Privacy Policy 

for the Mobile Ticketing System application operated by Fincerto Sp. z o. o.



1.    This Privacy Policy sets out the principles governing the processing and protection of personal data provided by Users in connection with the use of the application and websites administered by Fincerto Sp. z o.o. to which this Privacy Policy applies.
2.    The data controller is Fincerto Sp. z o.o., with its registered office in Bytom at ul. Bernardyńska 1, KRS 0000159398, NIP 641-19-21-650, REGON 273358980, hereinafter referred to as the Company.
3.    The Controller takes all reasonable measures to ensure appropriate physical, technical, and organizational safeguards for personal data against accidental or intentional destruction, accidental loss, alteration, unauthorized disclosure, use, or access, in accordance with all applicable regulations. Data protection is carried out in compliance with the requirements of universally applicable law, and data is stored on secured servers. In the interest of safeguarding the data entrusted to us, we have developed internal procedures and guidelines designed to prevent the disclosure of data to unauthorized persons. We monitor their implementation and continuously verify their compliance with the relevant legal instruments, including the Personal Data Protection Act, the Act on the Provision of Electronic Services, as well as all applicable implementing regulations and European Union legislation. We have implemented data encryption and access controls, thereby minimizing the potential consequences of any data security breach.
4.    We respect the right to privacy and ensure the security of data. To this end, we employ, among other measures, a secure communication encryption protocol (SSL) (a so-called "secure connection").
5.    Personal data provided through the forms on the Website and in the application are treated as confidential and are not visible to unauthorized persons.
6.    The Company is also the controller of data pertaining to individuals who have subscribed to the newsletter and to web push notifications and application notifications.
7.    Personal data is processed on the basis of consent given by the User and in cases where legal provisions authorize the Controller to process personal data:
a)    in accordance with applicable data protection regulations.
b)    in accordance with the implemented Privacy Policy.
c)    to the extent and for the purposes necessary to establish, define the terms of an Agreement, amend or terminate it, and to properly perform Services provided by electronic means.
d)    to the extent and for the purposes necessary to fulfill legitimate interests (legally justified purposes), provided that such processing does not infringe upon the rights and freedoms of the data subject.
e)    to the extent and for the purposes consistent with the consent given by the User who has subscribed to the newsletter,
f)    to the extent and for the purposes consistent with the consent given by the User who has subscribed to web push notifications.
8.    The Controller obtains information about users and their behavior in the following ways: 
a)    through information voluntarily entered in the application and in forms,
b)    during the placement of orders within the application,
c)    through the collection of cookie files [see Cookie Policy],
d)    by collecting information related to Users' browsing of the Website and application content through Google Analytics (Google Inc., based in the USA), such as the number and source of visits to a given Website, duration of visit, content viewed, number and type of subpages opened, links used, gender, age, interests, location, mobile device identification data, internet service provider and subscriber details, or computer IP address. The Controller does not link such information with the User's Personal Data and does not use it to identify the User unless it is necessary for the proper provision of the Service. The Controller does not transmit personal data to Google Inc. based in the USA, but only anonymized information,
e)    the Facebook pixel, through which Facebook (Facebook Inc., based in the USA) is able to identify that a person registered on its platform is using the Website or application. In this case, Facebook relies on data for which it is the controller. The Controller does not transmit any additional personal data to Facebook.

The Controller uses the information referred to in Section 8 above exclusively for purposes related to market research and internet traffic analysis within the application, for statistical purposes, in particular for assessing interest in content published within the application, for improving the content of the application and the quality of services provided, and for conducting marketing campaigns.

9.    Due to the necessity of preventing certain functions within the application from being performed by internet bots, we employ the Google reCAPTCHA mechanism to occasionally verify whether the behavior of users of our Website and application does not exhibit characteristics of bot activity. In such circumstances, we may disclose your IP address to Google Inc.
10.    The Controller uses cookies or similar technologies. These files enable the Controller, in particular, to better tailor the application and websites to the individual interests and preferences of the User. Most web browsers allow the deletion of cookies from the computer's hard drive, the blocking of all incoming cookies, or the setting of a warning before a cookie is stored on the drive. To learn more about these functions, please refer to the user manual or help screen of your web browser.
11.    Restricting or blocking the use of cookies may cause difficulties or prevent the use of the Website or application for which such files are essential.
12.    The Controller collects information voluntarily provided by the User that is necessary for the fulfillment of orders placed within the application.
13.    Data provided in forms is processed for the purpose arising from the function of the specific form, for example, to facilitate the handling of informational contact requests.
14.    To the extent justified by a given Service, the Controller may request the User to provide, in particular, the following personal data: first name and surname, address, telephone number, email address, as well as PESEL number (national identification number) and identity document details. The terms and conditions of the Service may specify other Personal Data that the User should provide in order to use the Service.
15.    Personal Data provided through the Website and application will not be sold or disclosed to any entities other than those authorized under applicable law. The Company has the right to disclose the User's personal data and other data to authorized entities:
a)    on the basis of applicable legal provisions (e.g., to law enforcement authorities or organizers of events with an elevated level of risk),
b)    when the User has given consent,
c)    when it is necessary for the provision of the Services.
16.    Only authorized employees of the Controller and entities acting on its behalf have direct access to the personal data collected from Users of the Website and application. They are obligated to keep such data confidential and to prevent unauthorized persons from accessing it.
17.    Every data subject (where the Company is the controller of their data) has, at any time, the right of access to their data, the right to rectification, erasure, or restriction of processing, the right to object, and the right to lodge a complaint with a supervisory authority.
18.    In the event of a change in Personal Data, the User should ensure that their Personal Data is updated on their personalized profile within the application, if applicable.
19.    The erasure of Personal Data may occur as a result of the withdrawal of consent or the submission of a legally permissible objection to the processing of personal data.
20.    Contact with the person responsible for supervising the processing of personal data within the Company is possible electronically via the contact form available at: https://fincerto.com/close_acc.
21.    We reserve the right to process the User's data following the termination of the Agreement or the withdrawal of consent, solely to the extent necessary for the performance of the concluded agreement or for the pursuit of any claims before a court, or where national, European Union, or international law obliges us to retain such data.
22.    The Company reserves the right to amend this privacy policy for the application, which may be influenced by the development of internet technology, potential changes in personal data protection legislation, and the development of our website. The Company shall communicate any changes in a clear and comprehensible manner.
23.    The application may contain links to other websites. Such websites operate independently of Fincerto Sp. z o. o. and are not supervised in any way by Fincerto Sp. z o. o. These websites may have their own privacy policies and terms of use, which we recommend reviewing.
24.    Should you have any questions regarding any provision of this Privacy Policy, we are at your disposal — our contact details can be found at: https://fincerto.com/en/privacy_notification.

Last updated: June 1, 2025