Skip to main content

PRIVACY POLICY Vasco Connect

This Policy explains how Vasco Electronics ("Vasco” or the "Controller”) processes data of individuals or entities using the Vasco Connect Application ("you or your”).

Personal data means any information in electronic or other form that, alone or in combination, can be used to identify an individual, or enables such identification.

Some data processed in the Application are not considered personal data, as they can not be used to identify you (general data). Vasco collects statistical data to understand how users use its products and services. This allows us to improve our services to better meet your requirements.

Capitalized terms have the meaning as defined in the Vasco Connect Terms and Conditions available at https://vasco-electronics.co.uk/terms-and-conditions-vasco-connect.

  1. The Controller's information and contact details, including the Controller's representative contact details

    The Data Controller is Vasco Electronics S.A., with its registered office in Cracow, Al. 29 Listopada 20, 31-401 Cracow, NIP 6772369151, hereinafter referred to as “Vasco”.

  2. egories of data processed in the Application

    Vasco collects users' data including data related to the use of the Application and the Services of the Controller and it’s affiliates or subsidiaries. At the same time, Vasco Electronics shall not be responsible for the correctness or legality of the data content entered through the use of the Application. The aforementioned information constitutes the following categories of personal data:

    1. Information on the use of the Application. Such data as access time, access count, IP address and information on events (such as errors, crashes, restarts and upgrades to new versions) and other diagnostic, technical, error and usage information, such as the time and duration of use of the Services.
    2. Your Identification Data. The Application allows an external device (translator handset) to be connected to your mobile device, so that you can communicate and exchange information with others. Thus, Vasco may obtain your data such as your name, email, username and other personal data included in communications or used for validation by third parties. In addition, in order to use Vasco Audience mode, you must register your account or authorize account login using your Google or Apple account. For this purpose, Vasco may process your identification data such as name, family name, user ID, email address, profile picture. To use Vasco Audience Premium, you must contact Vasco so that Vasco can prepare a customized offer. For this purpose, Vasco may process your data such as your name, e-mail address and telephone number.
    3. Data included in communications. Data obtained in this way through your use of the Application may include information about you and third parties. If you provide third party data in this way, you declare to have obtained their consent to provide such data, including personal data, and duly informed them in this regard, as required by generally applicable laws (e.g. GDPR).
  3. Purposes and legal basis for personal data processing

    The Application may use your personal data based on their category for the purposes described below:

    1. Purpose - technical support, analytics. For the Personal Data Categories as indicated in Part II, items 1-3;
      1. Provide technical support
      2. Provide application updates and notifications of software installations
      3. Conduct internal audits, data analysis and research
      4. Analyze business performance and measure market share, in order to improve Vasco products and services
      5. Synchronize, share and store data uploaded or downloaded by you and data necessary to upload or download data
      6. Collect analytical data in order to increase the accuracy of translations and to tailor the services to your needs

      We process the above data in order to fulfill our obligations to you, and in particular to properly provide the Service (GDPR Art. 6(1)(b)), and because we have legitimate interests in developing and enhancing the security of our services (GDPR Art. 6(1)(f)).

    2. Purpose - conclusion of the Agreement. For the Personal Data Category as indicated in Part II, item 2:
      1. Conclude the Service Provision Agreement with you
      2. Provide Customer Service
      3. Conduct accounting and legal processes

      We process the above data in order to fulfill our obligations to you, and in particular to properly provide the Service (GDPR Art. 6(1)(b)), and because we have legitimate interests in maintain a legal relationship with you (GDPR Art. 6(1)(f)). The aforementioned data, if provided by you, may also be used upon your consent (GDPR Art. 6(1)(a)). The aforementioned data may also be processed to ensure compliance with the law and to comply with legal procedures, including for protection of the Controller's or your interests, as well as for accounting purposes (GDPR Art. 6(1)(c)).

    3. Purpose - Service Provision - performing translations and communications. For the Personal Data Category as indicated in Part II, items 1-3:
      1. Provide the Controller services and/or third party services, and in particular, provide translations
      2. Provide all functionalities of the Application
      3. Prevent losses and fraud
      4. Protect the legal interest of the Controller and/or of you
      5. Fulfill the Controller’s legal obligations

      We process the above data in order to fulfill our obligations to you, and in particular to properly provide the Service (GDPR Art. 6(1)(b)), and because we have legitimate interests in developing and enhancing the security of our services (GDPR Art. 6(1)(f)). The aforementioned data, if provided by you, may also be used upon your consent (GDPR Art. 6(1)(a)). The aforementioned data may also be processed to ensure compliance with the law and to comply with legal procedures, including for protection of the Controller's or your interests (GDPR Art. 6(1)(c)).

    4. Purpose - Registration and operation of your account and access to Vasco Audience mode. For the Personal Data Category as indicated in Part II, items 1-2:
      1. Register and operate your account in order for you to use the Vasco Audience mode
      2. Allow you to log in to your account via Google or Apple so that you can use the Vasco Audience mode
      3. Enable you access to the one-to-many or several-to-many communication service

      Personal data processing is necessary to create your account in the Application or to authorize your account through your Google or Apple account - if you choose so. The legal basis for data processing is to perform the Service Provision Agreement and to provide you with access to the Vasco Audience mode (GDPR Art. 6(1)(b)).

    5. Purpose - Handling Vasco Audience Premium inquiries and preparing a customized offer. For the Personal Data Category as indicated in Part II, item 2:
      1. Comprehensively handle your inquiries regarding Vasco Audience Premium
      2. Obtain from you the information necessary to prepare and provide you with a customized Vasco Audience Premium offer

      The legal basis for the processing of personal data for the purpose of handling Vasco Audience Premium inquiries and preparing a customized offer is the necessity to take action at the data subject’s request prior to entering into an agreement (GDPR Art. 6(1)(b)).

    6. Purpose — Marketing. For the Personal Data Category as indicated in Part II, items 1-2:
      1. Provide advertising and marketing services
      2. Conduct promotional activities and discount campaigns
      3. Send commercial information, offers, price lists and the Controller’s services

      We process the above data, if provided by you, with your consent (GDPR Art. 6(1)(a)). The data may be processed for the aforementioned display purposes also based on legitimate interests (GDPR Art. 6(1)(f)).

  4. Information on personal data recipients or categories of recipients, if any

    We do not share personal information with other entities or individuals except as described below:

    1. Sharing with consent: upon receiving consent to share personal data, Vasco will share with certain other companies or other company categories the information to which the consent relates.
    2. Sharing personal information under applicable law: we may share information to the extent required by applicable law for the purposes of resolving legal disputes or at the request of governmental and law enforcement authorities, in accordance with applicable law.
    3. Sharing personal data with affiliates: information about you may be shared with affiliates (employees, associates) only for clearly described and lawful purposes, and such sharing is limited to information required in connection with specific services, e.g. to provide Services to you.
    4. Sharing with business partners: The Services may be provided to you directly or indirectly, through our partners, who provide some of our Services. Vasco may share your data with such partners, and they may use the data to perform translations and deliver them to you.
    5. Sharing with service providers: we may also share your data with companies that provide us with services related to the company's day-to-day operations. Examples of such service providers include companies, consultants, accountants, lawyers, developers, etc.

    We ensure the legality of data sharing and sign strict confidentiality agreements or data processing clauses with companies, organizations and individuals with whom we share personal data, ensuring that both parties comply with the provisions of this Declaration and take appropriate measures to ensure confidentiality and security during data processing.

    In the course of communication through the Application, you may also yourself share your personal data or the personal data of third parties with other entities. In this regard, the Controller’s responsibility is limited only to the processing of such data in the course of translation. Due to the technological process of translation, we do not recommend including in the communications content that may contain personal information about you or other third parties. If you enter such data, you understand the scope and purposes of their processing, and with regard to third-party data, you declare that you have legally required consents to share and further process such data.

    The application may contain links to third-party websites, products and services. All links to third-party websites, products and services are provided solely for your convenience. You must determine yourself how to use them. Before giving your personal information to other companies read their privacy policies.

  5. Information about the intention to transfer personal data to a third country or international organization

    Some of our service providers (translation engines) are based outside the European Economic Area, but due to the nature of the services and their global scope, they apply the highest world-class standards. Working with all the service providers, we ensure legality of data sharing and sign strict non-disclosure agreements or data processing clauses, ensuring that both parties to the agreement adhere to appropriate standards. The above applies to Google, Meta, Rollbar group companies.

  6. Information on appropriate safeguards

    Vasco takes the following measures to protect the data and prevent unauthorized access to it or its disclosure, use, modification, damage or loss:

    1. We take reasonable and feasible measures to collect only the minimum amount of personal data as appropriate and necessary for the purposes for which it is processed. We will retain your personal information only for as long as necessary for the purposes stated in this Policy, unless an extension of the retention period is required or permitted by law.
    2. We use a range of technologies, such as cryptographic techniques, to ensure confidentiality of the data in transit. We implement proven security mechanisms to protect data and servers storing them from attacks.
    3. We use access control mechanisms to ensure that only authorized employees have access to personal data. In addition, we restrict the number of authorized employees and apply hierarchical permission management to them, based on the employee position and level requirements.
    4. We carefully select business partners and service providers and incorporate data protection requirements into business contracts, audits and evaluation activities.
    5. We organize security and privacy training, testing and awareness activities to raise awareness of data protection among our employees.

    Despite the high level of care taken to protect personal information, no security measures are perfect and no products, services, websites, data transmissions, computer systems or network connections are 100% secure.

  7. ata retention period or, if not available, the period determination criteria

    We process the data for the period of time necessary for the service provision and the Application use and, as necessary to secure claims related to the performance of our obligations. Personal data processed in order to conclude or perform an agreement and fulfill the Controller's legal obligations, i.e. pursuant to the GDPR Art. 6(1)(b) and (c), will be kept for the duration of the agreement, and thereafter for the period necessary for the following:

    1. To provide after-sales service (e.g., handling of complaints) - the warranty period - 2 to 3 years, depending on your country of origin and local law
    2. To secure or assert any legal claims to which the Controller or you might be entitled (for a period of 3 years /businesses/ or 6 years /consumers/ from the Agreement completion date - until the end of the calendar year)
    3. To fulfill the Controller's legal obligations (e.g. under tax or accounting law)
    4. For statistical and archival purposes - to a limited extent, with data minimization.

    Personal data processed on the basis of legitimate interest, i.e. on the basis of the GDPR Art. 6(1)(f), will be processed until the data subject raises an objection, unless the Controller is able to find a lawful justification for the process.

    Personal data processed based on a separate consent will be kept until the consent is withdrawn.

    For the purpose of transparency and accountability, i.e. to prove compliance with the regulations on the processing of personal data, the Controller will keep the data for the period of time necessary for the Controller to document compliance with legal requirements and enable public authorities to monitor compliance.

  8. Children data

    The application is designed for adults. If children's personal information is collected based on the consent of persons with parental authority, we use or disclose this information only in a manner consistent with the law, expressly authorized by persons with parental authority, or necessary to protect children's rights and freedoms. Persons with parental authority who would like to access, modify or delete the personal data of their children or persons under their legal custody may contact us through the contact information provided in this Policy or on our website.

    If we become aware of the processing of children's personal data without consent of those who can prove parental authority, we will delete the data immediately.

  9. Information on the right to request access to, rectification, erasure or restriction of processing of personal data concerning the data subject, or the right to object to processing, as well as the right to transfer data

    You have the right to access the content of the data, to request data rectification, deletion, restriction of processing, to transfer data and to object to the processing of the data.

    You may submit a request for the exercise of these rights:

    1. to the email address gdpr@vasco-electronics.com
    2. by mail to the address - Al. 29 Listopada 20, 31-401 Cracow, Poland

    In you request, please provide information that will allow us to uniquely identify you.

    You can update your personal data directly in the Application, but this does not affect the legality of data processing.

    There are certain circumstances in which the Controller is not obliged to comply with your request. The Controller should delete the data on your request only if:

    1. personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
    2. the data subject has withdrawn the consent on which the processing is based in accordance with GDPR Art. 6(1)(a) or Art. 9(2)(a), and there is no other legal basis for the processing;
    3. the data subject objects under GDPR Art. 21(1) to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects under GDPR Art. 21(2) to the processing;
    4. personal data were processed illegally;
    5. personal data must be deleted in order to comply with a legal obligation under Union or Member State law governing the Controller;

    It may turn out that, despite the grounds for deletion of personal data in accordance with the data subject's request, further processing of the data to some extent is necessary to achieve the purposes that justify the refusal to delete the data. These include cases where the data is needed for the following:

    1. To exercise the right to freedom of speech and information
    2. To comply with a legal obligation requiring processing under Union law or the Member State law governing the Controller, or to perform a specific task in the public interest or to exercise public authority vested in the Controller
    3. For reasons of public interest in the field of public health in accordance with GDPR Art. 9(2)(h) and (i) Art. 9(3)
    4. To establish, assert or defend claims
  10. Information on the right to lodge a complaint with the regulatory authority

    If the processing of data is deemed to be unlawful, you have the right to lodge a complaint with the regulatory authority in charge of personal data protection, i.e. the Chairman of the Personal Data Protection Office (contact details of the Office are available at https://uodo.gov.pl/p/kontakt).

  11. Privacy Policy Amendments

    In order to update the information contained in this Privacy Policy and its compliance with applicable laws, this Privacy Policy is subject to change. You will be notified of any change in the Policy through a notice posted in the Application or on the Controller's website. In order to inquire about how to protect personal data, the Controller recommends you regularly read this Privacy Policy.