Privacy Policy and Cookies Policy Concerning Asseco Websites

Asseco is everywhere where technology and business combine with everyday life. The sum of experience from all market sectors enables us to create reliable, advanced products.

We operate globally, however, we never lose sight of human and social dimension of our work. We know that someone’s life or financial future may depend on our solutions. We take full responsibility for the projects we execute. In this way, we have been building trust and our brand prestige for years.

Asseco strives to comply with the highest standards of management, communication, and transparency. Foundations of our business include observing the applicable laws and regulations on privacy and personal data protection. We particularly value respecting privacy of Users visiting our websites.

Purpose of the Policy

The Policy applies to all Asseco Poland S.A. websites, sites within the global domain of www.asseco.com owned by Asseco Poland S.A, and to other websites run by Asseco Poland for the Asseco Group, hereinafter referred to as the Asseco websites.

Asseco Poland S.A. declares that Asseco websites are run with utmost care, in compliance with the rules of technical know-how and professionalism, as well as in accordance with the applicable legal regulations, in particular those that protect privacy of Internet website Users:

1. Regulation No 2016/679 of the European Parliament and of the Council of the EU of April 27 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, Official Journal of the European Union L. 2016 No 119/1
2. Act of July 18 2002 on the provision of services by electronic means, Journal of Laws from 2013, item 1422, as amended
3. Act of July 16 2004 Telecommunication Law, Journal of Laws from 2014, item 243, as amended

Data Collection

In accordance with the accepted practice of most of web services, we keep HTTP enquiries sent to our server. This means that we public IP addresses from which Users browse information content of our service. The browsed resources are identified by URL addresses. We also know the following:

• time the enquiry arrives;
• time taken to send the reply;
• name of client station – identification is executed by the HTTP protocol;
• information on errors that occurred while executing the HTTP transaction;
• URL address of the site previously visited by the User (referrer link) – if the transfer to the Office’s page was made through a link;
• information on User’s browser.

Regardless of the above, circumstances can be when information other than the above concerning the User, including personal data, will be indispensable to execute the requested service or process. Such is the case, the User will be informed of the necessity to make available of certain information, including personal data, and of the purpose of using such information. The User is able to make a voluntary decision concerning making available or denial to make available of his/her personal data. Nevertheless, making available of personal data may be required in a situation when the User is interested in obtaining information concerning provision of a service, event specified as a part of Asseco websites (e.g. obtaining information on a product, organized event, offer, downloading a demo; launching an internship program, recruitment process). Thus, the User may be requested to fill in and send a form/questionnaire where it will be clearly indicated what kind of personal data and for what purpose will be gathered.

The data provided will be processed for the period necessary to achieve the purpose of the provision, unless the law provides otherwise.

In a situation when the User reveals personal data of a third person in the form/questionnaire, it is assumed that the User has an appropriate consent of the person whose data he/she has revealed.

The User is entitled to view and the right to amend and complete any incorrect or incomplete personal data. Regardless of the above, the User is at any time entitled to demand that processing of his/her personal data is ceased – the data are deleted. The form of submitting such a request is specified while gathering such data.

We reserve that Asseco websites do not gather, monitor, or verify information on the age of Users visiting them or any other information gathering of which would enable Asseco to determine whether the User (including the recipient and a user of e-mail lists, participant of questionnaire research, and a person participating in contest organized via them) has a capacity to perform acts in law.

Persons not having a full capacity to perform acts in law should not place orders or subscribe services provided by websites, unless their statutory representatives express their consent for this if such a consent is sufficient according to applicable legal regulations.

Cookie Files

Asseco websites use the so-called cookies or other technologies featuring functions similar or equivalent to cookies, i.e., information stored on the end device of Users visiting Websites. Cookies are automatically downloaded and used by Websites at each connection with the User’s end device.

Websites use cookies in order to:

• provide services;
• adapt the contents of websites to the User’s end device, store individual settings of the User and to optimize the use of websites;
• improve safety by controlling violations in the process of using websites;
• obtain collective, anonymous statistics to improve functionality of websites;
• maintain User’s session (this refers to websites with user log on option) so the User does not have to re-log with his/her login and password on each website;
• enable the use of basic functionalities of websites (e.g., storing visited sites in order to reinstate them at User’s demand);
• for advertising and marketing purposes to adapt the advertising content displayed on Asseco websites and on other websites to User’s preferences.

NOTE: cookie files do not enable User’s identity identification in any way, do not process personal data, or do not make any changes in configuration of the User’s end device or software installed on this device.

As a part of websites Asseco, we use the following types of cookie file:

• session cookie files (temporary) – stored on the User’s device only when websites are used, i.e. until logging off, closing a website or closing browser used by the User,
• permanent cookie files – these remain at the User’s device until their life cycle ends (operating time parameterized for a cookie) or until removed by the User.

Settings concerning the files are individual for each internet browser. It is worth knowing that the default option is to enable cookie acceptance. Each User, however, may completely turn this option off or limit cookie acceptance to a certain extent on his/her device. We inform that this can influence the comfort of using websites and result in a lack or improper display of a majority of websites. In some cases, it is possible to set the browser to ask for User’s permission to install cookie files. This enables the User to control cookie files but can slow down the browser.

In order to easily manage cookie files, the preferred browser should be selected and instructions should be followed:

• Internet Explorer
• Firefox
• Chrome
• Opera
• Safari

Mobiles:

• Android
• Windows Phone
• Blackberry

Failure to change the settings in the scope of cookies means that these will be installed on the User’s end device, and, thus, the Asseco Capital Group will store information on User’s end device and obtain access to it.

Making Available of Websites

Asseco websites may include links to internet websites of other entities. Asseco Poland S.A. has no influence on privacy policy of such entities and is not responsible for such a policy.

PR and Marketing.

All information, including personal data, made available by the User as a part of Asseco websites and provided while the User participates in a range of various meetings organized by Asseco Group entities may be used for marketing and PR purposes as a part of various marketing campaigns conducted by Asseco Group entities if the User expresses his/her consent for that. User’s consent is equivalent to acceptance of receiving commercial information.

Recruitment

Asseco websites may be involved in recruitment of new staff, interns, trainees, partners for Asseco Poland S.A. or other Asseco Group entities. Personal data obtained in this manner are used for the needs of recruitment only as a part of current and future recruitment processes. Filling in a recruitment form, the User expresses his/her consent for participation in the current and future recruitment processes conducted by Asseco Group. The consent refers to all documents submitted as a part of recruitment processes.

Making Available of Information to Clients, Partners

Personal data and information provided via Asseco websites may be used to develop and manage business relations by Asseco Group entities with a user representing a Partner or Client. In particular, commercial, product, marketing information or information on partner programmes may be sent. Asseco Group entities reserve the right to make available of such information top other associated entities in order to provide a service, process provided making available of such information is possible.

Contact for privacy protection or personal data protection issues: iod@asseco.pl, phone: +48 17 888 55 55

Data Protection Officer: Asseco Poland S.A., 14 Olchowa Street, 35-322 Rzeszów

Regional DPO contact

Contact for privacy protection or personal data protection issues for Asseco South Eastern Europe: dpo@asseco.see, phone: +48 22 574 86 30

Information Security Administrator/Data Protection Officer: Asseco South Eastern Europe., 13 Branickiego Street, 02-972 Warsaw

Asseco SEE SRL (Romania) DPO contact

Contact for privacy protection or personal data protection issues for Asseco SEE (Romania): dpo@asseco-see.com, phone: +40 21 206 45 00