The principles contained in this Policy apply whenever you use our website as well as in any other case when you contact our Company.

OMNIVISER sp. z o.o. declares that both the websites and all tools used by the Company in its ongoing operations are produced and selected with the utmost care, the latest technical knowledge, and principles of professional conduct, and comply with the requirements of applicable laws, particularly those protecting the privacy of individuals, including users of websites, especially:

Regulation EU 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. Official Journal of the EU L. 2016 No. 119/1 The General Data Protection Regulation (GDPR);

· Act of May 10, 2018, on the protection of personal data (Journal of Laws of 2019, item 1781);

· Act of July 18, 2002, on providing services by electronic means (Journal of Laws of 2013, item 1422 with later amendments);

· Act of July 16, 2004, Telecommunications Law (Journal of Laws of 2021, item 576).

I. General Information This policy applies to the service operating at the address: www.omniviser.ai

The operator of the service and the Administrator of personal data is: OMNIVISER sp. z o.o. based in Warsaw, St. Marszałkowska 58, 00-545 Warsaw, registered under National Court Register number 0000935399, NIP number 7011060972, REGON number 520555155, with a share capital of 26,600.00 PLN. Contact regarding privacy or personal data protection: email: info@omniviser.ai

The operator of the service is the Administrator of your personal data concerning the data provided voluntarily in the Service. The Administrator uses personal data for the following purposes:

· conducting a newsletter;

· engaging in online chat conversations;

· handling inquiries through forms;

· presenting offers or commercial information.

The service performs functions of collecting information about users and their behavior in the following ways: through voluntarily entered data in forms, which is then entered into the Operator’s systems; by saving cookies on end devices. Providing personal data is voluntary, but necessary for the operation of the Service.

The Administrator may undertake actions involving automated decision-making, including profiling, in order to provide services under the concluded agreement and for the purpose of conducting direct marketing by the Administrator.

Personal data is not transferred from third countries as defined by data protection regulations. This means that we do not send it outside the territory of the European Union.

The service collects information voluntarily provided by the user, including personal data, if such data is provided.

The service may record information about connection parameters (time stamp, IP address).

In some cases, the service may save information that facilitates linking the data in the form to the email address of the user filling out the form. In such cases, the user’s email address appears within the URL of the page containing the form.

The data provided in the form is processed for the purposes resulting from the specific function of the form, e.g., to handle a service request or business contact, to register services, etc. Each time, the context and description of the form clearly inform users about its purpose.

II. Selected Data Protection Methods Used by the Operator

The login and personal data entry points are protected at the transmission layer SSL certificate). As a result, personal data and login information entered on the site are encrypted on the user’s computer and can only be read on the target server.

Personal data stored in the database is encrypted in such a way that only the Operator possessing the key can read it. This protects the data in case of a database breach from the server.

An essential element of data protection is the regular updating of all software used by the Operator for processing personal data, which particularly means regular updates of software components.

III. Types of Processed Personal Data

The Administrator may process the following personal data:

a) first and last name, residential address, email address, and phone number;

b) demographic data when linked to personal data that allows for user identification;

c) transaction data, including ordered products and services;

d) company data, such as the company name, size, location, and your role in the company;

e) data from surveys and publicly available information, such as posts from social media platforms;

f) unique identifiers, such as mobile device identifiers or cookie identifiers in the browser;

g) IP address and information that can be determined based on the IP address, such as geographical location;

h) information about the device used, such as web browser, device type, operating system, presence or use of “applications,” screen resolution, and preferred language;

i) information about the behavior of the computer connected to the Internet or the device used to access websites, such as ad clicks or impressions, websites and their content, dates and times of activity or searches aimed at locating and visiting websites.

IV. Rights of the Data Subject

In connection with the provided data, you have the following rights:

a) Right of access to data – at any time, you have the right to request information from the Administrator regarding what personal data they hold about you;

b) Right to rectification of data – if your provided data changes, you may inform the Administrator at any time about the need to correct it;

c) Right to erasure of data – if you believe that the Administrator no longer has a purpose for processing your data, you may request its deletion. Please note that if the Administrator fulfills your request for deletion, they will no longer be able to contact you. There are also legally

justified cases where entrusted data cannot be deleted, for example, if the Administrator has not yet completed the process for which the data was provided;

d) Right to restrict processing – if there are grounds specified in Article 18 of the GDPR and you request that the Administrator restrict the processing of your personal data, then as a result, the Administrator will only be able to store your data (possibly use it for the purpose of defending against claims) – they will not be able to use it in any other way until your request is lifted or circumstances arise that lead to the rejection of your request by the Administrator – of which the Administrator will promptly inform you;

e) Right to data portability – you have the right to request that the Administrator transfer your data to another Administrator, such as another company. This right can be exercised when the data is processed based on Article 61a, (b, or Article 92a of the GDPR. Please note that this right can only be exercised if technical conditions allow the Administrator to perform such an operation;

f) Right to object – any person whose data is processed based on Article 61e or (f) has the right to object to the processing of their personal data in connection with their particular situation. In such a case, the Administrator must cease processing the provided data. However, it should be noted that if the interests of the Administrator are justified and take precedence over the rights of the data subject, they may reject the objection and continue processing the data after informing the data subject about such circumstances.

You have the right to lodge a complaint with the President of the Personal Data Protection Office at St. Stawki 2, 00-193 Warsaw regarding actions taken by the Administrator.

V. Data Processing Delegation, Duration of Processing

In certain situations, the Administrator has the right to transfer your personal data to other recipients if it is necessary to fulfill the agreement concluded with you or to meet the obligations imposed on the Administrator. Data may be shared with other entities in order to achieve the purpose for which the data was provided.

Your personal data will be processed by the Administrator no longer than is necessary to perform related activities specified by law (e.g., accounting regulations) or to protect the rights of the Administrator (e.g., regulations concerning the statute of limitations for claims).

VI. Information about Cookies

The service uses cookies. Cookies (so-called “cookies”) are IT data, specifically text files, that are stored on the end device of the Service User and are intended for use on the websites of the Service. Cookies typically contain the name of the website from which they originate, the duration of their storage on the end device, and a unique number.

The entity placing cookies on the end device of the Service user and accessing them is the operator of the Service.

Cookies are used for the following purposes:

a) adjusting the content of the Service’s websites to user preferences and optimizing website usage; in particular, these files allow recognizing the user’s device and appropriately displaying the website tailored to their individual needs;

b) creating statistics that help understand how users of the Service utilize the websites, which enables improving their structure and content;

c) maintaining a user session (after logging in), so that users do not have to re-enter their login and password on every subpage of the Service.

The Service uses two main types of cookies: “session” cookies and “persistent” cookies.

Session cookies are temporary files that are stored on the User’s device until they log out, leave the website, or close the software (web browser). Persistent cookies are stored on the User’s device for a specified period defined in the cookie parameters or until they are deleted by the User.

The following types of cookies are used within the Service:

a) “Essential” cookies that enable the use of services available within the Service, e.g., authentication cookies used for services requiring authentication within the Service;

b) Security cookies, e.g., used to detect authentication abuse within the Service;

c) “Performance” cookies that collect information about how users utilize the Service’s websites;

d) “Functional” cookies that allow for “remembering” user-selected settings and personalizing the user interface, e.g., regarding the selected language or region from which the user originates, font size, website appearance, etc.;

e) “Advertising” cookies that enable delivering advertising content more tailored to users’ interests.

Web browsing software (web browser) typically allows storing cookies on the user’s end device by default. Users of the Service can change their settings in this regard. The web browser allows for deleting cookies. It is also possible to automatically block cookies. Detailed information on this topic can be found in the help or documentation of the web browser.

Limitations on the use of cookies may affect some functionalities available on the Service’s websites.

Cookies placed on the end device of the Service user may also be used by entities cooperating with the operator of the Service, particularly companies such as Google (Alphabet Inc. based in the USA), Facebook (Meta Platforms Inc. based in the USA), and X platform, former Twitter (X Corp. based in the USA).

If a user does not wish to receive cookies, they can change their browser settings. Please note that disabling cookies necessary for authentication processes, security, and maintaining user preferences may hinder, and in extreme cases, prevent access to the websites.

To easily manage cookies, please select your preferred browser and follow the instructions:

VII. Third-Party Cookies Used on OMNIVISER sp. z o.o. Websites

Google Analytics – these cookies analyze website usage by collecting information about how visitors use our site, the type of page from which users were redirected, and the number of user visits and time spent on the page. This information does not record specific personal data of users but serves to develop aggregated usage statistics.

YouTube – videos and links to videos from YouTube are embedded on the websites operated by the operator. As a result, when viewing a page with embedded content from YouTube or provided through links, users may encounter cookies from those services. More information: www.youtube.com.

LinkedIn – various materials and links to materials from LinkedIn are embedded on the websites operated by the operator. As a result, when viewing a page with embedded content from LinkedIn or provided through links, users may encounter cookies from those services. More information: www.linkedin.com.