Gaerio Application Privacy Policy

(GDPR-compliant, B2B)

Effective as of: [insert date]

1. General Information

This Privacy Policy explains how personal data of users of the Gaerio web and mobile application is processed.

The data controller is:

Jakub Szurkowski “K@G Corleone”
ul. Mikołaja Reja 44/9
50-338 Wrocław, Poland
NIP: 8982002452, REGON: 021015519
E-mail: contact@gaerio.com

Gaerio is intended exclusively for business use (B2B). It is not directed at consumers or private individuals acting outside professional activity.

Data is processed in accordance with:

  • the General Data Protection Regulation (EU) 2016/679 (GDPR),
  • the Polish Personal Data Protection Act,
  • laws on electronic service provision.

2. Scope of Processed Data

The Application processes only the data necessary for its operation, including:

2.1. User identification data

  • e-mail address,
  • username (any chosen string; may but does not have to contain real first/last name),
  • user role (DEV, REP, ADMIN, SUSER, USER).

2.2. Organizational data

  • company/organization name,
  • organization identifier in the system.

2.3. Operational data

  • equipment information added by the Organization,
  • equipment assignment to categories and subcategories,
  • executed checklists and inspections,
  • text entries, comments, notes,
  • timestamps of performed checklists,
  • answer statuses.

2.4. Multimedia data

  • photos uploaded during inspections/checklist execution.

2.5. Technical data

Automatically collected technical information:

  • IP address,
  • device identifiers,
  • browser/system type,
  • server logs (Supabase).

3. Data Sources

Data is obtained from:

  • Users themselves,
  • Organizations that create user accounts,
  • Automatically generated system logs.

4. Purposes and Legal Bases of Processing

Personal data is processed for the following purposes:

4.1. Use of the Application and contract performance (Art. 6(1)(b) GDPR)

  • account creation and management,
  • organization management,
  • execution and archiving of checklists,
  • processing photos and equipment data.

4.2. Security and fraud prevention (Art. 6(1)(f) GDPR)

  • monitoring user actions,
  • preventing unauthorized access,
  • ensuring system integrity.

4.3. Technical maintenance and support (Art. 6(1)(f) GDPR)

  • infrastructure operation,
  • troubleshooting,
  • updates and improvements.

4.4. Accounting and legal obligations (Art. 6(1)(c) GDPR)

  • storing documentation required by law (for organizations with service agreements).

5. Data Recipients

Personal data may be shared with:

  • The Organization to which the user belongs — according to assigned roles.
  • Processors under data processing agreements, including:
    • Supabase (hosting, database, authentication),
    • e-mail service providers.
  • Authorized authorities — only when required by law.

The data is not sold or shared with unauthorized third parties.

6. Data Retention

Data is stored:

  • as long as the Organization uses the Application,
  • afterwards — for the period required by law (e.g., accounting),
  • operational data (equipment history, checklist records) may be stored longer based on the Organization’s legitimate interest.

The Organization may request deletion of data after termination of cooperation.

7. User Rights

Under GDPR, Users have the right to:

  • access their data,
  • rectify data,
  • delete data (where compatible with the Organization’s requirements),
  • restrict processing,
  • data portability,
  • object (in justified cases),
  • lodge a complaint with a supervisory authority (Polish DPA — UODO).

Because Gaerio operates in a B2B model, these rights are exercised through the Organization, not directly with the Operator.

8. International Data Transfer

Data may be processed by Supabase, which may use servers outside the EU.

In such cases, the Operator ensures GDPR-compliant safeguards, including:

  • Standard Contractual Clauses (SCC),
  • technical and organizational measures required by EU law.

9. Data Security

The Operator applies industry-standard security measures, including:

  • encrypted connections (HTTPS),
  • role-based access control,
  • activity logs,
  • data backups,
  • regular system updates.

10. Cookies

The Application may use strictly technical cookies required for:

  • user session maintenance,
  • correct functioning of the interface.

The Application does not use marketing or tracking cookies.

11. Contact for Data Protection Matters

For inquiries regarding personal data:

E-mail: contact@gaerio.com
Data Controller: Jakub Szurkowski “K@G Corleone”

12. Changes to this Privacy Policy

The Operator may update this Privacy Policy due to:

  • changes in Application functionality,
  • changes in legal requirements,
  • security updates.

Organizations will be informed of any material changes.