Regulations of Taxxo Platform
Valid from 24 May 2018, GDPR Compliant
1. General provisions
1.1. These regulations, hereinafter referred to as “Regulations”, govern the provision of and accessing services provided by electronic means through Taxxo Platform accessible athttps://taxxo.app, in accordance with the Act of 18 July 2002 on the Provision of Services by Electronic Means (consolidated text JL of 2016, item 1030, as amended).
1.2. The entity providing the services referred to in subsection 1.1 above is Columb Technologies S.A. with its registered office in Wroclaw at ul. Lubinowa 1F/7, 52-210 Wroclaw, Poland, entered in the register of entrepreneurs of the National Court Register kept by Wrocław-Fabryczna District Court in Wroclaw, VI Economic Division of the National Court Register under the number 0000309854, with the following tax identification number NIP 8992630753 and the statistical number REGON 020664931, with an initial capital in the amount of PLN 2,266,300 (paid-up in full).
2. Definitions:
Whenever Regulations refer to:
a) Contract – means a contract for the provision of Services concluded between Operator and User by User’s intent to use Taxxo Platform on the web page of Taxxo Platform or Operator’s web page expressed at the first login or through User’s written order.
b) Regulations – means these regulations constituting an annex to Contract and being its integral part. Regulations are made available by Operator free of charge prior to the conclusion of Contract, and also, on Operator’s request, in a manner enabling retrieving, reproducing and fixing the content of Regulations by means of the IT system operated by User.
c) Taxxo Platform – means the Taxxo Internet platform which enables User to use online services of and/or cooperate with his/her/its Partner Firm.
d) Operator – means the service providing entity referred to in subsection 1.2. above, i.e. Columb Technologies S.A. with its registered office in Wrocław.
e) User – means a user of Taxxo Platform being a sole trader, legal person or organisational unit without legal personality, set up in accordance with the applicable provisions of law, using Taxxo Platform in his/her/its own name or through persons who have been duly authorised to do so, or through Partner Firm.
f) User’s Account (Account) – means an allocated part of database within Taxxo Platform where User’s data are kept. In case of doubts, more than one User can be assigned to one account.
g) Partner Firm – means an accounting firm with which User has concluded a separate contract for the provision of financial and accounting services, and which processes the financial data of User’s business.
h) Services/Service – means the services provided by Operator and external firms cooperating with Operator through Taxxo Platform.
i) Price List – means information on the conditions of and fees for specific Services of Taxxo Platform specified by Operator, published in Taxxo Platform or at https://taxxo.app or on the web page of a particular Service; changes to Price List are not tantamount to changes to Regulations.
j) Management Board of the Company (Board) – means persons authorised to represent the company according to the current company entry accessible at https://ekrs.ms.gov.pl/ under the number 0000309854.
3. The range of Services provided by Taxxo Platform
3.1. Operator provides, through Taxxo Platform, services within the scope of sharing, generating, processing and storing User’s documents and data in relation to User’s business. The services include in particular:
a) storing and sharing electronic documents uploaded by User and/or his/her/its Partner Firm;
b) reading data from scanned invoices;
c) accessing an invoicing and cash system;
d) accessing data and accounting reports online, processed by User’s Partner Firm;
e) accessing information on taxes and social insurance (ZUS) contributions calculated by Partner Firm;
f) accessing instruments of bilateral communication between User and Partner Firm;
g) accessing other instruments and services, including those offered by Operator and its partners, which render running of User’s business more efficient.
3.2. Services in Taxxo Platform are activated and deactivated by:
a) authorised User – using the functions of Taxxo Platform or by means of electronic communication with Operator;
b) User’s Partner Firm.
3.3. Different Services may have different activation periods.
3.4. Certain Services (among others sharing accounting reports online on the basis of the bookkeeping system of an accounting firm or tax notifications) may require additional actions which are performed by Partner Firm, but not provided by Operator.
3.5. The range of Services accessible in Taxxo Platform is made available to User “as is” at the moment of logging in to Taxxo Platform. Operator reserves the right to change the functionality of Taxxo Platform and introduce new functions and improvements for its customers, as well as change the existing functions at any time.
4. Access to Taxxo Platform and User registration
4.1. Operator provides services through Taxxo Platform via the Internet.
4.2. User may use all Services of Taxxo Platform by means of a computer connected to the Internet through one of the following web browsers: Internet Explorer, Microsoft Edge, Google Chrome or Mozilla FireFox in their up-to-date version. Using other browsers is under User’s responsibility.
4.3. Opening and activation of User’s Account in Taxxo Platform may be made by:
a) User;
b) User’s Partner Firm;
c) Operator on User’s or Partner Firm’s request.
4.4. Before opening Account, User is obliged to:
a) read through Regulations and Price List;
b) accept Regulations and Price List;
c) fill in the registration form together with providing necessary data of User, persons who have been duly authorised by User, or User’s Partner Firm.
4.5. After performing the actions referred to in subsection 4.3 above, User will receive, at the email address provided by him/her/it, a confirmation of the registration in the form of an automatically generated email message containing a link for setting a password.
4.6. After receiving the link referred to in subsection 4.5 above, User is obliged to confirm the activation by clicking on the link received or entering it in the browser’s address bar, and set a new password to Taxxo Platform, created by and known only to User.
4.7. The password must be secret and may not be revealed by User to other persons. Operator is not liable for any damage caused by User’s failure to properly secure the password.
4.8. As a result of the correct activation of the account, Operator creates User’s Account which is assigned to the email address provided in the registration form.
4.9. User is obliged to use real data in the manner compatible with the legal regulations applicable in this respect and non-violating third party rights. By accepting these Regulations, User becomes aware that providing any illegal content is prohibited.
4.10. Operator may make the registration or using Services of Taxxo Platform conditional on User authenticating his/her/its data, or on carrying out verification of User’s data. However, this does not exclude User’s liability for using real data, who is solely liable for any damage resulting from using false data or information. Where positive verification of the data provided by User is not possible, Operator is entitled to delete Account.
4.11. In the event of detecting incorrectness of or changes in User’s data (such as the name, address of the registered office, NIP number, email address or telephone number), User is obliged to introduce modifications to his/her/its user profile without delay.
4.12. Operator reserves the right to temporarily disable User’s account or deny access to certain Services in the event it is found out that there is a threat to the security of the account. Operator may make further use of Account by User conditional on changing the password to that Account. After changing the password, User immediately regains access to Account.
4.13. Operator is not liable for User or Partner Firm giving access to Taxxo Platform to third parties.
4.14. In the event of losing the password, User has access to the “I forgot my password” function of Taxxo Platform. In the situation referred to in the previous sentence, User is obliged to follow the instructions displayed in Taxxo Platform.
4.15. Sharing User’s financial and accounting data by User through Taxxo Platform is conditional on making these data available by User’s Partner Firm or by User.
4.16. Every time these Regulations are accepted, persons concluding Contract represent that they are authorised to sign and make declarations of intent on behalf of User whom they represent, and that that authorisation is valid and did not expire on the Contract conclusion day.
5. Period of the provision of Services
5.1. The starting date of the provision of Services by Operator is the day of User’s first correct login to Taxxo Platform (Electronic Activation of Service) or the day of submitting a written order for Service (Written Order for Service). The starting date of the provision of Services by Operator is tantamount to the Contract conclusion day.
5.2. In case of the Electronic Activation of Service, User may gain free of charge (test) access to certain Services (test modules) of Taxxo Platform for 30 calendar days commencing on the Electronic Activation of Service day. In consideration of the gratuitous (test) nature of Service, Operator’s liability towards User is excluded in this period.
5.3. The period of the free of charge (test) use of Taxxo Platform is intended for User to:
a) thoroughly check the functionality and capabilities of Taxxo Platform Services;
b) learn all its functions in order to use these Services in a proficient manner in a later (paid) period of use;
c) make a well-informed choice of purchasing Taxxo Platform Services for a later (paid) period of use.
5.4. Subject to the mandatory provisions of law, in the free of charge (test) period of using Taxxo Platform Services, in consideration of the gratuitous nature of Operator’s performance, any Operator’s liability towards User with regard to using Taxxo Platform is excluded.
5.5. At the end of the free of charge period of using Taxxo Platform Services (test module), Operator will send User a message by electronic means containing the information on the terms and conditions for further use, including the requirement to pay a fee for Service.
5.6. The fee for Service may be paid directly by User or through Partner Firm which pays for selected Services on behalf of a specific User (under separate arrangements between Operator and Partner Firm).
5.7. In the case of the Electronic Activation of Service, paying the fees for the access to Taxxo Platform for subsequent periods is the basis for the continuation of the provision of paid Taxxo Platform Services for the period for which the fee was paid.
5.8. In the case of the Written Order for Service, the period of Service is included in the order document.
6. Termination of Contract
6.1. Contract may be terminated in the following events:
a) upon agreement between the parties;
b) in case of the Electronic Activation of Service – User’s failure to pay the fee within the time limit set by Operator;
c) User’s legal personality ceasing to exist;
d) User’s serious infringement of these Regulations;
e) termination or expiration of a contract concluded between User’s Partner Firm and Operator in a situation where User fails to transfer his/her/its account to another Partner Firm or to switch his/her/its account to a “no accounting firm” mode within 30 days of the occurrence of that event;
f) termination of the contract by User – by making a relevant electronic resignation in Taxxo Platform, or by sending an email message entitled “Resignation from Taxxo Platform” tohelp@taxxo.app, provided that the message has been sent from the email address registered in Taxxo Platform; in this event, the contract expires at the end of the last settlement period paid. In the case of the Written Order for Service, in a written form sent to the address of Operator’s registered office;
g) termination of the contract by Operator – by sending User a message to one of the email addresses registered in Taxxo Platform; in this event the contract expires at the end of the last settlement period paid or after 30 days of the termination day, depending on which is earlier; at the same time Operator reimburses User for paid but unused settlement periods.
7. Fee for Service
7.1. Using Services of Taxxo Platform is:
a) free of charge – in case of the basic / simplified version of Services;
b) paid – for the full / extended version of Services, as per the price list accessible at https://taxxo.app or in Taxxo Platform.
7.2. In order to use the paid version of Services, it needs to be ordered by User or Partner Firm on User’s behalf. The order for Service may be placed in the form of the Electronic Activation of Service in Taxxo Platform, or through a Written Order for Service, or by Partner Firm ordering a relevant Partnership Package.
7.3. The fee for Service is paid by User or by User’s Partner Firm, depending on individual arrangements between the parties.
7.4. After ordering and paying for Service, Operator, within 7 days after receiving the payment, will send User a VAT invoice, by electronic means, to the email address provided by User at the registration.
7.5. The paid version of Service is activated for the period as specified in the order. After the end of this period, User may extend the use of Service by paying a fee for another period. Where the fee has not been paid, Service is switched to the simplified version (if available for a particular service) or disabled.
7.6. User may resign from Service at any time with effect at the end of a calendar month or in accordance with the principles specified in the price list (if specified).
8. Complaints
8.1. Operator makes every effort to ensure the highest quality of Services offered through Taxxo Platform.
8.2. Written complaints should be sent to Operator’s delivery address or in electronic form to help@taxxo.app.
8.3. The following elements should be included in the complaints:
a) User’s data: first name and surname, login, business name, NIP number, or another number enabling the entrepreneur’s identification;
b) the type of Service complained about;
c) a detailed description of the reservations and remarks reported, including the date of the occurrence of the problem, the location in the system where the problem occurred, the sequence of activities carried out before the occurrence of the problem, and the message shown by the system (if applicable).
8.4. The complaints will be investigated at the latest within 21 days after User lodges them, unless the information or data provided therein need to be supplemented. In this case, Operator will call upon User, via User’s email address, to remove the formal defects of the complaint. In the situation referred to in the previous sentence, the time limit for the investigation of the complaint will start running on the day of Operator receiving the supplemented complaint.
8.5. In the event that the investigation of the complaint within the time limit referred to in subsection 8.4 above is impossible, then Operator will notify User of this in writing, stating the reason for extending the time limit and setting a foreseeable time limit for providing a response.
8.6. Operator may refuse to investigate complaints lodged after the lapse of 90 days of the reasons for the complaint appearing.
8.7. All the events and situations which exclude Operator’s liability under these Regulations are excluded from the right of complaint.
9. Policy of privacy and security of personal data processing
9.1. Operator ensures that information containing a trade secret of an enterprise within the meaning of Article 11(4) of the Act of 16 April 1993 on Combatting Unfair Competition (consolidated text JL of 2018, item 419, as amended), including technical, technological and organisational information of an enterprise, and other information of economic value which are not disclosed to the public are collected and processed by Operator solely for the purposes specified in these Regulations.
9.2. Operator ensures that confidential information will be kept secret and will not be disclosed to third parties without User’s consent, excluding Operator’s employees, associates and subcontractors, and situations when disclosure of confidential information is necessary on the grounds of legal regulations, a court judgment, a final decision of a competent authority, or on request of competent authorities or agencies.
9.3. Operator represents that it has taken all necessary steps for the protection of User’s personal data entered to and processed in Taxxo Platform, including in particular:
a) it has implemented technical and organisational measures so that the processing is in compliance with Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and of the free movement of such data, and repealing Directive 95/46/EC (OJ L No. 119, p.1, as amended), hereinafter referred to as “Regulation”, including in particular:
i) the security policy of the processing of personal data;
ii) encryption of personal data;
iii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services,
iv) the ability to restore the availability and access to personal data in a timely manner in the event of a physical and technical incident;
v) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing;
b) ensures that the settings which protect privacy are enabled by default;
c) in the course of the development and maintenance of Taxxo Platform, only high-quality and proven solutions and technologies are adopted;
d) the places where the technical equipment of Taxxo Platform is stored are monitored and secured with an alarm system and are equipped with properly calibrated air-conditioning systems;
e) Taxxo Platform is secured against data loss caused by a power failure or power supply interference by using emergency power sources and making back-up copies of datasets and the software used for data processing;
f) Taxxo Platform is protected against risks coming from public network by implementing physical and logical security mechanisms against unauthorised access;
g) Taxxo Platform adopts mechanisms of access to information control with the use of a separate user ID for every User of the system; access to the data is only possible after entering the correct user ID and completing the authentication process by entering the correct password;
h) User’s password must be comprised of at least 8 characters, contain small and capital letters, as well as digits or special characters. In addition, the password may not be identical to the user ID;
i) the ID of User who has lost authorisation may not be handed over to another person,
10. Personal data processing for the purposes of conclusion and execution of the contract for the provision of Services through Taxxo Platform which User is a party to
10.1. In order to ensure the compliance of the processing of User’s personal data with the provisions of Regulation, Operator notifies User of the principles governing the processing of User’s data for the purposes of conclusion and execution of the contract for the provision of Services through Taxxo Platform which User is a party to, in accordance with the following information clause:
a) the controller of User’s personal data is Columb Technologies S.A. with its registered office in Wrocław, ul. Łubinowa 1F/7, 52-210 Wrocław, tel. 71 716 66 67, hereinafter also referred to as Controller, represented by Management Board of the Company;
b) User’s personal data are processed for the purposes of conclusion and execution of the contract for the provision of Services through Taxxo Platform concluded between Operator and User, including within the scope necessary to settle and pursue claims the payments for Service;
c) the grounds for the processing of User’s personal data is Article 6(1)(b) of Regulation;
d) the recipients of User’s personal data will be authorised employees and associates of Controller as well as entities providing IT services and supplying IT equipment and technology for the purposes of the provision of Services by Controller;
e) since Operator uses external IT systems, User’s personal data will be kept also on servers located outside the EU; User has the right to access the data referred to hereinabove on general terms, i.e. through contact with Controller; the systems used on the servers outside the EU include among others:
· the emailing system of Sendgrid – Sendgrid belongs to the US Privacy Shield framework which confirms this company’s compliance with the European requirements within the area of secure data processing;
· the analytical system of Google Analytics – Google belongs to the US Privacy Shield framework which confirms this company’s compliance with the European requirements within the area of secure data processing;
· the VOIP system of Plivo – Plivo fulfils the European requirements within the area of secure data processing;
f) User’s personal data will be kept until claims which can be raised by and against Controller are barred by the statute of limitation;
g) within the scope of and under the rules specified in Regulation, User has the right to access his/her data, as well as the right to have the data rectified and erased, right to restriction of processing, right to data portability and right to object;
h) User has the right to file a complaint with the President of the Personal Data Protection Authority;
i) providing User’s personal data is necessary for conclusion of the contract, which means that the refusal to provide personal data will be tantamount to voluntary resignation from the conclusion of the contract;
j) the processing of User’s personal data may be carried out by automated means, including profiling; Operator may make use of such processing to create dedicated offers for Users which are adjusted to their business and role to the highest possible extent; the effect of such processing will be the possibility to accept the dedicated offer, which may be unavailable to other Users.
10.2. The content of the information clause referred to in subsection 10.1. above is presented to User for reading through it at the stage of the acceptance of these Regulations, what User confirms by accepting the declaration of reading through the content of the information clause concerning personal data processing for the purposes of conclusion and execution of the contract for the provision of Services through Taxxo Platform.
11. User’s personal data processing for marketing purposes
11.1. Notwithstanding the above, Operator asks User to give consent to the processing of his/her personal data for marketing purposes, including for the purposes of market research or a study of customer behaviour and preferences; the outcomes of the same will be used to enhance the quality of Services provided by Operator, and introduce and recommend new services to Users. The consent is voluntary and may be withdrawn by User at any time without User bearing any negative consequences.
11.2. In order to ensure the compliance of the processing of User’s personal data with the provisions of Regulation, with asking User to give consent to process his/her personal data for marketing purposes, Operator informs User of the rules governing the processing of his/her personal data in accordance with the following information clause:
a) the controller of User’s personal data is Columb Technologies S.A. with its registered office in Wrocław, ul. Łubinowa 1F/7, 52-210 Wrocław, tel. 71 716 66 67, hereinafter also referred to as Controller, represented by Management Board of the Company;
b) User’s personal data are processed for marketing purposes, including for the purposes of market research or a study of customer behaviour and preferences; the outcomes of the same will be used to enhance the quality of Services provided by Operator, and introduce and recommend new services to Users;
c) the grounds for the processing of User’s personal data is Article 6(1)(a) of Regulation;
d) the recipients of User’s personal data will be authorised employees and associates of Controller as well as entities providing IT services and supplying IT equipment and technology for the purposes of the provision of Services by Controller;
e) since Operator uses external IT systems, User’s personal data will be kept also on servers located outside the EU; User has the right to access the data referred to hereinabove on general terms, i.e. through contact with Controller; the systems used on the servers outside the EU include among others:
• the emailing system of Sendgrid – Sendgrid belongs to the US Privacy Shield framework which confirms this company’s compliance with the European requirements within the area of secure data processing;
• the analytical system of Google Analytics – Google belongs to the US Privacy Shield framework which confirms this company’s compliance with the European requirements within the area of secure data processing;
• the VOIP system of Plivo – Plivo fulfils the European requirements within the area of secure data processing;
f) User’s personal data will be kept until his/her withdrawal of the consent to process personal data for marketing purposes;
g) within the scope of and under the rules specified in Regulation, User has the right to access his/her data, as well as the right to have the data rectified and erased, right to restriction of processing, right to data portability and right to object;
h) User has the right to withdraw his/her consent to process his/her personal data at any time, without effect of the processing which has been carried out under the consent prior to its withdrawal being in compliance with the law, through contact with Controller;
i) User has the right to file a complaint with the President of the Personal Data Protection Authority;
j) providing User’s personal data does not arise out of a legal obligation and is voluntary;
k) the processing of User’s personal data may be carried out by automated means, including profiling. Operator may make use of such processing to create dedicated offers for Users, which are adjusted to their business and role to the highest possible extent; the effect of such processing will be the possibility to accept the dedicated offer, which may be unavailable to other Users.
11.3. If the User consents to the processing of his/her personal data for marketing purposes, he/she confirms the consent by accepting the declaration on giving consent to the processing of personal data for marketing purposes.
11.4. The content of the information clause referred to in subsection 11.2. above is presented to User for reading through it prior to giving the consent to process his/her personal data for marketing purposes, what User confirms by accepting the declaration of reading through the content of the information clause concerning personal data processing for marketing purposes.
12. Personal data processing on User’s behalf
12.1. Where the provision of Services through Taxxo Platform entails the necessity to provide Operator with personal data of third parties for processing the data on User’s behalf, the conclusion of the contract for the provision of Services through Taxxo platform will be tantamount to the conclusion of a contract for entrusting the processing of personal data under the principles specified in subsections 12.2. – 12.8. of these Regulations.
12.2. In the cases referred to in subsection 12.1. above, User as the controller entrusts Operator, under Article 28(1) of Regulation, with personal data for processing, for the execution of the contract for the provision of Services through Taxxo Platform, by performing personal data processing operations, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The personal data will be processed by Operator in a continuous manner in an electronic form.
12.3. For the purposes of the execution of the contract for the provision of Services through Taxxo Platform and exclusively within the scope arising out of the purpose assigned to the contract, Operator will process ordinary data, such as in particular first name and surname, place of residence, family name, job title, date of birth, place of birth, citizenship, number and series of identity document, PESEL (Polish Citizen Identification Number), NIP number, data concerning education, data concerning professional experience and competences, including numbers of documents and certificates confirming the possessed competences, information on family members sharing the same household and telephone numbers, and special data in the form of data concerning health and biometric data such as facial images or dactyloscopic data, data of User’s employees and associates and also members of their families, beneficiaries and contact persons, as well as ordinary data, in particular first name, surname and business name, and NIP number of User’s customers and suppliers.
12.4. User has the duty to (i) provide Operator with the data referred to in subsection 12.3 above and update the data without delay every time they are changed or supplemented, (ii) carry out an assessment of the impact of Operator’s processes on the protection of personal data, if required by the universally applicable provisions of law, (iii) hold prior consultation with a supervisory authority, if needed, (iv) closely cooperate with Operator at fulfilling the obligations arising out of the entrusting of personal data on User’s behalf, (v) perform other duties imposed on User by the universally applicable provisions of law, or by decisions or rulings of competent authorities or courts.
12.5. In the course of the processing of the entrusted personal data, Operator undertakes to secure the data by implementing appropriate technical and organisational measures, referred to in Article 32 of Regulation, which ensure an adequate level of protection appropriate to the risk connected with personal data processing, and furthermore:
a) Operator undertakes to process the entrusted personal data with due diligence;
b) within the scope exceeding the instruction referred to in subsection 12.2. above, Operator may process personal data only on User’s documented instruction, which also refers to transferring personal data to a third country or international organisation, unless this obligation is imposed by the universally applicable provisions of law; in this case, prior to the commencement of processing, Operator is obliged to inform User of this legal obligation, unless providing this information is forbidden by the law in view of important public interests;
c) Operator is obliged to grant authorisation for personal data processing to every person who will process the entrusted data;
d) Operator ensures that the persons authorised to process personal data be sworn to secrecy or be subject to the appropriate statutory obligation of secrecy;
e) Operator observes the terms and conditions for the use of a different processor, referred to in Article 28(2) and (4) of Regulation,
f) taking into account the nature of processing, through appropriate technical and organisational measures, Operator assists User in fulfilling the obligation to respond to a request of a data subject, within the scope of the execution of the rights of data subjects specified in Chapter III of Regulation;
g) taking into account the nature of processing and information available to Operator, Operator assists User in fulfilling his/her obligations specified in Articles 32-36 of Regulation;
h) Operator makes all information necessary to fulfil the obligations specified in Article 28 of Regulation available to User, and enables User or an auditor authorised by User to carry out audits, including inspections, and contributes thereto;
i) in conjunction with the obligation specified in Article 28(3)(h) of Regulation, Operator notifies User without delay of the fact that, in Operator’s opinion, the instruction it has received is in breach of Regulation or other legal acts of the European Union or a member state concerning data protection;
j) in the event of the processing of personal data in an electronic form, Operator ensures that providers of particular solutions or applications dealing with data assure that the settings which protect privacy be enabled by default;
k) Operator is obliged to keep a register of all categories of processing activities on User’s behalf encompassing the data included in Article 30(2) of Regulation; User agrees to having the register referred to in the previous sentence kept in an electronic form, including with the use of dedicated IT systems or applications.
12.6. User gives general consent to sub-entrust the personal data covered by the entrusting of data processing on behalf of User for the purposes of the execution of the contract for the provision of Services through Taxxo Platform and exclusively within the scope arising out of the purpose assigned to the contract. This entity should comply with the obligations, imposed under a relevant contract for sub-entrusting of personal data, referred to in subsection 12.5. of these Regulations and the provisions of Regulation, in particular the obligation to provide sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of Regulation. Operator is obliged to inform User of any intended changes concerning adding or replacing processors, providing User with the possibility to express an objection to such changes.
12.7. The entrusting of personal data processing on User’s behalf is applicable throughout the whole duration of the contract for the provision of Services through Taxxo Platform. Subject to subsection 12.8. below, after expiration or termination of the contract for the provision of Services through Taxxo Platform, irrespective of User’s decision, Operator is obliged to erase or return all personal data or erase their copies.
12.8. Operator has the right to retain one appropriately encrypted copy of data for the purposes of investigating complaints or claims connected with the provision of Services through Taxxo Platform or claims arising out of the contract for entrusting of processing personal data, however, for no longer than 10 years after the expiration or termination of the contract for the provision of Services through Taxxo Platform date, to which User consents. Notwithstanding the other provisions of this subsection, Operator has the right to retain the data within the scope arising out of separate provisions of the universally applicable law.
13. Cookie policy
Operator represents that it uses a cookie mechanism which through saving short textual information on the computer of a person visiting Taxxo Platform allows among others for the correct operation of Taxxo Platform, hence delivering Service (provided by electronic means) requested by User.
14. Commercial information
By accepting the provisions of Regulations, User consents to receiving from Operator, through electronic means of communication, including by telephone or via electronic mail at the email address indicated by User, commercial information about modifications and new services available in Taxxo Platform, pursuant to Article 10(2) of the Act of 18 July 2002 on the Provision of Services by Electronic Means (consolidated text JL of 2017, item 1219, as amended).
15. Operator’s liability
15.1. Operator takes all steps to ensure the correct functioning of Taxxo Platform in technical, formal and legal terms.
15.2. Operator will provide technical assistance for the operation of Taxxo Platform and Services available in Platform. The technical assistance is accessible via email at help@taxxo.app and by telephone (contact numbers can be found at https://taxxo.app).
15.3. Operator does not specify the reaction time of the technical assistance, however, Operator will take all steps to ensure the assistance is provided as quickly as possible, considering current capabilities.
15.4. Operator reserves the right to suspend the technical assistance with regard to User in the event of a clear breach of obligations by User (Customer), including in particular in the event of User being in consistent arrears with payments owed to Operator.
15.5. Furthermore, Operator adopts the measures referred to in section 9 above for the protection of User’s personal data.
15.6. Subject to the mandatory provisions of law applicable in this regard, Operator is not liable:
a) for any damage and losses sustained directly and indirectly (including damage for loss of profits generated by business activity, interruptions to business activity or loss of business information and other property damage) as a result of the use, inability to use or incorrect operation of Taxxo Platform;
b) for the authenticity and reliability of data (including accounting, tax and other data) made available to User through Taxxo Platform, or which have been downloaded from IT systems of Partner Firm or entered by employees of User’s Partner Firm;
c) for the content of information or materials shared by User or Partner Firm using Taxxo Platform;
d) for any infringements or damage caused by improper use of Taxxo Platform by User and faulty functioning of the computer hardware, software or communication system through which User connects to Taxxo Platform (in case of any doubts, it is stipulated that Operator is not liable for any damage sustained as a result of disclosure by User or Partner Firm of data shared in Taxxo Platform to third parties).
15.7. It is stipulated that Taxxo Platform is used solely at User’s own risk and expense, and Operator does not bear any liability in connection with User’s or Partner Firm’s businesses, including in particular for the correctness of settlements and making of timely payments.
15.8. Any Operator’s liability which it may incur as a result of or in connection with the provision of Taxxo Platform Service, including in particular arising out of the provisions of these Regulations, is limited to the total amount of payments made to Operator’s bank account for the sale of Services to a particular User in the calendar year preceding the claim lodging date.