Advanto is not just one entity but a group of companies comprising of:
Advanto Group s.r.o., registered under the number 08863032, headquartered at Běhounská 5/18, Brno-město, 602 00 Brno, tel: +420 277 279 963.
Advanto Group is a Czech IT company that maintains the system for the earned wages access.
Advanto Polska Sp. z o.o., registered under the number 0001054129, headquartered at Grzybowska 2/29, 00-131 Warsaw, tel: +48 22 104 20 07.
Advanto Polska is an entity that manages the operations in Poland.
The protection of personal data is governed in particular by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("the Regulation").
1. Personal data processed
- In particular, the Customer's personal data processed are: (i) identification data (full name, date of birth and birth number) and (ii) address and contact data (telephone and email, address, device IP address), (iii) descriptive (employee) data (employee's personal number), (iv) bank data (bank account number), (v) payroll information (information about the amount of remuneration, hours worked, payments made), (vi) information about the Service Supplier's communications with Customers and (vii) information about the Customer's use of the Application ("Personal Data").
- Personal Data is provided directly to the Supplier by the Customer or their employer as defined in the General Terms and Conditions or from a company within the group of Advanto companies on basis of the underlying agreement and in order to execute the agreement with the Customer.
- The Customer acknowledges that he/she is obliged to provide Personal Data in a correct and truthful manner and to inform the Supplier of any changes without undue delay.
2. Purposes of the processing of Personal Data
- The Supplier processes Personal Data on the basis of:
- performance of the contract concluded with the Customer (hereinafter referred to as the "Contract");
- compliance with legal obligations; and/or
- the legitimate interests of the Supplier.
- Personal Data is processed by the Supplier for the following purposes:
- Customer identification and verification: The Supplier must identify and verify the identity of the Customer as part of the provision of services under the Contract. The Supplier processes this Personal Data in the context of the performance of the Contract. Personal Data is processed for the duration of the Contract and then for three years after termination.
- Use of the Application: In order to ensure the functionality of the Application, the Supplier must process Personal Data to enable the Customer to fully access and use the Application, to determine the extent to which a withdrawal may be made and to ensure that the withdrawal request is actually made and processed by the Supplier. This Personal Data is processed by the Supplier in the performance of the Contract within the duration of the Contract and thereafter for three years after termination.
- Customer communication and complaint resolution: The Supplier processes Personal Data for the purpose of dealing with Customer requests, objections and complaints. The Supplier processes this Personal Data in the context of the performance of the Contract. Personal Data is processed for the duration of the Contract and then for three years after termination.
- Control and fraud prevention: The Supplier processes Personal Data of Customers and possibly other persons in order to control the use of the Application and possibly to detect fraud, in order to protect its interests and the interests of Customers. The Supplier processes this Personal Data on the basis of its legitimate interest. Personal Data is processed for the duration of the Contract and then for three years after its termination, and in the event of fraud detection for the period of its subsequent termination.
- Improving the Application: Supplier processes Personal Data to improve the Application to meet Customer expectations and respond to changes in the market. The Supplier processes that Personal Data on the basis of its legitimate interest within the duration of the Contract.
- Settlement of disputes: The Supplier may process Personal Data of Customers and possibly other persons in order to establish its legal claims and their possible assertion or defence. The Supplier processes such Personal Data on the basis of its legitimate interest. Personal Data is processed for the duration of the dispute.
- Direct Marketing: The Supplier processes Customer Personal Data to inform the Customer about its services and products. The Supplier processes this Personal Data on the basis of its legitimate interest. The Personal Data is processed for the duration of the Contract.
- Supplier will retain data and information, including Personal Data, for the period indicated above, unless a longer retention period is required by law. After the specified retention period, the Supplier will delete the Personal Data.
- In the event that the Customer does not complete the registration with the Application, the Personal Data will be deleted no later than 365 (three hundred sixty-five) days after the last step in the incomplete registration process.
- In the event that the Customer deletes his/her account on the Application without making a withdrawal or using other Advanto services, the Personal Data will be deleted no later than 90 days after the Customer deletes his/her account.
- Personal Data will be processed in electronic form by automated means or in paper form by non-automated means. The Supplier does not conduct automated individual decision-making within the meaning of Article 22 of the Regulation.
3. Cookies and use of anonymous data
- If the Customer visits the Application and his/her browser settings allow cookies to be stored on his/her terminal device, the Supplier considers such settings as consent to the processing of Personal Data and the storage of cookies. If the Customer does not want cookies to be stored on his/her device, he/she can disable this feature on his/her device.
4. Transmission of Personal Data
- Supplier does not transfer Personal Data to any third parties, except:
- the Customer's employer, as that term is defined in the General Terms and Conditions, under the Contract,
- Companies within Advanto group in line with the concluded data processing agreement and in order to execute the agreement with the Customer,
- payment service provider to manage the withdrawal,
- providers of accounting, tax and/or legal services,
- server service providers,
- providers of website analysis and evaluation tools,
- SMS gateway providers (phone number),
- service providers to customers.
In such cases, Personal Data will only be transferred to the minimum (necessary) extent. The Supplier may entrust a third party (as a processor) with the processing of Personal Data.
The Supplier does not transfer Personal Data to a third country outside the European Union or to an international organisation.
- Personal Data of Customers shall be adequately protected against loss, destruction, alteration, misuse, un-authorised disclosure, transfer and/or processing by appropriate technical and organizational measures, taking into account the state of the art, the cost of implementation, the nature, scope, context and purposes of the processing and the level of risk of infringement of the rights and freedoms of natural persons.
- In order to achieve the necessary level of security, the Supplier has implemented in particular the following technical and organizational measures, internal control systems and information technology protection measures:
- anti-virus protection,
- computer security (e.g. username and password),
- data encryption (SSL certificate),
- restrictions on the storage, disposal and/or deletion of data,
- physical security of the premises (e.g. lockable entrance doors, access cards, lockers),
- regular backup and recovery of data, etc.
6. Customers rights
- The Customer has the following rights in relation to the processing of Personal Data:
- Right of access to Personal Data: The Customer has the right to request information from the Supplier, e.g. whether his/her Personal Data is being processed and, if so, the right to access information about the purposes of the processing, the categories of Personal Data concerned, the recipients or categories of recipients, etc. The Customer has the right to receive a copy of the Personal Data processed.
- Right to rectification of Personal Data: Customer has the right to rectify inaccurate or incomplete Personal Data.
- Right to erasure of Personal Data ("right to be forgotten"): In certain cases - for example, when the Personal Data processed is no longer needed for certain purposes - the Customer has the right to request the Supplier to erase proper Personal Data.
- Right to restrict processing: In certain cases, the Customer has the right to restrict the processing of Personal Data concerning him/her, e.g. if he/she denies the accuracy of the Personal Data.
- Right to data portability: The right to data portability applies only where Personal Data is provided to the Supplier by the Customer (i) on the basis of a Contract or consent to processing and (ii) is processed by automated means. In exercising the right to data portability, the Supplier will provide the Personal Data to the Customer or its designated controller in a structured, commonly used, machine-readable format.
- Right to withdraw consent: If Personal Data is processed on the basis of consent given for the processing of Personal Data, the Customer may withdraw it at any time.
- Right to object: If the processing of Personal Data is carried out for the purpose of pursuing the legitimate interests of the Supplier or for the performance of a task carried out in the public interest or in the exercise of official authority, including for the purpose of automated decision-making and/or profiling, the Customer has the right to object to the processing.
- The customer may exercise his/her rights by sending a request to the e-mail address firstname.lastname@example.org. The Supplier will process the request as soon as possible, but no later than one (1) month. The Supplier is entitled to extend the deadline by up to two (2) months if necessary and taking into account the complexity and number of requests. The Supplier will inform the User of the extension.
- All communications and statements (including the handling of Customer requests) are provided free of charge. However, if the Customer's request is manifestly unjustified or unreasonable, in particular repetitive, the Supplier shall be entitled to charge a reasonable fee for its processing, corresponding to the administrative costs associated with the provision of the requested information.
- If the Customer believes that the processing of his Personal Data violates the relevant provisions of law, he has the right to file a complaint with the Office for Personal Data Protection (address: Pplk. Sochora 27, 170 00 Prague 7, e-mail: email@example.com) or the President of the Office for Personal Data Protection in Poland (www.uodo.gov.pl).
Advanto Group s.r.o.
Address: Běhounská 5/18, Brno-město, 602 00 Brno
Phone number: +420 277 279 963
Advanto Polska Sp. z o.o.
Address: ul. Grzybowska 2/29, 00-131 Warsaw
Phone number: +48 22 104 20 07