Privacy Policy

The following provisions constitute the privacy policy (hereinafter: the “Privacy Policy”), which sets out the information and rules regarding the collection and processing of data, including personal data of Users of the Services provided by HeyOkay sp. z o.o. with its registered office in Warsaw, within the HeyOkay communication platform.

Acceptance of one of the Terms of Service provided by HeyOkay sp. z o.o., listed below:

I. Definitions:

HeyOkay sp. z o.o. – HeyOkay sp. z o.o. with its registered office in Warsaw, at ul. Trylogii 34, 01-982 Warsaw, KRS: 0001123452, NIP: 1182289767, REGON: 52946972400000.

HeyOkay – a mobile application owned by HeyOkay sp. z o.o. with its registered office in Warsaw;

Service – a service provided electronically within the HeyOkay mobile application;

HeyOkay User – a natural person or legal entity registered on the HeyOkay platform via an online registration form for the purpose of using the HeyOkay Communicator Service.

Service User/User – a HeyOkay User or another natural or legal person not registered in the HeyOkay communicator, using the Service within the HeyOkay online communication platform.

AML Act – the Act of 1 March 2018 on counteracting money laundering and financing of terrorism.

HeyOkay Partners – entities that offer services or marketing and commercial information to HeyOkay Users and have entered into a cooperation agreement with HeyOkay.

Third party – a natural person, legal person or organizational unit without legal personality that is not a party to the contract, legal relationship or any other relationship specified by law between the Service User and HeyOkay.

Privacy Policy – this Privacy Policy.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

II. Personal data controller

The controller of the Service User’s personal data is HeyOkay sp. z o.o. with its registered office in Warsaw, at ul. Trylogii 34, 01-982 Warsaw, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register, under KRS: 0001123452, NIP: 1182289767, REGON: 52946972400000.

III. Contact details

For matters related to the Privacy Policy, the Service User can contact us at the email address: kontakt@heyokay.net.

IV. Scope and purpose of data processing

1. HeyOkay sp. z o.o. ensures transparency in the collection of personal data and their subsequent use. Therefore, HeyOkay sp. z o.o. informs about the types and purposes of processing of the collected personal data.

2. To provide the Services in accordance with the Terms described in the Preamble and to perform the activities necessary to provide them, HeyOkay sp. z o.o. processes the data entered by the User, including personal data, provided the User has given consent. The collected personal data may also be used to provide technical support and to communicate with the User.

3. Data provided by the Service User, including personal data, are entered voluntarily during: registration of a HeyOkay Account.

4. A HeyOkay User’s personal data may be processed for marketing purposes only on the basis of the User’s separate consent.

5. HeyOkay sp. z o.o. may process the Service User’s personal data for the following purposes and on the following legal bases:

a. performance of a service or contract at the User’s request — pursuant to Article 6(1)(b) GDPR (necessity to conclude and/or perform a contract or to take steps at the request),

b. sending an offer (e.g., advertising) at the User’s request — pursuant to Article 6(1)(a) GDPR (consent),

c. handling complaints/claims related to the contract — pursuant to Article 6(1)(b) GDPR and Article 6(1)(c) GDPR (legal obligation),

d. establishment, exercise or defence of legal claims — pursuant to Article 6(1)(f) GDPR (legitimate interest of the Controller),

e. contacting by email on matters related to service delivery — pursuant to Article 6(1)(b) GDPR,

f. the Controller’s internal administrative purposes related to managing contact with the User, which constitutes the Controller’s legitimate interest pursuant to Article 6(1)(f) GDPR,

g. creating registers required by the GDPR and other regulations — pursuant to Article 6(1)(c) GDPR and Article 6(1)(f) GDPR,

h. archiving and evidence purposes, to secure information that may be used to demonstrate facts — pursuant to Article 6(1)(f) GDPR,

i. personalizing content on the Controller’s websites according to individual needs and continuously improving service quality — pursuant to Article 6(1)(f) GDPR,

j. direct marketing of the Controller’s own products or services and recommended third-party products — pursuant to Article 6(1)(f) GDPR.

6. Providing data that are not mandatory or any excessive data that the Controller does not need to process is the User’s decision. Processing of such data is based on the User’s consent pursuant to Article 6(1)(a) GDPR. The User consents to the processing of such data and to the anonymization of data that the Controller does not require but that have been provided.

7. Personal data processed for the purpose of providing the HeyOkay communicator service are collected directly from the data subject and entered voluntarily by the User during registration.

8. The personal data required to register with HeyOkay are as follows:

a. first and last name or nickname,

b. email address,

c. gender,

d. place of residence,

e. date of birth,

9. The Service is available only to persons who are at least 16 years of age. By accepting the Terms available at: https://heyokay-api.herokuapp.com/info/regulamin, and this Privacy Policy during the registration of a HeyOkay Account, the User confirms they are at least 16 years old.

10. The User is responsible for the accuracy of the personal data provided.

11. If incorrect personal data are provided, some Service features may be unavailable to the HeyOkay User until they are corrected.

12. Personal data used for marketing purposes are obtained directly from the data subject, based on data voluntarily provided when registering a HeyOkay Account. Processing for marketing purposes requires the HeyOkay User’s consent, which may be given or withdrawn at any time.

13. HeyOkay sp. z o.o. processes only the email address provided during registration and a Device Identifier, such as the device’s advertising ID or another device-level identifier for marketing purposes, with the HeyOkay User’s consent.

14. Automated calling systems used by HeyOkay sp. z o.o. and its partners are used to deliver messages and display ads in the HeyOkay communicator. Displaying ads in the app is based on the legitimate interest of HeyOkay sp. z o.o. and its partners (Article 6(1)(f) GDPR). The HeyOkay User has the right to object to such processing, which will result in the cessation of service provision.

15. The Controller’s Website may contain affiliate links to third-party products or services. Clicking such a link does not incur additional costs for the User. Ads from Google AdSense or Google AdMob may also appear. The Controller has no influence over the content of these ads, which are generated by an algorithm of Google Ireland Limited. You can adjust ad settings in your browser at: https://adssettings.google.com/authenticated. HeyOkay sp. z o.o. may also enable access to third-party applications. Data collected by HeyOkay sp. z o.o. after enabling such applications are processed in accordance with this Privacy Policy, whereas data collected by the application providers are subject to their privacy policies.

16. Service login data may include the HeyOkay User’s email address.

17. HeyOkay sp. z o.o. processes the number assigned to the User during registration and other data voluntarily provided by the User (description, tags, personality type, age, interests, zodiac sign, profile photo) based on the consent referred to in item 6.

18. To ensure the safety of HeyOkay Users, HeyOkay sp. z o.o. also processes usage data such as device identifier (UID), operating system version, system logs, connection data (date, time, IP), page view statistics, Installation_id, User-Agent, and activity times.

19. Contacting HeyOkay sp. z o.o. by phone, email, contact form, HeyOkay chat or other channels may require the User to provide personal data such as first name, last name, email address, phone number, HeyOkay number. These data are used solely to provide technical support or answer questions.

20. HeyOkay sp. z o.o. may also use the collected data for purposes other than those listed above, including:

a. Developing new features and improving existing services.

b. Creating new services.

c. Protecting the rights of HeyOkay sp. z o.o..

d. Pursuing legitimate purposes, provided that processing does not infringe the rights and freedoms of data subjects.

21. HeyOkay sp. z o.o. does not use profiling unless the HeyOkay User has given consent.

22. Information society services: the Controller does not collect children’s data. A User must be at least 16 years old to independently consent to the processing of personal data for the provision of information society services, including for marketing purposes, or obtain the consent of a legal guardian (e.g., a parent). If the User is under 16, they should not use the HeyOkay Service. The Controller will take reasonable steps to verify the User’s age or obtain the guardian’s consent.

23. As part of the photo-based account verification process, submitted photos may be automatically analyzed by algorithms recognizing facial geometry. In selected cases, this process may be supported by an employee’s assessment to increase verification accuracy. This processing may involve biometric data within the meaning of the GDPR. Data are stored until the account is deleted.

V. Data processing period

1. Communicator User data, necessary to use the free services, including personal data, are processed for the duration of the services, until consent is withdrawn or an objection is raised, but no longer than 2 years from the date on which one of the following occurred:

a. The User’s last activity on their HeyOkay Account,

b. Deletion of the account by the User,

c. Deletion of the account by the Controller due to a breach of the terms.

2. After the periods indicated in point 1, the User’s personal data will be deleted or anonymized.

3. Deleting the Communicator account by the User is equivalent to withdrawing consent to process personal data for service provision and for marketing purposes.

4. Deleting the Communicator account does not affect consent to the processing of personal data provided to a third-party application provider. Withdrawal of consent for data provided to such providers is carried out in accordance with that provider’s privacy policy.

5. Personal data used for marketing purposes are processed for the duration of the services or until consent is withdrawn, but no longer than the period indicated in point 1 above.

6. User data, including personal data, may be processed after the end of service provision to clarify circumstances of unauthorized use of the services, on the basis of the Controller’s legitimate interest (Article 6(1)(f) GDPR), but no longer than the period indicated in point 1 above.

7. A User’s personal data who follows the Communicator’s profiles on social media will be processed for as long as those profiles are maintained, based on consent expressed by liking/clicking “Follow” or interacting (e.g., comment, message) and to pursue the Controller’s legitimate interests such as marketing of own products or services, or defense against claims.

VI. DISCLOSURE OF DATA BY HEYOKAY SP. Z O.O.

1. HeyOkay sp. z o.o. may transfer processed personal data to the following groups of recipients:

a. Persons authorized by HeyOkay sp. z o.o., including employees, contractors, and the management board of HeyOkay sp. z o.o..

b. Companies entrusted by HeyOkay sp. z o.o. with tasks related to providing services to Users, under data processing agreements.

c. Partners of HeyOkay sp. z o.o. for marketing purposes, only with the User’s consent.

2. HeyOkay sp. z o.o. does not disclose personal data to third parties unless:

a. Such obligation arises from legal provisions.

b. The transfer is necessary to protect the rights of HeyOkay sp. z o.o. or to resolve disputes.

c. The User has consented to the disclosure of personal data to third parties.

3. HeyOkay sp. z o.o. notes that:

a. Personal data may be disclosed to third parties who support HeyOkay sp. z o.o. in performing tasks related to day-to-day operations. HeyOkay sp. z o.o. ensures that such parties comply with the Privacy Policy and applicable laws.

b. When the User uses applications provided by third parties, data may be transferred to those entities. The User will be informed before using such applications, and the transfer takes place at the User’s responsibility and risk.

4. The User agrees to the transfer of their personal data to competent state authorities in connection with proceedings conducted by them, after the requirements confirming the need to obtain such data are met.

5. Users’ personal data will not be transferred to third countries.

VII. RIGHTS OF SERVICE USERS REGARDING PERSONAL DATA

1. The Service User is entitled to:

a. Request access to their personal data, completion, update, rectification, restriction of processing, portability to another controller, and deletion at any time without giving a reason, provided this does not conflict with applicable law. Requests can be sent to: kontakt@heyokay.net.

b. Object to the processing of their personal data where processing is based on the legitimate interest of HeyOkay sp. z o.o. or its partners (Article 6(1)(f) GDPR). Objections can be sent to: kontakt@heyokay.net. Objecting to the use of automated calling systems (e.g., displaying ads) will result in cessation of service provision.

c. Withdraw any consent given at any time by sending a request to: kontakt@heyokay.net. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.

d. Withdraw consent for processing data for service provision, which will result in cessation of those services. After consent for service provision is withdrawn, the User’s personal data will be deleted or anonymized, subject to item 6 of Section V. The User may contact the Data Protection Officer or delete their HeyOkay Account themselves via the appropriate option in Account settings.

e. Withdraw consent for processing data for marketing purposes, which will stop marketing information from being sent to the User.

f. Lodge a complaint with the President of the Personal Data Protection Office regarding the processing of personal data by HeyOkay sp. z o.o.

2. Exercising the above rights depends on positive identification of the person submitting the request. This is necessary to ensure that the request comes from the data subject.

VIII. PERSONAL DATA SECURITY

1. HeyOkay sp. z o.o. implements technical and organizational measures aimed at maximally securing personal data collected by HeyOkay from unauthorized access and misuse by unauthorized persons. The technical measures used are regularly updated in line with technological progress, changing needs, and available protection methods.

2. Organizational measures applied by HeyOkay sp. z o.o. ensure that access to Users’ personal data is granted only to persons authorized by HeyOkay who are obliged to keep such data confidential, or to entities entrusted with processing under separate agreements.

3. The User should exercise caution in securing personal data transmitted over the Internet, in particular not disclose login data to third parties, use antivirus software, and regularly update their software.

4. HeyOkay sp. z o.o. regularly monitors the compliance of its procedures with applicable law and with this Privacy Policy.

IX. CHANGES TO THE PRIVACY POLICY

1. Due to technological progress, the Privacy Policy may be modified, of which HeyOkay sp. z o.o. will inform Users at least fifteen days in advance.

2. Each change to the Privacy Policy takes effect as follows:

a. After 15 (fifteen) days from the date of notification of the change or on another date indicated by HeyOkay sp. z o.o., but not less than 15 days. If the HeyOkay User does not agree to the changes, they should, before they take effect, submit an appropriate statement to HeyOkay sp. z o.o., including via the HeyOkay ICT system, and stop using the Service as of the effective date of the change.

b. Immediately upon notification of the change or on another date specified by HeyOkay sp. z o.o., if the changes concern provisions of the Privacy Policy that do not affect the situation of the Service User.