Regulations

Information on the processing of personal data of users of our websites or mobile applications:

Who is the personal data controller:

Benefit Systems S.A. with its registered office in Warsaw, Plac Europejski 2, 00-844 Warsaw (hereinafter referred to as ‘we’ or ‘Benefit Systems’).

If you are a user of the MyBenefit System and make use of the functionality of the HR tools or submit statements or requests to your employer or other similar functionalities, then your employer is the administrator of personal data processed within these functionalities. For information regarding this processing, please contact your employer directly.

How to contact us:

‍You can contact us in any of the following ways:

• using the contact form;

• via e-mail to: daneosobowe@benefitsystems.pl; and by post to the address: Pl. Europejski 2, 00-844 Warszawa, in an envelope marked “Personal data”.

We have designated a personal data officer, who can be contacted in any matters concerning the processing of your personal data by us. You can do this by e-mail to: iod@benefitsystems.pl or via post to the address: Benefit Systems S.A. Pl. Europejski 2, 00-844 Warszawa, in an envelope marked “IOD”.

What personal data do we process and where do we collect them from:

‍We will process your personal data that you provide, leave, or to which we may gain access in connection with your use of our websites or mobile applications.

We may also process your data, which we receive from your employer (e.g. in order to create your account in the MyBenefit System).

We may also receive your data from entities that offer you additional services in connection with your account on our websites and mobile applications, or from external authentication service providers (e.g. Facebook, Apple).

Additionally, we may process your child’s personal data, if you have provided us with such.

The data we process, include in particular:

• the data you or your employer provide in the process of registering an account on our websites and our mobile applications, as well as during the use of our websites and applications;

• data concerning your activity on our websites and in our mobile applications (e.g. data about pages you visit, bookmarks, how much time you spend there, etc.);

• if you use the facility search engine and turn on the geolocation function, we will process your geolocation data in order to show you facilities located near your location;

• if you upload your or your child’s photo to our application in order to obtain a Confirmed Identity, we will process it to guarantee you or your child the Confirmed Identity functionality and in order to send it back to your e-mail address, if you would like to use facility services while a QR code or token number cannot be generated in the Multisport app;

• data relating to your device through which you use our websites or mobile applications: IP address, data stored in cookies or other similar technologies (see: ‘Cookies’). We also process data comprising contents of HTTP requests transmitted from your device to our server (URL, IP address, browser data, date and time of the request, HTTP response code, error information, cookie ID, page resources viewed). The data so collected are recorded in server logs.

How we process data: We will process your personal data and your child’s personal data, if you have provided us with such, for the purposes of:

• providing access services and account maintenance services on our websites and in our mobile applications as well as enabling the use of services available on those websites and mobile applications (including enabling the purchase, delivery, and settlement of orders in the

MyBenefit System or on the MultiLife Platform) – because it is necessary for the performance of the contract between you and Benefit Systems (legal basis - Article 6(1)(b) of the GDPR);

• where we collect special categories of data in order to provide you with a service or where we transfer such personal data to external entities, we process your data on the basis of your explicit consent (legal basis – Article 9(2)(a) GDPR). The provision of this data is always voluntary, but may be necessary in order to use the service in question;

• in case you are a member of the MultiSport or MultiLife Programme, we provide you with services related to the use of the MultiSport or MultiLife Programme because you have given us your consent, which may also be expressed through your explicit application to the Programme directly to us or through the employer (legal basis - Article 6(1)(a) of the GDPR);

• related to compliance with our legal obligations – we may have obligations arising from applicable laws that require us to process your personal data; in particular, this concerns compliance with tax and accounting obligations (legal basis – Article 6(1)(c) GDPR);

• server administration and security assurance for statistical purposes and for the purposes of facilitating the use of our websites and mobile applications on the basis of our legitimate interest consisting in improving the functionality of services provided by us electronically (legal basis – Article 6(1)(f) of the GDPR);

• exercising, establishing or defending legal claims. We act on the basis of our legitimate interest consisting in the ability to establish or defend a legal claim (legal basis – Article 6(1)(f) of the GDPR or Article 9(2)(f) of the GDPR in case of special categories of personal data;

• in connection with carrying out marketing activities – we may process your personal data: (i) for the purposes of marketing communications, including mailing commercial information and presenting offers in pursuit of our legitimate interest that consists in presenting you with marketing contents, including contents tailored to you on the basis of profiling, in connection with your consent to use the communication channel you have chosen for this purpose; ii) for the purposes of online marketing activities in pursuit of our legitimate interest that consists presenting advertisements and offers, including those tailored to your potential needs and interests on the basis of profiling, in connection with your consent to the use of cookies or similar technologies or, where applicable, in connection with your consent to our use of information on your location for marketing purposes; iii) for the purpose of carrying out analyses and statistics for marketing purposes and for the purpose of surveying satisfaction with our services in pursuit of our legitimate interest that consists in improving the quality of our customer service and optimizing the products and services offered by us (legal basis – Article 6(1)(f) of the GDPR).

How long will your personal data be stored:

‍After you have finished using our websites or mobile applications, we will process your data for as long as they are stored in the server logs. If you have an account on our websites or in our applications, we will keep your data until you delete your account.

Where we process your data for the purposes of complying with our legal obligations, we will do so for the time necessary to comply with our legal obligations, in particular as required by applicable law.

Where we process your personal data based on our legitimate interests, we will do so until you lodge an effective objection, unless they cease to be necessary for the purposes of our legitimate interests (e.g. the limitation period for claims expires).

Where we process your data based on your consent, we will process them no longer than until its withdrawal.

Is providing data compulsory: As a rule, providing personal data is not compulsory, but may be necessary for you to use the services provided by Benefit Systems, e.g. to enter into a contract with us.

Therefore, your failure to provide your data may in some instances make it impossible for us to provide services. Our forms used to collect data clearly indicate the data the provision of which is necessary.

Do we make automated decisions:

‍We do not make any decision concerning you which would be based solely on automated processing of your information which would produce legal effects concerning you or similarly affect you in a significant way.

Who do we transfer your data to:

‍Your personal data may be transferred to the following entities: Benefit Systems Group companies, hosting and maintenance service providers for our websites and mobile applications, ICT and IT support and security service providers, data storage and destruction service providers, entities providing services for our clients and other stakeholders (e.g. couriers, payment operators) and supporting our marketing activities, to legal counsels and auditors, as well as your employer. Your data may also be transferred to our affiliated entities that offer additional services in connection with your ownership of an account on our website or in our mobile applications (e.g. consultants and partners whose services you access through our websites or mobile applications), as well as to social network operators.

Your data may also be transferred to public authorities in cases provided for by law.

If you use the function of making the Virtual Kids Card available to other users registered in our MultiSport application, your child's personal data will be disclosed to the users indicated by you.

Are your data transferred outside the European Economic Area:

‍As a rule, your personal data are not transferred outside the European Economic Area (EEA). Some of the data recipients (such es technological solution providers) may process them in third countries. We make every effort for the provision of data to these providers to be lawful. If the European Commission has not issued a decision confirming that a given third country ensures an adequate level of personal data protection, we ensure that data transfers are carried out on the basis of other legal protection measures, e.g. based on standard contractual clauses or codes of conduct. You can contact us to obtain copies of the implemented security measures. You can find contact details above in section How to contact us.

What are your rights:

‍The right to demand access to your personal data; the right to demand rectification of personal data; the right to demand erasure of personal data; the right to demand restriction of personal data processing; the right to object to personal data processing; the right to data portability; the right to withdraw consent for the processing of personal data; as well as the right to lodge a complaint with the President of the Personal Data Protection Office.

More information about the processing of your personal data can be found in our Privacy Policy: https://www.benefitsystems.pl/en/privacy-policy/.

Terms and conditions of Multi.Life newsletter

General

1. These terms and conditions (hereinafter: “Terms and Conditions”) set out the principles of providing the Newsletter service (hereinafter: “Service”) to interested parties (hereinafter: “Service Users”).
2. The Service is provided by Benefit Systems S.A. based in Warsaw at ul. Plac Europejski 2, 00-844 Warszawa, registered by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division, under KRS [National Court Register] No.: 0000370919, NIP [Tax Identification Number]: 836-16-76-510, REGON [business entity statistical number]: 750721670, BDO [Waste Management Register]: 000558784, with a share capital of PLN 2,933,542.00 (fully paid up) (hereinafter: “Benefit Systems”).
3. As part of the Service provided, Benefit Systems sends educational materials, including expert articles and advice on caring for one’s well-being, as well as commercial information on products offered by Benefit Systems (e.g. articles, infographics, videocasts, audiovisual materials), to the e-mail address indicated by the Service User (hereinafter: “Newsletter”).
4. The Service is available to all Service Users at: multi.life.
5. The Service does not require to incur any costs, other than third-party costs related to the Service User’s access to the Internet or e-mail box insofar as required to receive the Newsletter.
6. The Terms and Conditions are available free of charge at www.multi.life/en/regulations, in a form that enables their download, reproduction and recording.
7. Benefit Systems’ intention is to prepare and send the Newsletter no more than once a week.

Activation and Deactivation of the Service

8. Service Users will be able to use the Service upon completing registration activities in the following order:
   
   1. agreeing to receive the Newsletter in accordance with these Terms and Conditions to the e-mail address indicated by them,
   2. confirming that the e-mail address referred to in item 1 above is correct by clicking on the link sent in an automated e-mail generated by the Benefit Systems site.
9. The Service User must provide the correct e-mail address and verify it in accordance with Section 8 hereof, as a precondition for the agreement between the Service User and Benefit Systems on the provision of electronic services, within the meaning of the Electronic Services Provision Act of 18 July 2002 (Journal of Laws [Dz. U.] of 2016, item 1030 as amended), to be effective in respect of the Service. Failure to do any of the actions specified in Section 8(1-2) will prevent Benefit Systems from providing the Service.
10. The Service Agreement shall be concluded for an indefinite period of time. Service Users who wish to unsubscribe from the Service provided by Benefit Systems may deactivate the Service, i.e. terminate the agreement, at any time by clicking on the active link with the words “Unsubscribe” which is to be found in each e-mail with the Newsletter.
11. The Service may also be deactivated by Benefit Systems in the event that the Service User fails to comply with the obligations required by these Terms and Conditions, in particular by providing unlawful content, impersonating others, providing false personal information or other misrepresentation pertaining to the User, or otherwise violating generally applicable laws.
12. Upon deactivation of the Service, Benefit Systems shall cease sending the Newsletter to the e-mail address of the Service User.

Technical Requirements. Particular Risks of Using Services Provided Electronically

13. Benefit Systems shall use its best efforts to enable using the Service via the Internet by means of all popular Internet browsers, operating systems, computer types and Internet connection types. Benefit Systems does not guarantee and will not be responsible for ensuring that any configuration option of electronic equipment owned by the User will enable the use of the Service. The minimum technical requirements for using the Service, subject to the previous sentence, are as follows:
    
    1. a computer or another electronic device with at least 2 Mb/s in Internet bandwidth;
    2. operating system: Windows 7 or higher, Mac OS X 10.7 or higher, Ubuntu 10 or higher;
    3. equipped with the latest version of the web browser: Google Chrome, Firefox, Microsoft Edge, Safari or Opera, which will support cookies and JavaScript;
    4. having an e-mail box.
14. Benefit Systems hereby represents that the public nature of the Internet and the use of services provided by electronic means may involve the risk of unauthorised interception or modification of User data; therefore, the User should use appropriate technical measures to minimise such risks. In particular, they should use anti-virus software as well as software protecting the identity of Internet users.
15. Benefit Systems applies technical and organisational measures corresponding to the level of risk, including measures to prevent unauthorised interception and modification of personal data sent on the Internet, in order to ensure security of messages and data transferred via the Site. Benefit Systems ensures secure transmission of data via the Site through the use of HTTPS protocol and signing data from the User’s device with an SSL certificate.
16. Primary potential risks of using the Internet include:
    
    1. malware;
    2. various types of applications or scripts which are harmful, criminal or malicious towards the IT system, such as viruses, worms, trojans, keyloggers, dialers;
    3. spyware;
    4. software that tracks activity, collects information about the User and sends it, typically without the User’s knowledge or consent, to the author of the software;
    5. spam;
    6. unwanted and unsolicited electronic messages distributed concurrently to multiple users, often of advertising nature;
    7. wrongful eliciting of confidential personal information (such as passwords) by pretending to be a respectable person or institution (phishing);
    8. attacks on the User’s IT system using hacking tools, such as exploit rootkits.
17. Protection against risks associated with the User’s use of the services provided electronically is also provided by:
    
    1. active firewall,
    2. updating of any type of software,
    3. not opening electronic mail attachments from unknown sources,
    4. reading installation windows of applications and their licensing terms,
    5. deactivating macros in MS Office files of unknown origin,
    6. regular comprehensive scans of the system by anti-virus and anti-malware software,
    7. data transmission encryption,
    8. installation of prevention software (attack detection and prevention),
    9. using the original system and applications from legal sources.

Personal Data

18. The controller of personal data of Service Users, in keeping with Regulation (EU) 679/2016 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), is Benefit Systems (referred to hereinafter in this Section as “Controller”).
19. The personal data is processed in order to provide the Newsletter service insofar as required to provide it in keeping herewith (Article 6(1)(b) of the GDPR). Benefit Systems also processes personal data of Service Users on the basis of Benefit Systems’ legitimate interest, which is to conduct analyses and statistics and to customise the Newsletter to Service Users’ needs (Article 6(1)(f) of the GDPR).
20. Detailed information on the processing of personal data can be found on the websites referred to in Section 4 hereof and at https://www.benefitsystems.pl/polityka-prywatnosci/.

Intellectual Property Rights

21. All content made available as part of the Service, such as text, graphics, logotypes, icons, images, photos, audio and video files, data files, presentations, navigation solutions, selection and layout of the content presented as part of the Service, as well as any other data, is protected by intellectual property rights (copyright, protection rights to trademarks and other exclusive rights) of Benefit Systems or entities with which Benefit Systems has an agreement in place on the use of such content for the purpose of providing the Service. The elements comprising the Service may not be recorded, reproduced or distributed in any form or manner or traded without Benefit Systems’ prior written consent.
22. By using the Service, Users do not acquire copyright, related rights and similar rights, or obtain any licenses.

Complaints

23. All inquiries and complaints regarding the Service provided by Benefit Systems may be made in writing to the following address: Plac Europejski 2, 00-844 Warszawa or by e-mail to: infolinia@benefitsystems.pl.
24. The letter of complaint should contain:
    
    1. the e-mail address referred to in Section 8.1 hereof,
    2. description of the case, and
    3. at the Service User’s discretion – e-mail address or mailing address other than the one indicated in item 1) above, to which a response to the processing of the complaint should be sent.
25. Benefit Systems may ask the Service User additional questions in order to establish the facts of the case which caused the complaint.
26. Benefit Systems shall consider complaints without undue delay, but not later than within 14 days as of the date of receipt of all the details allowing to handle the complaint.

Liability

27. Benefit Systems shall not be liable for interruption or disruption of Service availability as a result of:
    1. modification, upgrade, expansion or maintenance of Benefit Systems’ software system;
    2. reasons beyond Benefit Systems’ control (force majeure, acts or omissions by third parties which Benefit Systems is not liable for).
28. Benefit Systems shall not be liable to the User for any downtime of or difficulties in providing the Service for reasons attributable to the User.

Amendments to these Terms and Conditions

29. Benefit Systems is entitled to amend these Terms and Conditions in the following cases:
    
    1. changes in laws directly affecting the content hereof;
    2. imposition of certain obligations by state authorities;
    3. improvements in the operation of the Service and User support, including improving the protection of Users’ privacy;
    4. technological and functional changes;
    5. changes in the scope of services provided under the Service, including the introduction of new services;
    6. for security and abuse prevention reasons;
    7. editorial changes in the text of the Terms and Conditions.

29. In the event of revisions to the Terms and Conditions, Benefit Systems shall communicate them to Service Users by sending an e-mail to the e-mail address referred to in Section 8.1 hereof. Any and all revisions hereto shall become effective on the date given in the e-mail referred to in the preceding sentence but not earlier than 10 days after the date on which the notice of the revised version was sent.
30. The Terms and Conditions shall be binding on the Service User, unless the Service User resigns from the Service within 10 days from the date of receipt of information about the change, in case of non-acceptance of the new wording of the Terms and Conditions.

Final Provisions

32. Users who are consumers are advised by Benefit Systems of the possibility to have recourse to out-of-court complaint and redress methods. The rules of access to these procedures are available at the registered offices or on the websites of entities authorised to deal with out-of-court resolution of disputes. The entities include in particular consumer ombudsmen or Provincial Inspectorates of the Trade Inspection, the list of which is available on the website of the Office of Competition and Consumer Protection. Benefit Systems would like to inform you that there is an online system for resolving disputes between consumers and traders in the EU (the European Online Dispute Resolution (ODR) platform) available at http://ec.europa.eu/consumers/odr/. Benefit Systems shall not resort to out-of-court resolution of consumer disputes as referred to in the Act of 23 September 2016 on Out-of-Court Resolution of Consumer Disputes.
33. The User has the statutory right to withdraw from the agreement for convenience and without incurring costs within 14 days from the date of conclusion of the agreement. A specimen withdrawal form constitutes Appendix 1 hereto.
34. These Terms and Conditions do not restrict or waive any rights of Service Users under unconditionally applicable laws.
35. Matters not addressed herein are governed by the generally applicable laws of Poland.

Appendix 1

Specimen notice of withdrawal from the “Newsletter” Service Agreement

To submit a notice of withdrawal from the “Newsletter” Service Agreement with Benefit Systems, the following specimen notice may be used:
Benefit Systems S.A.
Plac Europejski 2
00-844 Warszawa
bok@benefitsystems.pl

I ………………………………. hereby give notice of my withdrawal from the “Newsletter” Service Agreement.

Full name:        …………………………………………………………...
E-mail address: …………………………………………………………...