Discover Im2be

Privacy Policy

Privacy Policy at Intelligent Technologies

 

General information

 

In connection with its business activity, the Administrator collects
and processes personal data in accordance with the relevant regulations, including
in particular the GDPR and the data processing rules provided for therein. By processing data, the Administrator ensures their security
and confidentiality, as well as access to information about the processing to the Data Subjects.

 

This Privacy Policy sets out the rules for collecting, processing, storing and protecting personal data collected by Intelligent Technologies S.A. in connection with the use of the Im2be application and the website by the users https://im2be.com/pl/

 

Each user is obliged to read this Privacy Policy before starting to use the services. By using Im2be, you agree to be bound by this Policy. If you do not agree with our data processing practices, please stop using the app.

 

Definitions

 

Administrator – Intelligent Technologies, Al. Krakowska 61A, 05-090 Sękocin Nowy, e-mail: legal@itsa.pl

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC,

Policy – this Privacy Policy,

 

Personal data – means information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person. Data subject – a natural person to whom the personal data processed by the data subject Administrator.

 

Data provided by the user

 

When registering and using the services, you may voluntarily provide identification data such as your name, surname, email address and telephone number. The admin also collects demographic information including date of birth, gender, and language of preference. As part of the use of the application, the user can enter text and voice messages, notes, photos and other multimedia materials. Registration data includes login information and passwords, which are stored in encrypted form.

 

If the user decides to use the Flow Coach module or sessions with health professionals, the Administrator also collects information about their mental state, emotions, mood and physical well-being. If you create or join a family account, data related to your family profile is also collected.

 

Data collected automatically

 

When using the application, the Administrator automatically collects technical data necessary to provide services. These include the device type, operating system, unique device ID, and app version. The administrator also logs connection data such as IP address, browser type, network operator, and date and time of access.

The administrator monitors the user’s activities in the application, including which features were used, the navigation path and the times of the last activity. Location information is collected based on the permissions granted by the user, which may be an approximate geographic location based on your IP address if you have consented to it. The Administrator may also collect session data such as session duration and number of visits, and use cookies and similar technologies to track user preferences.

 

Data from other sources

 

The Administrator may receive personal data from parents or legal guardians during the registration of a person under 18 years of age. If the user logs in via Facebook or Google, the Administrator obtains data available in accordance with the policy of a given platform. The administrator also works with payment service providers, analytics, and cloud infrastructure that may provide data in connection with the provision of services. In some cases, the Administrator may obtain information available to the public on portals or websites.

 

User protection

 

Im2be is available to users of different age categories, however, each of them is subject to different requirements. For children under 13, parental or legal guardian consent is required, and parental controls are mandatory. People aged 13-17 can self-register, but their account must be approved by a parent, and parental controls are available upon the parent’s request. People over 18 years of age register as standard without the need for approval by a guardian.

 

 

 

 

Registration procedure for different age groups

 

For children under 13 years of age, the parent enrolls the child through the “Family Members” feature in the app. The administrator requires the child’s full name, date of birth for age verification, and the child’s unique email address. The parent must undergo identity verification, e.g. by confirming the email address and entering the verification code sent to the child’s email. The child’s account remains inactive until it is fully verified, and the parent receives confirmation of the account creation and can monitor it.

 

For people aged 13-17, there are two options available. A person can register on their own, but their account must be approved by a parent in the family management system. Alternatively, the parent can register the child themselves. Regardless of the option you choose, the account remains inactive for the parent to accept. The required data is your email address, date of birth for age verification and the choice of login method (email, Google or Apple).

 

Parental control system

 

The administrator has implemented an extensive parental control system that allows parents to view their child’s overall activity without access to private conversations, set time limits for using the app, approve new contacts and calls, and receive notifications about security alerts. Parents can also turn on or off selected functionalities for the child and, if necessary, if available in a given medium, lock the device remotely.

For children under 13, some advanced learning modules and community features are not available. For children aged 13-17, access to adult content is limited, as is the exchange of large files.

 

Private conversations are protected. Conversations in the artificial intelligence module (Flow Coach) have a confidential status and the Administrator analyzes them for security and quality of service purposes. However, in special cases, if the AI system detects a threat to a child’s safety such as suicidal thoughts, bullying, or harassment, the parent is notified.

 

A parent can delete a child’s account at any time, which permanently deletes all of their child’s data within 30 days. A child over 13 years of age can delete their account on their own in the case of some options, and the parent receives a notification about this action.

 

The administrator provides parents with educational materials on how to use the app safely, offers tips on how to protect their child’s data, monitors activity to detect potential threats such as cyberbullying or inappropriate content, and cooperates with organizations dealing with children’s online safety.

 

Im2be includes an AI module called Flow Coach that uses language models to support users. The system can analyze the user’s messages, classify their emotional and mental state and generate personalized support recommendations, as well as security alerts

 

Purposes of data processing and legal bases

 

The Controller processes personal data for several purposes, each of which has a specific legal basis in accordance with the GDPR.

Performance of the contract

 

The data is processed for the purpose of registering and managing the user account, creating a profile and storing login data. The Administrator processes data in order to provide services, including providing application functionality, conversations, access to educational resources and family account management. The Controller processes data to handle payments, including processing subscriptions and invoicing. The user also receives notifications about the functioning of the application, updates and changes to the terms and conditions. The legal basis for this processing is Article 6(1)(b) GDPR (performance of a contract).

User consent

 

If the user agrees, the Administrator sends information about new features and promotions. The administrator may ask to participate in surveys on satisfaction with the services. The Administrator collects analytical data on the manner of using the application based on the user’s consent to the use of analytical cookies. The legal basis for this processing is Article 6(1)(a) GDPR (informed consent).

 

Legal obligation

 

The Administrator stores data for tax purposes and accounting records for a period of 7 years from the last transaction in accordance with the requirements of the VAT Act and the Accounting Act. The data may be made available to the authorities on the basis of a final court decision. The Administrator processes data in order to identify payment fraudsters or violations of the terms of use. The legal basis for this processing is Article 6(1)(c) GDPR (legal obligation).

 

Legitimate interest

 

The administrator monitors the security of the servers and identifies vulnerabilities to protect the application. The administrator identifies and blocks fraudulent use, such as spam or the creation of fake accounts. It analyzes user data to optimize the interface and improve AI algorithms. The administrator sends anonymized statistics to potential business partners. The legal basis for this processing is Article 6(1)(f) GDPR (legitimate interest).

 

Contact

 

In matters of protection of your personal data, you can contact us via the contact form on the website or in writing to the address of our headquarters.

 

Who we share your personal data with

 

Personal data may be made available to various recipients depending on the purpose of processing In connection with conducting activities requiring the processing of personal data, personal data may be disclosed, to the extent necessary, depending on the type, subject and form of our cooperation, to external entities, including in particular entities supporting us in the implementation of the provisions of the agreement, i.e. such as:   which provide technical, legal, audit support and technical and modernization works on our behalf, suppliers responsible for the operation of IT systems and equipment, entities providing accounting services, postal operators, couriers, marketing or recruitment agencies. At the same time, the Administrator reserves the right to disclose selected information concerning the Data Subject to the competent authorities or third parties who request such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.

 

The Administrator’s employees who have access to the data perform functions related to the provision of services, technical support and customer support. Employees’ access is limited to the data necessary to perform their tasks, and all employees are subject to a duty of confidentiality.

 

The Controller cooperates with many service providers who process data on behalf of the Controller. The Controller may make the data available to public authorities upon request, including courts on the basis of a court decision, the police in connection with an investigation, and for tax purposes, and to authorities in connection with the control of compliance with the GDPR.

 

In the event of a merger or acquisition by another company, the data may be transferred to the new company and the user will be informed. If you give your written consent, the data may be shared with other entities. Anonymized statistics may be shared with business partners for business intelligence purposes.

 

The period for which we will store your data

 

The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. The period of data processing may also result from the regulations when they constitute the basis for processing or consent granted. In the case of data processing on the basis of the Controller’s legitimate interest – e.g. for security reasons – the data are processed for a period enabling the implementation of this interest or until an effective objection to data processing is raised. If the processing is based on consent, the data is processed until its withdrawal. When the basis for processing is the necessity to conclude and perform a contract, the data is processed until its termination.


The period of data processing may be extended if the processing is necessary to establish or pursue claims or defend against claims, and after this period – only if and to the extent required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymised.

 

Data security

 

The Administrator has implemented a comprehensive system of technical and organizational security to protect user data.

The administrator has implemented firewalls and intrusion detection and prevention systems to protect against attacks. The software is regularly updated and vulnerabilities are eliminated.

 

From an organizational perspective, access to data is limited to authorized employees in accordance with the principle of least privilege. All employees receive data protection training and sign confidentiality agreements. The administrator conducts regular penetration tests at least once a year to identify potential security vulnerabilities. Both internal and external audits confirm compliance with security requirements. The administrator has a procedure for responding to security incidents. The data of different users is logically separated.

 

The Administrator has ISO 27001 certificates confirming information security, and full compliance with the GDPR, and is subject to regular audits carried out by independent companies.

In the event of a data security breach, the Administrator immediately identifies the incident and assesses its scope.

 

Rights of Data Subjects

 

We would like to inform you that at any time you have the right to request from the Administrator the exercise of your rights in accordance with generally applicable provisions of law, including the right to access information about the processing of personal data, access to your data, obtain a copy of your data, rectify them, transfer them, delete them, the right to limit data processing as well as the right to object to processing, withdraw consent and lodge a complaint with a supervisory authority (in Poland the supervisory authority is the President of the Office for Personal Data Protection).

 

The Administrator does not use automatic systems to profile its customers or potential customers. Your data is also not subject to automated decision-making.

 

Each user has a number of rights related to the processing of their personal data. The right of access allows you to request confirmation as to whether data relating to you is being processed and to access this data in an understandable form. The application should be submitted to the Administrator’s e-mail address, providing the name, surname and e-mail address, and the Administrator responds within 30 days from the date of receipt of the application.

 

The right of rectification allows the user to request the correction of inaccurate or incomplete data. The User can edit most of the data themselves in the profile settings, while other data can be corrected by contacting the Administrator.

 

The right to erasure, also known as the “right to be forgotten”, allows you to request the erasure of your personal data when the data is no longer necessary for the purposes of the processing, you have withdrawn your consent to the processing, you have objected to the processing, or the data has been processed in violation of the law. The controller may refuse to delete the data if the data is required by law, such as tax requirements or availability to the regulator.

 

The right to restriction of processing allows you to request that the processing of data be paused when the data is inaccurate, the processing is unlawful, the Controller no longer needs the data, but you need it for legal purposes, or you have objected to the processing. The data remains stored but is not processed.

 

The right to data portability allows you to receive your data in electronic format and transfer it to another service provider. A request for data export should be submitted via the contact form or email.

 

The right to object allows you to object to the processing of your data for marketing or profiling purposes. The User can click on the “Unsubscribe me” link in each marketing email or send a request to the Administrator, after which the Administrator will stop sending marketing emails.

 

The right to make a non-automated decision allows the user to demand a decision made by a human if the decision concerns their rights or obligations. Flow Coach is a supportive tool, not a final decision-maker, so this law does not fully apply.

 

To exercise which of the above rights, the user should prepare an application describing the requested right, sign it (this can be an email from their email address), attach a copy of an identity document to verify identity, and send the request to the Administrator’s email address or via the contact form on the https://im2be.com/pl/ website. The Administrator responds within 30 days from the date of the request, and in complicated cases the deadline may be extended to 90 days, of which the Administrator will inform the user.

 

Cookies

 

Cookies (also called cookies) are – according to Wikipedia – small text pieces of information sent by a web server and stored on the user’s side (usually on the hard drive). The default parameters of cookies allow only the server that created them to read the information contained in them. Cookies are most commonly used for counters, probes, online stores, login sites, advertisements, and to monitor visitor activity. For more information, see Wikipedia.


Purposes of storing and accessing cookies: personalization of the website (for example: remembering the selected font size, choosing a version for the visually impaired or a color version), remembering the user’s data and choices (for example: no need to enter the login and password every time on each subpage, remembering the login when visiting again, remembering the contents of the shopping cart), enabling interaction with social networks,   customizing the advertising content displayed on the website, creating website statistics and statistics on the flow of users between different websites. Taking into account the multitude of technological solutions, it is not possible to provide precise guidelines on how to determine the conditions for storing or accessing Cookies using the settings of all available telecommunications terminal equipment and software installed in this device. Nevertheless, in most cases, you should select the “Tools” or “Settings” option and there you will find the section responsible for configuring cookie settings or managing your privacy while browsing the Internet. Detailed information is usually provided by the manufacturer of the device or browser in the user manual or on its website.

 

Data Protection Officer

 

Intelligent Technologies S.A. has appointed a Data Protection Officer (DPO) to supervise compliance with the requirements of the GDPR. The User can contact the DPO via the email address lega@itsa.pl or via the contact form on the website.

 

Privacy Policy Changes and Contact

 

The Administrator may change this Privacy Policy at any time. The changes will come into force by posting the new version on the Im2be website. The user will be informed via an in-app notification. If you do not agree to the changes, please stop using the services.

 

In case of questions, doubts or willingness to submit a request regarding the Privacy Policy, the user may contact the Administrator at the following addresses: Email: leagl@itsa.pl Address: Al. Krakowska 61A, 05-090 Sękocin Nowy, Poland, Contact form: https://im2be.com/pl/kontakt.

 

 

Governing Law and Final Provisions

 

This Privacy Policy is governed by the laws of the Republic of Poland. Any disputes arising from data processing will be resolved before Polish courts. The Privacy Policy is an integral part of the Im2be Terms and Conditions and should be read in conjunction with it. In the event of a conflict between the Privacy Policy and other documents, the Privacy Policy shall prevail in matters concerning the protection of personal data.

 

If the user believes that their copyright has been infringed in the Im2be application, they should immediately inform the Administrator, providing a detailed description of the infringement, the date and time of the infringement, a copy of the infringing material and their contact details (name, surname, email). The administrator will investigate the claim and respond within 14 days