of consent
Where the processing of personal data is based on your consent, you may withdraw such consent at any time, without giving any reason. Withdrawal of consent does not affect the lawfulness of the processing based on the consent before its withdrawal.
However, please note that in some cases your consent may be necessary to provide certain services or perform a transaction – of which we give you notice when collecting your consent. In such case, withdrawal of consent will make it impossible to provide such service or to perform such a transaction.
Objection to data processing
You may also at any time:
- object to the processing of data for direct marketing purposes, including profiling, and
- object, on grounds related to your particular situation, to the processing of data on the basis of our legitimate interest.
If you object to processing for direct marketing purposes, including profiling, we will no longer process your data for such purposes.
If you object on grounds related to your particular situation to processing based on our legitimate interests, we will no longer process your data for the purposes of our legitimate interests, unless we demonstrate the existence of valid legitimate grounds for processing that override your interests, rights and freedoms, or grounds for establishing, exercising or defending legal claims.
We would like to point out that if you object to the processing of your data for a specific purpose (e.g., for marketing), we will be able to continue to process your data for other purposes – such as the performance of a contract, etc.
How can you withdraw consent or object
You can withdraw your consent or object by sending an e-mail to [email protected].
If you have authorized us to access your data via the API Services, then in addition to our normal procedure for deleting stored data, you may revoke our access to your data via:
- In the case of YouTube, Google’s security settings, located at
https://security.google.com/settings/security/permissions - For Twitter: https://help.twitter.com/en/managing-your-account/connect-or-revoke-access-to-third-party-apps
- For Facebook and Instagram:
- https://www.facebook.com/help/204306713029340
- For LinkedIn: https://www.linkedin.com/pulse/remove-third-party-apps-connected-your-linkedin-hector-rodriguez/
- For TikTok: https://support.tiktok.com/en/safety-hc/account-and-user-safety/connect-to-third-party-apps
Other rights you have
The law provides for a number of rights you have in connection with our processing of your personal data.
Right to access your personal data
You can request confirmation from us as to whether we are processing your personal data, and if so, you can request access to your data. The details of the right of access are specified in Article 15 of the GDPR.
Right to obtain a copy of data
On this basis, we provide you with a copy of your data that we process.
Right to rectification of data
If your personal data that we process is inaccurate, you have the right to request their rectification, as well as completion if they are incomplete.
Right to erasure of data – right to be forgotten
You have the right to request that we erase your data if there are grounds specified in the law, such as the data are no longer necessary for the purposes for which they were collected, or you withdraw your consent to processing and there is no other legal basis for processing. Details of the right to be forgotten are regulated in Article 17 of the GDPR.
Right to restriction of processing
You have the right to request the restriction of processing in the cases and under the conditions specified in Article 18 of the GDPR.
Right to transfer data to another controller
Where data processing is based on consent or contract and by automated means, you have the right to data portability, i.e. the right to receive in a structured, commonly used machine-readable format the personal data concerning you that you have provided to us, and you have the right to send the personal data to another controller. Details of the right to data portability are regulated in Article 20 of the RODO.
How to exercise your rights
You can withdraw your consent or object by sending an e-mail to [email protected].
You may exercise these rights at no charge. However, if the data subject’s requests are manifestly unfounded or excessive, in particular because of their repetitive character (e.g., unfounded, repetitive requests for information), then we will be able to charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, as well as refuse to act on the request.
We stipulate that the exercise of the rights described above may require verification of your identity. If we fail to successfully verify your identity, we may refuse to act on your request.
We will provide you with information about the steps taken on your request within one month of receiving the request. If necessary, we may extend this deadline for another two months if the request is complex or if there are numerous requests. In such case, we will inform you within one month of receiving your request of such an extension and provide the reasons for the delay.
Right to lodge a complaint with the supervisory authority
If, in your opinion, we have violated your rights in connection with the processing of your personal data, you have the right to lodge a complaint directly with the supervisory authority, i.e. the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw. In your complaint, you should include a description of the situation and indicate what action you consider to have violated your rights or freedoms. The complaint should be submitted directly to the supervisory authority.
Voluntary provision of data
Provision of data is voluntary, but may be necessary for some purposes – for example, to enter into an agreement and create an account on the site. Provision of data and consent for marketing purposes is voluntary.
Where data are processed for the purpose of complying with our legal obligations, provision of personal data is a requirement under certain legal regulations.
Where processing is based on our legitimate interests, the provision of personal data is voluntary, but necessary for the purposes of our legitimate interests.
Age
The site is neither designed nor intended for minors. We do not provide for the targeted collection of data, concerning minors.
If we become aware of the fact that a user of the service is a minor, we will take appropriate steps to remove such user’s information from the database and restrict such user’s future access to the service.
Amendments to the Privacy Policy
This Privacy Policy is continuously verified and amended as necessary.