Terms and Conditions


I. General Provisions

1. This Terms and conditions (T&C) specify the policies and technical conditions for the provision of services by electronic means in particular through the website available at https://www.igdpr.eu or established domain name, by iGDPR sp. z o.o. with its registered office in Warsaw, address: Twarda 18 Street, 00-105 Warsaw, entered into the Register of Entrepreneurs of the National Court Register under KRS number 0000911811, NIP: 5252870967.
2. Each User is obliged to comply with the provisions of the T&C from the moment of taking any action aimed at using the Service, taking into account in particular the start of the data transmission activity.
3. Giving consent to abide by the T&C in the process of Registration of the User is tantamount to full acceptance of the terms and conditions contained therein and causes the conclusion of an Agreement between the User and the Operator, the content of which includes the provisions of the T&C.
4. During the Registration process the User concludes an agreement with the Operator on entrusting the processing of personal data.

II. Definitions

1. The wording used means:
a. iGDPR – trade name of the Software made available by the Operator.
b. Price List – a summary of the Fees payable to the Operator for use of the Service.
c. Functionality – operation possible to perform within a given Module made available on the iGDPR Website.
d. Account – an area on the Websites made available to the User, which allows the use of Functionality. An Account is created after Registration. Within an Account, data on the User or persons to whom the User has enabled the use of the Functionality is collected, in accordance with the terms set forth in the Plan.
e. Module – an element of the Software made available within the iGDPR Website.
f. Trial Period – a period of 21 days counted from the date of Registration during which the User may test the Service as part of the STANDARD Plan excluding certain Functionalities. In the event the Fee is paid before the expiration of the Trial Period, the Trial Period shall be shortened until the date the Fee is credited to the Operator.
g. Operator – iGDPR sp. z o.o. with its registered office in Warsaw, at 18 Twarda Street (00-105 Warsaw) entered into the Register of Entrepreneurs of the National Court Register under KRS 0000911811, NIP: 5252870967.
h. Fee – the Operator’s remuneration for the use of the Service by the User for a period of 12 months.
i. Software – a computer program within the meaning of the Act of 4 February 1994 on Copyright and Related Rights, made available by the Operator as part of the provided Service.
j. Plan – a type of Service selected by the User, which shall be consistent with the nature of the business activity conducted by the User and the processed personal data.
k. Registration – the procedure for creating an Account consisting in the completion and confirmation of the Registration form, in accordance with the instructions provided by the Operator.
l. iGDPR Website – Software containing the Modules and Functionalities specified in the T&C.
m. Website – a website made available by the Operator, operating under the address: https://www.igdpr.eu, which contains information about the Operator and the services provided by the Operator, as well as a link allowing redirection to the iGDPR Website.
n. Websites – the Website or iGDPR Website.
o. Agreement – an agreement concluded by the Operator with the User, concerning provision of a Service, the conditions of which shall be defined in the T&C.
p. Service – a service provided electronically, within the meaning of the Act of 18 July 2002 on provision of services by electronic means, by the Operator for the User to the extent and on conditions specified in the T&C.
q. User – entrepreneur or another legal person or organizational unit not being a legal person but to which the law grants legal capacity, using the Service provided by the Operator under the Agreement.

III. Intellectual Property Rights

1. Copying, modifying or deleting any part or the entirety of the Software Modules, Websites or Functionalities, as well as using them in a manner other than defined in these T&C or resulting from their intended use, without the prior consent of the Operator, expressed in writing under pain of invalidity, is prohibited.
2. The use of Software, domain name, templates, forms, logotypes may only take place with the consent of the Operator.
3. In order to use the Service, the Operator grants the User a license for the Software, which includes the following fields of exploitation: permanent or temporary reproduction of the Software in whole or in part, by any means and in any form, as long as it is necessary to reproduce the Software in order to load it to memory of the Operator’s devices, display it, run it on the Operator’s devices, print it in part or in whole.
4. The User may not modify, adapt, translate, reverse engineer, decompile, disassemble or create derivative works based on the Software, in whole or in part, without the prior consent of the Operator granted in writing under pain of invalidity.
5. All data and databases of the User shall remain the sole property of the User, and all data and databases of the Operator shall remain the sole property of the Operator.
6. Apart from exceptions explicitly indicated, the contents published on the Website are only the general information on the activity of the Operator (including the Service) and do not constitute an offer as understood by the Civil Code Act of 23 April 1964.

IV. Rules of using the Service

1. Under the T&C, the Operator shall provide the Service, including:
a. access to content on the Website;
b. access to modules and functionalities of the iGDPR Website.
2. The Operator provides access to the Software as a resource of its computer system.
3. The Software may be used only for its intended purpose. It is prohibited to take actions interfering with the operation of the Software.
4. In order to use the Service it is necessary to have active devices that allow access to the Internet, e-mail and web browser.
5. User on their own and at their own risk should ensure that the technical requirements are met by the device with which you use the Service, its configuration, software updates and access to the Internet.
6. Devices should meet the following requirements:
a. the mobile device should have the operating system in the version no older than two versions preceding the latest version made available by the manufacturer of that operating system;
b. computers (including: laptops, PCs) should have the ability to run an Internet browser.

V. Registration

1. In order to gain access to modules and functionalities of the iGDPR Website, you must register and create an Account.
2. Registration requires the following actions:
a. filling in the registration form, which can be found on the iGDPR Website, by providing the following data: REGON, e-mail address and mobile phone number;
b. confirmation of the Account using the activation link received to the e-mail address indicated in the registration form and the password received in a text message to the mobile phone number provided in the registration form;
c. establishing a target password for the Account;
d. assign a subdomain name, under which the iGDPR Website will be available.
3. During the Registration and Account creation process the User is obliged to provide correct identification and address data, consistent with the actual and legal status, data contained in public registers or records. The User shall be obliged to update the data on an ongoing basis under pain of incurring the negative consequences of using outdated data.
4. The User whose Account has been suspended may not use another Account or make another Registration.
5. Successful Registration shall be subject to the User’s familiarisation with and acceptance of the content of the T&C.

VI. Type and scope of Services provided by the Operator

1. The Operator shall provide the User access to the Website and the iGDPR Website and its individual Modules and Functions under the terms of the Agreement.
2. A detailed description of each Module and its functionalities is available on the Website.

VII. Trial

1. After the Registration, creation of the Account and approval of all data by the Operator, the Trial Period begins.
2. The User shall pay the Fee as described in point VIII of the T&C before the expiration of the Trial Period, provided that the User intends to use the Service.
3. If the Operator does not credit the Service Fee upon expiration of the Trial Period, the User shall lose the opportunity to use the Service. Access to the Service shall be disabled and the data entered shall be deleted, except for the User’s data which is not necessary to process due to the provisions of law, defense against claims or their assertion against the User. Access to data entered by the User is possible in read-only mode for 30 days.
4. The Operator, before disabling access to the Service, may notify the User about the need to pay the Fee.
5. Upon crediting the Operator’s bank account with the full amount of the Fee, the User shall gain access to the Service in accordance with the T&C and the Price List. Paid access to the Service starts after the Trial Period.
6. The Operator reserves the right to contact the User to obtain its opinion on the Service used by the User during the Trial Period.

VIII. Fees

1. Except for the Trial Period, the use of the Service requires the payment of the Fee by the User. The Fee is payable in advance for the entire period of Service provision in the amount and on the terms set forth in the Price List constituting part of the Agreement. The Fee is non-refundable, irrespective of the degree of usage of the Service during the period for which it was paid.
2. The Price List is available on the website: www.igdpr.eu/price-list.
3. Apart from the exceptions specified in the T&C, the Fee shall be paid using the electronic means of payment provided by the Operator.
4. The Fee is due to the Operator for the use of the selected Plan, including the available Modules and their Functionalities, for the duration of the Agreement.
5. The Fee shall be considered paid at the moment when the full amount is credited to the Operator’s bank account.
6. The User agrees to receive invoices in electronic form, which will be made available on the iGDPR Website.
7. The User may change the Plan during the Agreement term, if a selected Plan is higher than the current one.
8. In order to change the Plan the User makes such a change on the iGDPR Website (Module Settings / Subscriptions and payments) and pays an additional part of the Fee representing the proportional value of the difference between the higher and lower Plan in relation to the remaining period of the Service.

IX. Extension of usage of the Service

1. The User should pay the Fee according to the rules described in point VIII of the T&C before the expiration of the Agreement if the User intends to continue using the Service.
2. The Operator, before disabling access to the Service, may notify the User about the need to pay the Fee for the next period of Service use.
3. The Operator may contact the User to determine whether the User has finally opted out of the Service, as well as to obtain the User’s opinion about the Service.
4. If the Fee is paid before the expiration of the Agreement, the possibility to use the Service shall be extended for the next period in accordance with the Price List.
5. If the Fee for Service is not credited by the Operator by the end of the Agreement term, the User shall lose the possibility to use the Service. Access to the Service shall be disabled and entered data shall be deleted, except for the User’s data which are necessary to be processed due to legal regulations, defense against claims or their investigation against the User. Access to data entered by the User is available in read-only mode for 30 days.

X. Entitlements

1. The Operator shall be entitled to control compliance with the T&C, including verification and control of the content posted on the Website. Content may be verified in terms of its authenticity and compliance with the T&C and legal regulations.
2. The Operator shall have the right to remove any content that in any way violates the law,
third party rights, public decency, fair competition or provisions of the T&C.
3. The Operator shall be entitled to remove the content that is stored on the iGDPR Website contrary to its intended use.
4. The Operator is entitled to suspend the Account, if it is used to act against the law, violate the rights of third parties, public decency, fair competition, or provisions of the T&C.
5. The User shall be informed about the removal of content or suspension of the Account together with the reason.
6. The Operator reserves the right to temporarily cease providing the Service in case of failure, overhaul or modernization of the computer system used in connection with providing the Service. In case of a complete shutdown of the Websites, an appropriate announcement shall be published on the Operator’s website.

XI. Responsibility

1. The Operator shall not be held liable for any damage resulting from the User’s failure to comply with the regulations concerning the protection of personal data, or from the use of the iGDPR Website for a purpose or in a manner that is not compatible with the intended use of this iGDPR Website. The iGDPR Website contains only Software that may facilitate the processing of personal data for the User, however, the Operator does not guarantee permanent compliance of the Modules and Functionalities with legal acts and shall not be held liable for the consequences of using the iGDPR Website.
2. Service is not a tool for interpreting legal regulations. The iGDPR Website does not have the character of a universal system used to handle every possible activity related to the processing of personal data, in particular questions included in the forms made available on the iGDPR Website, which can be added, modified or deleted by the User, do not have such character. The User is solely responsible for adapting the iGDPR Website to the individual scope and manner of processing of personal data by the User.
3. The Operator shall be liable for damage incurred by the User in connection with failure to perform or improper performance of the Services only to the extent specified in the T&C.
4. The Operator shall be liable as for his own action or omission, for the actions or omissions of persons with whose assistance he performs the Service, as well as persons to whom the Service performance is entrusted.
5. The total aggregate liability of the Operator for tort, breach or improper performance of the Agreement, including loss of profits, loss or damage to data, good name, shall be limited to the amount of the paid Fee. The Operator shall not be liable for lost profits, including potential profits.
6. The Operator shall not be liable for failure or improper performance of the Service if it is caused by third parties (in particular, telecommunication operators, e-mail or hosting operators, providers of telecommunication links and electricity).
7. The Operator shall not be liable for the impossibility or impediments in using the Service due to reasons attributable to the User, in particular for loss or access to the Account password by third parties (regardless of the manner).
8. The Operator shall not be liable for damages caused by the User’s acts or omissions, in particular for using the Service in a manner inconsistent with the applicable laws, T&C, available instructions or intended use.
9. The Operator shall not be liable for the actualization, correctness, completeness and accuracy of the content posted on the Service.
10. The Operator shall not be liable for inadequacy or defects of computers (or other devices), software and installations of the User and shall not repair, adjust or adapt them.
11. In case of a defect, its removal should take place as soon as possible and in the order of notification. If the defect cannot be removed within 5 (five) working days from its notification, the Operator shall determine the date of its removal and provide this information to the notifying User.

XII. Complaints and claims

1. The User has the right to submit a complaint regarding the Service. Complaints should be reported in accordance with the rules described below.
2. Complaints should be reported on the iGDPR Website, and in the case of non-functioning of the iGDPR Website to the e-mail address support@igdpr.eu.
3. Complaint will be considered within 14 days of receipt.
4. The Operator reserves the right to extend the period for complaint consideration due to the complexity of the subject matter of the complaint or a large number of submitted complaints. In such a case, the User will be informed about the extension of the deadline for complaint investigation, together with the reason for such an extension.
5. The complaint should contain the following information: identification data of the person lodging the complaint (name, surname, e-mail address indicated during Registration), description of the reported problem and indication of the date of the problem (day, month, year).
6. The Operator reserves the right to request additional information or clarification from the person lodging the complaint in a situation where it is necessary to recognize the complaint. Explanations or information should be provided within 7 days of receiving the request. The Operator stipulates that the complaint may not be resolved due to insufficient information.
7. The decision on the complaint will be made available on the iGDPR Website (Module Settings / Notification Center) sent to the e-mail address of the User indicated during Registration.

XIII. Safety rules

1. The Operator informs that in connection with the use of services provided by electronic means, the User is exposed to threats such as:
a. spyware,
b. impersonation with the aim of phishing,
c. computer viruses,
d. spam.
2. Threats concern not only computers but also other mobile equipment, e.g. smartphones, tablets.
3. Spyware is software that can be secretly installed on the User’s device, e.g. by entering a created website or running a file sent in the mail. Such software may monitor/send to the attacker both the data stored on the device and the User’s actions: mouse movements, text typed on the keyboard, camera and microphone monitoring/listening.
4. Phishing is the placement of fake websites on the Internet imitating the original ones and persuading users to log on to them, e.g. by sending fake mail that pretends to be a message from a genuine institution or person. The aim is to intercept access data to the service (login, password).
5. A computer virus is malicious software that is transmitted by writing an infected file on a data carrier, e.g. hard drive, pendrive. The aim of the virus is to steal or delete data, disrupt the operation of the device or take control over it. The most common way to become infected with a computer virus is by downloading files from an untrusted Internet source or by opening an attachment in an email.
6. Spam is unsolicited or unnecessary e-mail sent to many recipients at once. They often carry computer viruses, spyware, links to malicious sites.
7. To ensure safe use of the Internet, the User should in particular:
a. ensure the security of the device in use; in particular, the device should have an antivirus program with an up-to-date virus definition database, a current and safe version of the Internet browser and a firewall turned on;
b. check periodically that the operating system and programs installed on the device have the latest updates, as attacks take advantage of errors detected in previously installed versions of software;
c. secure access data to the services offered on the Internet – e.g. logins, passwords, PIN, electronic certificates, etc. Such data should not be disclosed or stored on the device in a form that allows easy access and reading;
d. be cautious about opening attachments or clicking on links in messages not expected, e.g. from unknown senders; if in doubt, contact the sender;
e. use anti-phishing filters, or other tools to verify that the page displayed is not scamming;
f. download and install only files from trusted sources;
g. establish a secure and hard-to-crack password for access, including network (Wi-Fi) passwords; it is also recommended to use trusted Wi-Fi encryption standards such as WPA2;
h. control physical access to devices.

XIV. Processing of personal data

1. The Operator as the controller, processes personal data of individuals in order to provide services by electronic means by the Operator and for other purposes specified in the Privacy Policy. Detailed rules on the processing of personal data have been described in the Privacy Policy attached to the T&C available at https://www.igdpr.eu.
2. In order to perform the Services provided via the iGDPR Website, the Operator processes personal data on behalf of the User, who has the status of personal data controller. The rights and obligations of the Operator are set forth in the agreement on the entrustment of personal data processing, which is an integral part of the Agreement, the content of which is available during the Registration.

XV. Amendments to the T&C

1. The Operator shall be entitled to amend these T&C in the event of:
a. changes in the provisions of law or their interpretation;
b. the imposition of specific obligations by state authorities;
c. changes to the Price List;
d. changes in the possibility of the User to modify the Plans;
e. major organizational changes, including those affecting the operation of part or all of the Software or the provision of services to Users;
f. technological and functional changes;
g. changes in the scope of the provided Service, Modules or Functionalities, including the introduction of new Modules or Functionalities;
h. editorial changes.
2. An amendment to the T&C shall become effective within 15 days of the notice of amendment and provision of the new version of the T&C.
3. The Operator shall inform about the change to the T&C and the possibility of accepting the change during the first logging into the Account, counting from the moment the change comes into effect.
4. The new version of the T&C shall be published on the website www.igdpr.eu and sent to the e-mail address assigned to the Account.
5. The Operator reserves the right to amend the T&C without adherence to the 15-day notice period, with immediate effect, in the event that:
a. the amendment results from a legal obligation or a decision of the competent authority, and the necessity to introduce the required changes makes it impossible to adhere to the aforementioned 15-day notice period;
b. the amendment is necessary due to the need to prevent fraud, malicious software, data breaches or other threats to cyber security.
6. Operator and User may accept the changes or cancel the Service. If you do not expressly accept the new version of the T&C, the first action taken after the effective date of changes shall be deemed to be an acceptance of the Service under the new terms or conditions arising from the amended T&C.
7. If you do not accept the changes, in order to terminate the Agreement with the Operator, you must immediately, no later than 15 days from the announcement of changes, notify the Operator via sales@igdpr.eu.
8. Termination of the Agreement according to the above procedure shall be effective after 15 days from the notification of amendments to the T&C.

XVI. Termination of the Agreement

1. The Agreement is concluded for a definite period of time, corresponding to the paid period of use of the Service by the User.
2. In the event of repeated violation of the T&C or a single violation of a material provision of the T&C, the Operator may terminate the Agreement with immediate effect.
3. In the event of violation of legal regulations, the Operator may terminate the Agreement with immediate effect. In this case, the ability to use the Services, including access to the Account shall be automatically suspended.
4. If the Agreement has been terminated by decision of the Operator, the User shall not be entitled to re-register the Account without the prior consent of the Operator. If the re-registration is refused, the Operator shall inform the User about the refusal to the e-mail address provided by the User within 14 days.

XVII. Governing law and settlement of disputes

1. In matters not covered by the T&C or the Agreement, Polish law applies.
2. The Operator may attempt to settle the dispute with the User amicably, through an independent mediator. If a mediation proposal is made and accepted by the Operator, the mediation shall be conducted by a mediator appointed by the Polish Mediation Centre (http://mediator.org.pl/) or the Mediation Centre operating at the Confederation of Lewiatan with its seat in Warsaw (http://konfederacjalewiatan.pl/mediacje).
3. Disputes related to Services provided by the Operator shall be adjudicated by Polish common courts of competent jurisdiction over the Operator’s registered office.

XVIII. Final Provisions

1. The T&C are available in English language version.
2. The T&C are effective as of September 15, 2021.