This Privacy Policy (hereinafter: "Policy") contains information on the processing of your personal data in connection with the use of the "Splot Time Balancer" Application, running on mobile devices with Android and iOS systems (hereinafter: "Application" or "App").

Any capitalized terms not otherwise defined in the Policy shall have the meaning given to them in the Terms and Conditions, available on our website: https://splot.mruki.com/en/terms_of_service.html.

The Controller of your personal data is Marcin Adamski, conducting business activity under the name: Mruki Marcin Adamski, Dostojewskiego 8/72, Łódź, 92-507 Poland, entered into the Central Register of Information on Economic Activity kept by the minister in charge of economy, with NIP: 7282531567, REGON number: 544514261 (hereinafter: "Controller").

In all matters related to the processing of personal data, you can contact the Controller to the following e-mail address: dpo@mruki.com.

The Controller applies modern organizational and technical safeguards to ensure the best possible protection of your personal data and guarantees that it processes them in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: "GDPR"), the Act of 10 May 2018 on the Protection of Personal Data and Other Personal Data Protection Regulations.

In offline mode, the Application does not require the processing of your personal data. However, using the Application in online mode does require the processing of your personal data. Below you will find detailed information about the purposes and legal grounds of processing, as well as the period of processing and the obligation or voluntariness to provide them. All data listed below has been explicitly provided by you, except for data clearly marked as such, which is collected automatically by the Application.

1. To create and manage your account, the following data is processed:

   • e-mail address.
   The above data is processed on the basis of Article 6(1)(b) of the GDPR (processing is necessary for the performance of the Account Service Agreement concluded with the data subject or to take steps to conclude it).
   Providing the above-mentioned personal data is a condition for concluding and performing the agreement for the provision of the Account Service (their provision is voluntary, but the consequence of failure to provide them will be the inability to conclude and perform the above-mentioned agreement, including the creation of the Account).
   The Controller will process the above-mentioned personal data until the statute of limitations for claims under the Account Service Agreement expires.
2. To use Application in online mode, the following data is processed:

   • e-mail address.
   The above data is processed on the basis of Article 6(1)(b) of the GDPR (processing is necessary for the performance of the Application Use Agreement concluded with the data subject or to take steps to conclude it).
   Providing the above-mentioned personal data is a condition for concluding and performing the Application Use Agreement (providing them is voluntary, but the consequence of failure to provide them will be the inability to conclude and perform the Application Use Agreement).
   The Controller will process the above-mentioned personal data until the statute of limitations for claims arising from the Application Use Agreement expires.
3. To provide functionality and administrate Application, the following data is processed:

   • e-mail address,
   • time zone, date and time of the device, on which the Application was launched¹,
   • server date and time¹,
   • IP address¹,
   • Operating System information¹,
   • transaction ID¹ oraz purchase status¹.
   The above data is processed on the basis of Article 6(1)(f) of the GDPR (processing is necessary for the purpose of pursuing the legitimate interest of the Controller, in this case ensuring the proper operation of the Application).
   Providing the above-mentioned personal data is voluntary, but necessary to ensure the proper operation of the Application (the consequence of failure to provide them will be the inability to ensure the proper operation of the Application).
   The Controller will process the above-mentioned personal data until an effective objection is raised or the purpose of the processing is achieved.
   ¹ These data are saved automatically in server resources when using the Application in online mode (providing basic functionality and administration without the use of server logs and automatic saving would not be possible).
4. To handle queries submitted by Users, the following data is processed:

   • e-mail address,
   • other data contained in the message to the Controller,
   The above data is processed on the basis of Article 6(1)(f) of the GDPR (processing is necessary for the purpose of pursuing the legitimate interest of the Controller, in this case responding to the inquiry received).
   Providing the above-mentioned personal data is voluntary, but necessary in order to receive a response to the inquiry (the consequence of failure to provide them will be the inability to receive an answer).
   The Controller will process the above-mentioned personal data until an effective objection is raised or the purpose of processing is achieved (whichever occurs first).
5. To conduct the complaint procedure and withdrawal from the contract, the following data is processed:

   • name and surname or company name,
   • e-mail address.
   The above data is processed on the basis of Article 6(1)(c) of the GDPR (processing is necessary for compliance with a legal obligation to which the Controller is subject, in this case the following obligations:

   1. responding to a complaint – Article 7a of the Consumer Rights Act;
   2. exercising the Customer's rights resulting from the provisions on the Controller's liability in the event of non-compliance of the Physical Goods with the Sales Contract or the Object of Digital Supply with the Contract applicable to it).
   Providing the above-mentioned personal data is a condition for receiving a response to the complaint or exercising the Service Recipient's rights resulting from the provisions on the Controller's liability in the event of non-compliance of the Subject of Digital Service with the Agreement applicable to him (their provision is voluntary, but the consequence of failure to provide them will be the inability to receive a response to the complaint and the exercise of the above-mentioned rights).
   The Controller will process the above-mentioned personal data for the duration of the complaint procedure, and in the case of exercising the above-mentioned rights of the Client – until their limitation expires.
6. To share service reviews, the following data is processed:

   • e-mail address,
   • name and surname (optional),
   • company name (optional),
   • other data included in the opinion
   The above data is processed on the basis of Article 6(1)(f) of the GDPR (processing is necessary for the purpose of the legitimate interest of the Controller, in this case making the Opinion available for information and promotional purposes).
   Providing the above-mentioned personal data is voluntary, but necessary in order to add an Opinion (the consequence of not providing them will be the inability to add an Opinion).
   The Controller will process the above-mentioned personal data until an effective objection is raised or the purpose of processing is achieved (whichever occurs first).
7. To conduct a verification procedure and consider appeals against decisions on dealing with unacceptable content, the following data is processed:

   • name and surname,
   • e-mail address.
   The above data is processed on the basis of Article 6(1)(c) of the GDPR (processing is necessary for compliance with a legal obligation to which the Controller is subject, in this case the following obligations:

   1. provide a mechanism for reporting inappropriate content (Article 16 of Regulation 2022/2065 on the single market for digital services and amending Directive 2000/31/EC (Digital Services Act) (hereinafter: "DSA"),
   2. consideration of the complaint (Article 20 of the DSA)).
   Providing the above-mentioned personal data is a condition for receiving a response to the report or exercising the User's rights under the provisions of the DSA (their provision is voluntary, but the consequence of failure to provide them will be the inability to receive a response to the report and the exercise of the above-mentioned rights).
   The Controller will process the above-mentioned personal data for the duration of the verification procedure, and in the event of an appeal against the decision of the above-mentioned Authorized User – until the limitation period expires.
8. To comply with obligations related to the protection of personal data, the following data is processed:

   • name and surname,
   • contact details provided by you (e-mail address, correspondence address, telephone number).
   The above data is processed on the basis of Article 6(1)(c) of the GDPR (processing is necessary to comply with a legal obligation to which the Controller is subject, in this case the obligations resulting from the provisions on the protection of personal data).
   Providing the above-mentioned personal data is voluntary, but necessary for the proper performance by the Controller of the obligations resulting from the provisions on the protection of personal data, m.in. the exercise of the rights granted to you by the GDPR (the consequence of failure to provide the above-mentioned data will be the inability to properly exercise the above-mentioned rights).
   The Controller will process the above-mentioned personal data until the expiry of the limitation periods for claims for violation of personal data protection regulations.
9. For the purpose of establishing, pursuing or defending against legal claims, the following data is processed:

   • name and surname,
   • e-mail address,
   • company name (optional),
   • address of residence or address of registered office,
   • TIN number.
   The above data is processed on the basis of Article 6(1)(f) of the GDPR (processing is necessary for the purpose of pursuing the legitimate interest of the Controller, in this case establishing, investigating or defending against claims that may arise in connection with the performance of the Agreements concluded with the Controller).
   Providing the above-mentioned personal data is voluntary, but necessary in order to establish, pursue or defend against claims that may arise in connection with the performance of the Agreements concluded with the Controller (the consequence of failure to provide the above-mentioned data will be the inability of the Controller to take the above-mentioned actions).
   The Controller will process the above-mentioned personal data until the expiry of the limitation periods for claims that may arise in connection with the performance of the Agreements concluded with the Controller.

The personal data provided is not used for marketing purposes by the Controller.

The recipients of personal data will be the following external entities cooperating with the Controller:

• OVH Sp. z o.o. ul. Powstańców Śląskich 9, 53-332 Wrocław (NIP: 8992520556 REGON: 933029040),
• Apple Distribution International Ltd., Hollyhill Industrial Estate Hollyhill, Cork, Republic of Ireland,
• Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Republic of Ireland.

In addition, personal data may also be transferred to public or private entities, if such an obligation results from generally applicable law, a final court judgment or a final administrative decision.

In connection with the distribution of the Application via the App Store and Google Play, and in order to ensure its proper and secure operation, your personal data may be transferred outside the European Economic Area (EEA).

This transfer concerns in particular the following categories of data:

In connection with the Controller's use of the services provided by Google LLC and Apple Inc., your personal data may be transferred to the following third countries: Great Britain, Canada, USA, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia and Australia. The basis for the transfer of data to the above-mentioned third countries are:

• in the case of the United Kingdom, Canada, Israel and Japan - a decision of the European Commission stating an adequate level of protection of personal data in each of the above-mentioned third countries;
• for the USA, Chile, Brazil, Saudi Arabia, Qatar, India, China, South Korea, Singapore, Taiwan (Republic of China), Indonesia and Australia, adequacy contractual clauses in line with the standard contractual clauses set out in Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council.

All personal data associated with the User Account may be shared in one of the following ways (unless this conflicts with the cases described in section INFORMATION ON THE PERSONAL DATA PROCESSED):

1. deleting the User's Account from the Application,
2. automatic deletion of the User Account after one year of inactivity if no active paid services have been assigned to the Account,
3. at the User's express request, sent to the Administrator from the e-mail address associated with the Account.

In connection with the processing of personal data, you have the following rights:

1. the right to be informed what personal data concerning you is processed by the Controller and to receive a copy of this data (the so-called right of access). Issuing the first copy of the data is free of charge, for subsequent copies the Controller may charge a fee;
2. if the processed data becomes outdated or incomplete (or otherwise incorrect), you have the right to request its rectification;
3. in certain situations, you can ask the Controller to delete your personal data, e.g. when:
   1. the data will no longer be needed by the Controller for the purposes of which it has informed;
   2. you have effectively withdrawn your consent to the processing of data - unless the Controller has the right to process the data on another legal basis;
   3. the processing is unlawful;
   4. the need to delete the data results from a legal obligation to which the Controller is subject;
   5. konieczność usunięcia danych wynika z ciążącego na Administratorze obowiązku prawnego;
4. if personal data is processed by the Controller on the basis of the consent granted to the processing or in order to perform the Agreement concluded with him, you have the right to transfer your data to another Controller;
5. if personal data is processed by the Controller on the basis of your consent to the processing, you have the right to withdraw this consent at any time (the withdrawal of consent does not affect the lawfulness of the processing that was carried out on the basis of consent before its withdrawal);
6. if you believe that the processed personal data are incorrect, their processing is unlawful, or the Controller no longer needs certain data, you can request that for a specified period of time (e.g. checking the correctness of the data or pursuing claims) the Controller does not perform any operations on the data, but only stores them;
7. you have the right to object to the processing of personal data based on the legitimate interest of the Controller. In the event of an effective objection, the Controller will cease to process personal data for the above-mentioned purpose;
8. you have the right to lodge a complaint with the President of the Office for Personal Data Protection if you believe that the processing of personal data violates the provisions of the GDPR.

To the extent not regulated by the Policy, the generally applicable provisions on the protection of personal data shall apply.

The policy is effective from June 20, 2026.