Privacy Policy eAuditor cloud

Last updated: December 29, 2025.

We are committed to the privacy and security of the data you entrust to us. This Privacy Policy governs the collection, use and sharing of personal information in connection with your use of the Service. Your use of the Service constitutes your acceptance of this policy.

1. INTRODUCTION AND DEFINITIONS

For the purposes of this Privacy Policy:

  • Account means a unique account created for the purpose of accessing our Service or any part thereof;
  • Application means the software provided by the Company and downloaded to any electronic device, named eAuditor cloud;
  • The Company (referred to as the “Company” in this Agreement) refers to BTC Spółka z ograniczoną odpowiedzialnością, 38 1 Maja Street, 71-627 Szczecin, Poland;
  • Data Controller means the Company as a legal entity that alone or jointly with others determines the purposes and means of processing Personal Data, in accordance with the General Data Protection Regulation (RODO). This Privacy Policy applies where we act as a Data Controller with respect to Personal Data;
  • Device means any device that allows access to the Service, such as a computer, cell phone or digital tablet;
  • Personal Data means any information relating to an identified or identifiable natural person. For the purposes of the RODO, Personal Data includes information such as name, identification number, location data, online identifier, or one or more factors identifying physical, physiological, genetic, mental, economic, cultural or social identity;
  • The service refers to the Application;
  • Service Provider means any natural or legal person processing data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, provide the Service on behalf of the Company, perform services related to the Service, or assist the Company in analyzing how the Service is used. For the purposes of the RODO, Service Providers are considered Data Processors;
  • External Social Media Service means any website or social network through which you can log in or create an account to use the Service;
  • Operational Data means data collected automatically, both generated as a result of the use of the Service and from the infrastructure of the Service (e.g., the duration of a site visit);
  • You means the individual using the Service or the company or other legal entity on whose behalf such individual uses the Service. For the purposes of the DPA, you may be referred to as a Data Subject or User because you are a person using the Service.

2. WHAT INFORMATION DO WE COLLECT, WHY AND HOW IS IT USED?

We collect and use information in the following ways:

A. When you browse our website: https://www.eauditor.eu/cloud

Personal Data We May Collect: Our Website uses analytics tools, cookies and log files that may collect personal information such as your IP address, unique identifiers, browsing history and your device parameters.

For what purpose: We use this information to analyze site usage trends, optimize performance, and support our promotional efforts. This allows us to provide a stable and user-tailored browsing environment.

Legal basis: Processing is based on the legitimate interest of the Company or on your voluntary consent expressed through browser settings or a cookie banner.

Consequences of not providing data: Failure to accept cookies may limit access to certain interactive elements of the site.

B. When you contact us through the form

Personal information we may collect: Name, business email address, phone number, company name and position. We also process any information contained in the body of your request.

For what purpose: We use the data to answer your questions, send you informational materials and enable you to register for a free trial period. We also use it to establish a business relationship and provide technical support during the pre-purchase stage.

Legal basis: Processing is necessary to take action at your request before entering into a contract or is based on the Company’s legitimate interest in handling correspondence.

Consequences of not providing data: Without this information, we will not be able to respond to your inquiry.

C. When you create an account and use the eAuditor cloud Service

Personal information we may collect: Credentials, business contact information, company information, and activity data inside the Application.

For what purpose: We process this data to provide the Service, manage your account, provide security and access authorization. The data is also necessary to improve the Platform and implement technical support through the ticketing or chat system.

Legal basis: Performance of the Service contract and fulfillment of legal obligations (e.g. accounting).

Consequences of not providing data: Failure to provide data makes it impossible to create an account and use the functionality of the Platform.

D. As part of its E-mail Marketing

Description of activities: The Company may use Personal Information to contact Users with newsletters, marketing materials and promotional information that may be of interest. It is possible to unsubscribe at any time by clicking a link in an e-mail or by contacting us directly.

Suppliers: We use the Mailerlite system (Privacy Policy: https://www.mailerlite.com/pl/legal/privacy-policy).

Legal basis: Processing is based on your voluntary consent.

Consequences of not providing personal data: If you do not provide your data or withdraw your consent, we will not be able to send you newsletters, information about new features of the Service and promotional offers.

E. In the process of handling payments

Description of activities: For paid services, payment processing is done by third-party providers. The Company does not store or collect payment card data. This information is transferred directly to the payment processor in accordance with PCI-DSS standards.

Providers: Stripe is the main payment processor (Stripe Privacy Policy).

Legal basis: Processing is necessary for the performance of a contract to which you are a party and for the fulfillment of the Administrator’s legal obligations, in particular with regard to tax and accounting regulations.

Consequences of not providing personal data: Failure to provide data necessary for payment processing will prevent the purchase of paid versions of the Service, the issuance of an invoice and the execution of the financial transaction.

F. When you use external social networks

Description of activities: The Company allows you to create an account and log in to the Service through third-party social networking sites, such as Google, Microsoft and Apple. If you choose to register or grant access to your account on such a service, we may collect Personal Information associated with that account, in particular your name and email address.

Additional information: You also have the option to provide us with additional information through your third-party account settings. By providing such information and Personal Information during registration or otherwise, you consent to the Company’s use, sharing and storage of such information and Personal Information as described in this Privacy Policy.

Legal basis: Processing is based on your voluntary decision to use an external authentication method (to perform a contract or to take action on a request prior to entering into a contract).

Consequences of not providing personal information: If you opt out of linking your account to an external service, logging in using Google, Microsoft or Apple will not be possible, and registration will require the traditional method using your email address and password.

3. WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

User data is processed at the Company’s operational offices in the Republic of Poland and at locations within the European Union. For the purposes of payment processing and invoicing processes, data only to the extent necessary may be processed outside the EEA.

Disclosure of Personal Information

Under certain circumstances, the Company may be required to disclose your Personal Information if required to do so by law or in response to valid requests from public authorities (e.g., a court or government agency).

– Law enforcement agencies

In certain cases, the Company may be required to disclose Personal Information if required to do so by applicable law or if a valid request is made by public authorities, such as courts or government agencies.

– Other legal requirements

The Company may disclose Personal Information in good faith if it determines that it is necessary to do so for a purpose:

  • Fulfillment of a legal obligation,
  • To protect and defend the rights or property of the Company,
  • To prevent or investigate potential irregularities related to the Service,
  • To protect the personal safety of users of the Service or the general public,
  • Safeguard against legal liability.

4. SCOPE OF PERSONAL DATA COLLECTED

Personal information

We collect data that you provide to us directly when you use the Service. For example, data is collected when you register for the Service, create an account, fill out a form, participate in interactive features of the Service, contact customer service, or otherwise engage in communication with us. The types of information we may collect include, but are not limited to:

  • Email address,
  • Name,
  • Phone number,
  • Name, address, and billing information of the entity,
  • Address, province, postal code, city,
  • Any other information you choose to give us.

Personal information is never sold, rented, shared or used other than as necessary to provide the Service. If you do not provide the information required to provide the Service, your access to certain features of the Service or to the entire Service may be restricted.

The Company discloses Personal Information only to those employees, contractors, and affiliates who:
a) require access to such information in order to process it on your and the Company’s behalf,
b) have committed in writing to a level of confidentiality no less than that set forth in this Privacy Policy.

Performance data

Usage data is collected automatically when you use the Service. They may include, but are not limited to, information such as your device’s IP address, browser type and version, the pages of the Service you visit, the time and date of your visit, the time spent on particular pages, unique device identifiers, and other diagnostic data.

When accessing the Service via a mobile device, the following information may also be automatically collected:

  • type of mobile device used,
  • The unique identifier of the mobile device,
  • IP address of the mobile device,
  • The operating system of the mobile device,
  • The type of web browser on the mobile device,
  • Unique device identifiers and other diagnostic data.

5. HOW DO WE SECURE YOUR PERSONAL INFORMATION?

The Company makes every effort to protect the information provided, using appropriate security measures – physical, electronic and organizational – designed to protect Personal Information from loss, unauthorized access, alteration or disclosure, regardless of where or how it is stored. The protection of Personal Information is a priority for the Company, but it is important to remember that no method of data transmission over the Internet or system of information storage can guarantee complete security. Despite the use of reasonable security measures, it is not possible to provide complete protection against potential threats.

6. HOW DO WE STORE YOUR PERSONAL INFORMATION?

The Company retains personal information for the period necessary to fulfill the purposes for which it was collected, in accordance with this Privacy Policy. In some cases, a longer retention period may be required or permitted, such as for:

  • fulfillment of legal or contractual obligations,
  • conducting audits and investigations,
  • Contract enforcement and dispute resolution.

Exploitation data is kept for a shorter period of time, unless it is used to enhance security, improve the functionality of the Service or there is a legal obligation to keep it longer.

Criteria for determining the period of data retention include:

  • Period necessary to provide the Service – data are kept for as long as necessary to provide access to the Service and fulfill the related purposes.
  • Account activity – if there is no activity for a certain period of time for the free plan, the data may be deleted; there is also an option to deactivate the account on request.
  • Legal and regulatory requirements – data may be retained for longer periods of time if required by applicable laws or data retention regulations.

The Company is not responsible for the storage of information provided by users or the content provided through the Service. You are responsible for backing up your data and content related to the Service.

7. YOUR RIGHTS UNDER THE RODO

We respect the privacy of your personal information and provide you with the opportunity to exercise the following rights:

  • The right to access your personal data – you have the right to obtain information about what personal data we process and to receive a copy of it.
  • Right to rectification – if your personal data is incomplete or incorrect, you have the right to correct or complete it immediately.
  • Right to object to data processing – you have the right to object to data processing if it is done on the basis of our legitimate interest.
  • Right to erasure of personal data – you have the right to request erasure of your personal data (“right to be forgotten”) if there is no longer a legal basis for further processing.
  • Right to data portability – you have the right to receive your personal data in a structured, commonly used format and the right to send this data to another controller.
  • Right to revoke consent – You have the right to revoke your consent to the processing of personal data at any time, without affecting the lawfulness of the processing carried out before the withdrawal.

If you have questions about the legal basis for processing your personal data or wish to exercise your rights, please contact us.

To exercise your rights, contact us. You may need to confirm your identity before your request can be fulfilled. You also have the right to file a complaint with the data protection supervisory authority.

8. COOKIE POLICY

Cookies are small text files sent by a web server and stored on the User’s end device (e.g. on a computer, tablet or smartphone). They allow the information contained in them to be read only by the server that created them. Cookies identify the User in order to tailor the content of the website and advertisements to their individual needs and preferences.

Purposes of storing and accessing cookies:

The owner uses cookies to ensure an appropriate standard of convenience for the Website. The data is used for the following purposes:

  • Personalisation: – Remembering selected settings (e.g. font size, colour version, language preferences) and adapting the content of subpages to the User’s needs.
  • Authentication and session – Maintaining the User’s session after logging in, so that there is no need to enter a login and password on each subpage.
  • Technical optimisation – Recognising the User’s end device in order to display the website correctly and ensure effective and smooth navigation.
  • Analytics and statistics – Monitoring and checking how Users use the Website (e.g. using Google Analytics). The collected data is used to optimise activities and improve the functioning of the Website within the company.
  • Marketing and profiling – Providing the User with personalised advertising content and conducting remarketing activities.

Cookie management and consent

  1. Default settings: Please note that web browsing software (browser) often allows cookies to be stored on the end device by default.

  2. Right to change: You can change your cookie settings at any time, e.g. block their automatic handling or request information each time they are placed on your device.

  3. Impact on the functioning of the Website: Changing the settings constitutes an objection, which may cause difficulties in using the Website. Completely disabling cookies does not prevent you from viewing the content, but it may block access to functions that require logging in.

  4. No changes to the configuration: Stored cookies do not cause any configuration changes to the User’s end device or the software installed on it.

Managing cookies in browsers:

If you do not agree to the use of cookies, you can modify your browser settings. Below are links to instructions for the most popular browsers:

9. PRINCIPLES OF PERSONAL DATA PROCESSING (RODO)

The Administrator shall process Personal Data in accordance with applicable laws, in particular in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 (RODO), taking care to protect the rights and freedoms of data subjects.

The Administrator shall ensure that the Personal Data is:

  • processed lawfully, fairly and transparently,
  • collected for specific, explicit and legitimate purposes,
  • Adequate, appropriate and limited to what is necessary,
  • correct and updated as necessary,
  • kept for no longer than necessary,
  • processed in a manner that ensures an adequate level of security, including protection against unauthorized access, loss or destruction.

The controller shall apply technical and organizational measures appropriate to the nature, scope, context and purposes of data processing and the risk of violation of the rights or freedoms of natural persons.

10. AUTHORIZED PERSONS AND ENTRUSTMENT OF DATA PROCESSING

Only persons authorized by the Administrator or entities entrusted by the Administrator with the processing of data on the basis of entrustment agreements, pursuant to Article 28 RODO, have access to Personal Data.

Persons processing Personal Data act only at the direction of the Administrator and are obliged to maintain confidentiality.

11. AUTOMATED PROCESSING AND PROFILING

Personal Data may be processed by automated means, including profiling, only to the extent permitted by law.

Profiling can be used to:

  • Improving the functionality of the Service,
  • content personalization,
  • Optimization of marketing communications.

You have the right to object to the processing of your data for marketing or profiling purposes at any time by contacting the Administrator.

12. VOLUNTARINESS OF PROVIDING DATA

Provision of Personal Data is, in principle, voluntary, but in some cases necessary for:

  • conclusion or execution of the contract,
  • Use of certain functionalities of the Service,
  • receiving a response to an inquiry or handling a request.

Failure to provide data may result in the inability to fulfill the above purposes.

13. APPLICABLE LAW AND APPLICATION OF REGULATIONS

The laws of the Republic of Poland shall apply to this Privacy Policy.

In matters not regulated by this Privacy Policy, the relevant provisions of generally applicable law shall apply, in particular the provisions on the protection of personal data and the provision of electronic services.

14. CONTACT

For matters concerning privacy and the exercise of your rights, please contact our Data Protection Officer:

  • E-mail: [email protected]
  • Address: BTC Sp. z o.o., 38 1 Maja St., 71-627 Szczecin, Poland.
  1. This Privacy Policy is regularly reviewed and updated. Any significant change will be announced on our website.