0
0
0
14 January 2026PRIVACY POLICY
GIS Support Sp. z o.o. Version 1.0 – Effective from January 1, 2025
§1 GENERAL PROVISIONS
1.1 This Privacy Policy defines the rules for processing and protecting personal data by GIS Support Sp. z o.o., headquartered in Lublin at ul. Konrada Wallenroda 2f/3.09, 20-607, NIP number: 9462641761, REGON: 061483531, registered in the National Court Register under KRS number: 0000440891 (hereinafter: “Administrator,” “Company,” or “we”). 1.2 The Policy applies to the processing of personal data in connection with:
- Using the Usemaps Enterprise software in the Cloud (SaaS) model
- Using the Usemaps Enterprise software in the On-Premise model
- Using the Usemaps Mobile application
- Using the free Usemaps Lite plugin for QGIS
- Using the usemaps.com website
- Marketing and sales activities
1.3 The Administrator complies with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and other applicable personal data protection laws.
§2 DATA PROTECTION OFFICER
2.1 The Administrator has appointed a Data Protection Officer, who can be contacted at:
- Email: privacy@gis-support.pl
- Adress: ul. Konrada Wallenroda 2f/3.09, 20-607 Lublin
- Phone number: +48 795 860 444
§3 CATEGORIES OF PROCESSED DATA
Table 1: Data categories by product
| Product/Service | Data Categories | Role of the Administrator |
| Usemaps Enterprise Cloud | User identification data, Contact data, Login data, Client business data | Administrator (user data), Processor (client data) |
| Usemaps Enterprise On-Premise | Buyer contact data, License data | Administrator |
| Usemaps Mobile | Device identifier, Location data (with consent), Login data | Administrator |
| Usemaps Lite (QGIS) | Usage statistics (anonymous), Software version | Administrator |
| gis-support.pl website | Data from contact forms, Cookies, Analytical data | Administrator |
§4 PURPOSES AND LEGAL BASES OF PROCESSING
Table 2: Purposes of processing and legal bases
| Purpose of processing | Legal basis | Retention period |
| Provision of Usemaps Enterprise Cloud services | Art. 6 ust. 1 lit. b) RODO (contract) | Duration of the contract + 6 years (tax regulations) |
| On-Premise technical support | Art. 6 ust. 1 lit. b) RODO (contract) | License duration + 3 years |
| Direct marketing (email or phone) | Art. 6 ust. 1 lit. a) RODO (consent) | Until consent is withdrawn, maximum 5 years from last activity |
| Product newsletter | Art. 6 ust. 1 lit. a) RODO (consent) | Until consent is withdrawn |
| Cross-product marketing | Art. 6 ust. 1 lit. f) RODO (legitimate interest) | 2 years after the end of the contract |
| Analytics and statistics | Art. 6 ust. 1 lit. f) RODO (legitimate interest) | 3 years |
| Legal claims | Art. 6 ust. 1 lit. f) RODO(legitimate interest) | 6 years from the event |
§5 DATA PROCESSING IN CLOUD vs ON-PREMISE MODEL
5.1 Usemaps Enterprise Cloud (SaaS)
Role of the Administrator as Processor:
- For spatial and business data entered by clients into the system, the Administrator acts as a data processor
- The client remains the administrator of their business data
- The Administrator processes this data solely in accordance with the contract and the client’s instructions
- The data is stored in infrastructure managed by the Administrator
Role of the Administrator as Controller:
- System user data (login, password, email)
- Contact details of the client’s representatives
- Data regarding system and license usage
5.2 Usemaps Enterprise On-Premise
Full client control:
- The software is installed in the client’s infrastructure
- The Administrator does not have access to the data processed in the client’s system
- The Administrator processes only contact data for licensing and support purposes
- The client is the sole administrator of all data in the system
§6 CROSS-PRODUCT MARKETING STRATEGY
6.1 Identification Key
The Administrator uses the email address as a unique identifier to link user activity across products, only with the user’s consent or based on legitimate interest.
6.2 Types of Marketing Consents
| Consent Type | Scope | Frequency |
| General newsletter | Information about all products | Maximum 2 times per month |
| Product updates | Information about products in use | Maximum once per week |
| Special offers | Promotions and discounts | Maximum once per month |
| Webinars and training | Event invitations | No limit (event-driven) |
| Satisfaction surveys | Questionnaires and feedback | Maximum once per quarter |
6.3 Managing Preferences
The user can at any time:
- Manage consents through the user panel
- Określić preferowane kanały komunikacji
- Set the communication frequency
- Unsubscribe completely (link in every email)
§7 DATA RECIPIENTS
Table 3: Categories of data recipients
| Recipient category | Examples | Purpose of transfer |
| Cloud subprocessors | AWS, Hetzner | Infrastructure hosting |
| Communication tools | GetResponse | Email delivery |
| Analytics | Google Analytics, Grafana | Usage statistics |
| Technical support / Ticketing | Jira Service Desk Management | Ticket handling |
| Payments | Payment operators | Transaction processing |
| Accounting | Accounting office | Tax settlements |
§8 TRANSFER OF DATA TO THIRD COUNTRIES
8.1 Currently, the Administrator processes personal data exclusively within the territory of the European Economic Area (EEA). 8.2 In the event that data needs to be transferred to third countries (outside the EEA), the Administrator:
- Will inform users of this with appropriate notice
- Will provide appropriate safeguards in accordance with Chapter V RODO
- Will apply one of the appropriate transfer mechanisms, such as:
- Data Privacy Framework – for transfers to the USA (certified recipients)
- Standard Contractual Clauses (SCC) – approved by the European Commission
- Explicit consent – after being informed of the risk
8.3 The current list of third countries and applied safeguards is available upon request at: privacy@gis-support.pl
§9 RIGHTS OF DATA SUBJECTS
9.1 Applicable rights
Every individual has the right to:
- Access their data (Art. 15 RODO)
- Rectification of data (Art. 16 RODO
- Erasure of data (“right to be forgotten”) (Art. 17 RODO)
- Restriction of processing (Art. 18 RODO)
- Data portability (Art. 20 RODO)
- Objection to processing (Art. 21 RODO)
- Withdrawal of consent at any time
- Lodge a complaint with the President UODO
9.2 Exercising Rights
Requests should be directed to:
- Email: privacy@gis-support.pl
- Response time: up to 30 days from receipt of the request
§10 DATA SECURITY
10.1 Technical and Organizational Measures
The Administrator implements the following safeguards:
- Data encryption in transit (TLS 1.3)
- Data encryption at rest (AES-256)
- Role-based access control (RBAC)
- Regular backups (RTO: 4h, RPO: 1h)
- 24/7 security monitoring
- Regular Penetration Testing
- Staff training on data protection
10.2 Breach Reporting
In the event of a data breach:
- Notification to UODO within 72 hours
- Notification to affected individuals (if required)
- Documentation in the breach register
§11 COOKIES
11.1 Types of Cookies
| Cookie Type | Purpose | Duration |
| Necessary | Website functionality | Session |
| Preferences | Remembering settings | 1 year |
| Statistical | Traffic analysis | 2 years |
| Marketing | Targeted advertising | 90 days |
11.2 Managing Cookies
The user can:
- Accept or reject cookies via the banner
- Change settings in the browser
- Delete saved cookies
§12 MOBILE APPLICATIONS
12.1 Usemaps Mobile
Data collected automatically:
- Device identifier (for licensing)
- Operating system version
- Application version
- Error logs (anonymous)
Data collected with consent:
- GPS location (for map functions)
- Camera (for adding photos to maps)
- Device storage (for offline map caching)
12.2 Compliance with Store Requirements
- App Store: Compliance with Apple Privacy Policy
- Google Play: Compliance with Google Play Data Safety
§13 QGIS PLUGIN (Usemaps Lite)
13.1 Data Collected by the Plugin
Data collected automatically:
- Anonymous usage statistics of features
- QGIS and plugin version
- Installation identifier (UUID)
- Basic operating system information
- Usage frequency
Optionally collected data:
- Email address (when registering to receive updates)
- First and last name (optional during registration)
- Phone number (optional during registration)
- Organization name (optional)
- Error reports with logs (with consent)
13.2 Purposes of processing plugin data
| Purpose | Legal basis | Retention period |
| Usage analytics | Art. 6 ust. 1 lit. f) RODO (legitimate interest) | 2 years |
| Update information | Art. 6 ust. 1 lit. a) RODO (consent) | Until consent is withdrawn |
| Usemaps product marketing | Art. 6 ust. 1 lit. a) RODO (consent) | Until consent is withdrawn, maximum 5 years |
| Lead generation | Art. 6 ust. 1 lit. f) RODO (legitimate interest) | 3 years from the last activity |
| Error reporting | Art. 6 ust. 1 lit. a) RODO (consent) | 1 year from the report |
13.3 Registration and Marketing
The plugin may display:
- Registration form on first launch
- Notifications about paid Usemaps product versions
- Upgrade offers for Usemaps Enterprise
The user can:
- Register to use the plugin
- Manage marketing consents in the plugin settings
13.4 Plugin User Profiling
Based on how the plugin is used, we may assign the user to a segment (e.g., “power user,” “occasional user”) to tailor marketing communications. This is our legitimate interest in understanding user needs.
§14 AUTOMATED DECISION-MAKING
The Administrator does not use automated decision-making, including profiling, that would produce legal effects or similarly significant impacts on individuals.
§15 CHANGES TO THE PRIVACY POLICY
15.1 The Administrator reserves the right to modify the Policy. 15.2 Users will be notified of significant changes:
- By email (30 days before taking effect)
- Through a notification in the application
- On the website
§16 CONTACT
GIS Support Sp. z o.o. ul. Konrada Wallenroda 2f/3.09 20-607 Lublin Email: privacy@gis-support.pl Tel: +48 795 860 444 KRS: 0000440891 NIP: 9462641761 Inspektor Ochrony Danych: Email: privacy@gis-support.pl