Privacy Policy

PRIVACY POLICY OF GOJOBEE.COM Dear Sirs/Madams, in the interests of your safety and in order to comply with the principle of lawful, fair and transparent processing of your personal data while you use our services, we hereby adopt this document entitled the Privacy Policy. This document concerns the processing and protection of personal data relating to Users in connection with their use of the Service and has been prepared by SmartDev Spółka z o.o. with its registered office in Bielsko-Biała, ul. Michała Grażyńskiego 40, 43-300 Bielsko-Biała, Poland, KRS: 0001029959, NIP: 5472237485, REGON: 524981914 (hereinafter: the Controller). In order to protect the personal data of its Users, the Controller applies appropriate organisational and technical measures preventing interference with their privacy. The Controller’s measures ensure security at a level appropriate to applicable law, including: 1. the Act of 10 May 2018 on the Protection of Personal Data; 2. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation); 3. the Act of 18 July 2002 on the Provision of Services by Electronic Means; 4. the Act of 16 July 2004 - Telecommunications Law; 5. the Act of 12 July 2024 - Electronic Communications Law. Use of the Service is carried out using the secure SSL Protocol, which protects the transmission of data over the Internet.

1. User - an entity using the Service, which may be: a natural person with full legal capacity, a legal person, or an organisational unit without legal personality to which specific provisions grant legal capacity; 2. Controller - SmartDev Spółka z o.o. with its registered office in Bielsko-Biała, ul. Michała Grażyńskiego 40, 43-300 Bielsko-Biała, Poland, KRS: 0001029959, NIP: 5472237485, REGON: 524981914; 3. Service - the website operated by the Controller at the URL: www.gojobee.com; 4. Cookies/Cookie files - small pieces of information stored by a server on the User’s computer, which the server may read upon a subsequent connection from that computer; 5. SSL Protocol - a special standard for data transmission on the Internet where transmissions are encrypted, unlike ordinary transmissions where data is sent in plain text; 6. System log - information transmitted to the server by the User’s computer at each connection; it may contain various data (e.g. an IP address), from which it is possible to determine, with greater or lesser accuracy, the source of the connection; 7. IP address - an individual number usually assigned to each computer connected to the Internet; an IP address may be permanently assigned to a given computer (static) or assigned for a given connection (dynamic); 8. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation); 9. Personal data - information relating to an identified or identifiable natural person (the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name and surname, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; 10. Processing - any operation performed on personal data, such as collection, recording, storage, development, alteration, disclosure and deletion, in particular operations performed in IT systems.

Pursuant to Article 13 of the GDPR, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: the GDPR), we inform you that: 1. The Controller of your personal data is SmartDev Spółka z o.o. with its registered office in Bielsko-Biała, ul. Michała Grażyńskiego 40, 43-300 Bielsko-Biała, Poland, KRS: 0001029959, NIP: 5472237485, REGON: 524981914. 2. You may contact the Controller by e-mail at: [email protected], or by post to the Controller’s address. 3. Your personal data will be processed for the following purposes, on the following legal bases, and for the periods indicated below: a) for the purpose of using the Service functionalities, data will be processed on the basis of the agreement for the provision of services by electronic means which the User enters into with the Controller by accessing the Service website and accepting the Service Terms and Conditions, pursuant to Article 6(1)(b) GDPR. Such data will be processed for the period during which the User remains within our Service. Provision of personal data is voluntary. Failure to provide personal data results in the inability to use the Service functionalities; b) for the purpose of performing obligations arising from provisions of law, including the Act on the Provision of Services by Electronic Means, and for the purpose of handling complaints submitted in connection with the operation of the Service, data will be processed pursuant to Article 6(1)(c) and (f) GDPR for the period necessary to perform tasks related to complaint handling, and thereafter for the limitation period for potential claims as specified by law. Provision of personal data is voluntary. Failure to provide personal data results in the inability to use the Service functionalities; c) for the purpose of leaving contact details, pursuant to Article 6(1)(a) GDPR, for the period required to respond to the enquiry or to maintain contact. Provision of personal data is voluntary. Failure to provide personal data results in the inability to provide a response to the question asked; d) for the purpose of sending the newsletter, pursuant to Article 6(1)(b) and (a) GDPR, for the period of the newsletter subscription. Provision of personal data is voluntary. Failure to provide personal data results in the inability to use the newsletter subscription; e) for the purpose of creating and maintaining a user account in the Service, data will be processed on the basis of the agreement for the provision of services by electronic means concluded with the Controller through account registration and acceptance of the Service Terms and Conditions, pursuant to Article 6(1)(b) GDPR. Such data will be processed for the period during which the account is maintained in the Service, and following its deletion for the period necessary to secure potential claims (no longer than 6 years from the date of termination of the agreement); f) Provision of personal data is voluntary; however, failure to provide it makes it impossible to create a user account; g) for the purpose of maintaining contact with the User in matters related to account administration, sending system notifications, or information regarding changes in the Service, data will be processed pursuant to Article 6(1)(f) GDPR (the Controller’s legitimate interest consisting in ensuring proper account administration) for the period during which the account is maintained in the Service; h) where separate consent is given, for the purpose of sending marketing information, data will be processed pursuant to Article 6(1)(a) GDPR until consent is withdrawn; i) Provision of personal data is voluntary but necessary to maintain an active account. 4. In addition, where separate consent is given, your personal data may be processed for the Controller’s marketing and commercial purposes. 5. In connection with the Controller’s processing of your personal data, you have the right to request from the Controller: access to your personal data, rectification, erasure or restriction of processing, the right to object to processing, the right to data portability, and the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal. 6. If you consider that the Controller’s processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO). 7. Your data will not be processed in an automated manner, including by way of profiling. 8. Your personal data may be disclosed only to authorised recipients or categories of recipients in justified cases on the basis of relevant provisions of law or an agreement concluded by the Controller, including: entities providing legal assistance services, entities servicing the Controller’s IT systems and websites, entities who jointly carry out activities with the Controller or cooperate with the Controller in information activities and promotion of the Controller’s business, as well as entities organising events and conferences, and entities affiliated with the Controller. 9. When you use the newsletter, your personal data will be transferred to the service provider, i.e. Brevo group Sendinblue. Such data will be processed within the European Economic Area and will not be transferred outside this area. Detailed rules for the processing of personal data by the above entity and its privacy principles are available at: https://www.brevo.com/legal/privacypolicy/. 10. Your data will not be transferred outside the European Economic Area.

Use of the Service is carried out using the secure SSL Protocol, which protects the transmission of data over the Internet. In accordance with applicable law, the Service uses Cookies, which constitute IT data, in particular text files, stored on the User’s terminal device. Cookies are used for the following purposes: 1. to facilitate the User’s use of the Service while browsing; 2. to recognise Users upon the Service’s subsequent connection with the device on which Cookies were stored; 3. to create statistics which help understand how the User uses websites, enabling improvements to their structure and content; 4. to tailor the content of the Service’s webpages to the User’s preferences and to optimise the use of webpages adapted to the User’s individual needs. Cookies typically contain the name of the website from which they originate, the time they are stored on the terminal device, and a unique number. Within the Service, we use the following types of Cookies: • “session” Cookies - stored on the User’s terminal device until logout, leaving the website or closing the web browser; • “persistent” Cookies - stored on the User’s terminal device for the period specified in the Cookie parameters or until deleted by the User; • “performance” Cookies - enabling collection of information on how the Service’s webpages are used; • “necessary” Cookies - enabling use of services available within the Service; • “functional” Cookies - enabling the Service to remember settings selected by the User and to personalise the User interface; • “first-party” Cookies - placed by the Service; • “third-party” Cookies - originating from a website other than the Service; • “Other Google Cookies” - you should familiarise yourself with Google’s Cookie policy: www.google.com/policies/technologies/types/.

The User’s activity within the Service, including their personal data, is recorded in system logs. Information collected in logs is processed primarily for purposes related to the provision of services, i.e. for the purpose of: • establishing contact between Users and the Controller, holding consultations and reviewing the Controller’s offer; • detecting abuse, identifying and counteracting threats to the stability and proper operation of the Service.

Our website uses essential Cookies that facilitate the use of its resources. Cookies contain useful information and are stored on the User’s computer – our server may read them upon reconnecting from that computer. Most web browsers allow Cookies to be stored on the User’s terminal device by default. Each User of our Service may change Cookie settings in their web browser settings:

a) deleting Cookies, b) blocking Cookies by default, c) allowing Cookies by default, d) keeping Cookies and site data until the browser is closed by default, e) specifying exceptions for Cookies from specific sites or domains.

Disabling Cookies in the browser does not deprive the User of access to the Service resources. Web browsing software (i.e. a web browser) usually allows Cookies to be stored on the User’s terminal device by default. Users may change these settings. The web browser allows Cookies to be deleted and may also enable automatic blocking of Cookies. Detailed information is provided in the help section or documentation of the User’s web browser. If the User does not wish to share Cookies, they may change their browser settings. However, disabling support for Cookies necessary for authentication processes, security or maintaining User preferences may hinder, and in extreme cases may prevent, the use of the Service.

1. The Service may contain external links enabling Users to access other websites directly, and while using the Service, Cookies from other entities may also be placed on your device, in particular from providers such as Google, in order to enable you to use the Service functionalities integrated with those services. Each provider sets out the rules for using Cookies in its own privacy policy; therefore, for security reasons, we recommend that before using such websites you read the relevant privacy policy document. 2. We reserve the right to change this Privacy Policy by publishing a new Privacy Policy within our Service. Following such change, the Privacy Policy will be published on the website with a new date. 3. Further information on the terms of providing services, in particular the rules of operation of the Service, the methods and conditions for concluding agreements, and the conditions for access to content and use of the Service, can be found in the Service Terms and Conditions.