Privacy Policy | Dropsy

Privacy Policy


This Privacy Policy prescribes the manner in which BMR Group sp. z o.o. (hereinafter referred to as "BMR", "we", "our", "us") processes personal data. This Policy is for information purposes and serves satisfaction of the information obligations imposed on us under the GDPR, i.e. Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. This Privacy Policy is a document related to the Dropsy Application End-user License Agreement (hereinafter referred to as "EULA"). Any capitalised terms should be interpreted according to their definitions prescribed in the EULA.


  1. The Controller of your personal data is BMR Group sp. z o.o. with its registered office in Warsaw (00-781), ul. Boryszewska 14/6, entered in the register of entrepreneurs of the National Court Register (KRS) under number KRS: 0000791365, Tax Identification Number NIP: 5213869090, National Business Registry Number REGON: 383668422, share capital in the amount of PLN 5,000.
  2. You may contact us as the Controller via e-mail


  1. The processing of your personal data may concern the following categories: MAC address and data which you may provide us voluntarily when filing a complaint and which may be necessary to consider it.
  2. Your provision of personal data is voluntary, but it is necessary for us for to provide Services or consider complaints.
  3. Your personal data will be processed by us for the following purposes:
    1. Provision of Services—the legal basis in such a case is the statutory authorisation to process data necessary to perform the Agreement to which we are parties (Article 6.1(b) of the GDPR);
    2. Compliance with obligations resulting from legal provisions—the legal basis in such a case is the statutory authorisation to process data necessary to act in line with the law (Article 6.1(c) of the GDPR);
    3. Consideration of filed claims and complaints—the legal basis for processing in such a case is our legitimate interest (Article 6.1.(f) of the GDPR) which consists in due conduct of business activity.
  4. If we are advised that you use the Services in violation of the applicable provisions of law, then we may process your personal data in a scope required for establishing the scope of your liability.
  5. Your personal data will be processed until termination, dissolution or expiry of the Agreement for any reason, and subsequently for a period sufficient for us to prove the proper performance of our obligations related to the provision of Services, whereby such period corresponds to the period of limitation of claims.
  6. Upon the lapse of the term prescribed above, your personal data will be deleted, unless their processing is necessary under another legal basis.
  7. We transfer your personal data to a third country, i.e. the United States of America. In such a case we shall take every effort to ensure that your personal data are appropriately secured and we shall transfer your personal data only to entities which guarantee the appropriate security of your data.


  1. We may entrust the processing of your personal data to third parties to ensure the functioning of the Application and to exercise our rights or comply with our obligations connected with processing. In such a case, data recipients may include: the hosting provider, the provider of IT services, the e-mail operator.
  2. Personal data collected by us may also be disclosed to: competent state authorities upon their request on the basis of relevant provisions of law or other persons and entities—in the cases prescribed in the provisions of law.
  3. Each entity to which we transfer personal data for processing on the basis of a personal data transfer agreement (hereinafter referred to as "Transfer Agreement") guarantees an adequate level of security and confidentiality of the processing of personal data. The entity processing your personal data on the basis of the Transfer Agreement may process your personal data through another entity only upon our prior written consent.
  4. Disclosing personal data to unauthorized entities under this Privacy Policy may take place only upon your prior consent.
  5. If personal data are transferred to entities from third countries for processing, such transfer may take place on the basis of respective model contract clauses or decisions of the European Commission, in particular the EU–U.S. Privacy Shield, i.e. Commission Implementing Decision 2016/1250/EU of 12 July 2016.


  1. In connection with our processing of your data you have the right to: (a) delete the collected personal data referring to you both from our system as well as from the bases of entities with which we have co-operated, (b) restrict the processing of data, (c) portability of the personal data collected by us and referring to you, in this to receive them in a structured form, (d) request us to enable you to access your personal data and to rectify them, (e) object to processing, (f) withdraw the consent towards us at any time without affecting the legality of processing carried out on the basis of the consent before it is withdrawn, (g) lodge a complaint about us to the supervisory authority (President of the Personal Data Protection Office).


  1. We may store http enquiries, therefore the files containing web server logs may store certain data, including the IP address of the device sending the enquiry, the station name—identification through http protocol, if possible, date and system time of registration in the Application and receipt of the enquiry, number of bytes sent by the server, the URL address of the site visited by you before if you entered the Application through a link, information concerning your browser, information concerning errors, information on your device. Web server logs may be collected as the material for the proper administration of the Application. Only persons authorized to administer the IT system have access to data. The files containing web server logs may be analyzed for the purpose of preparing statistics concerning traffic in the Application and occurring errors. Summary of such details does not enable identification of any person.


  1. We apply technological and organizational means in order to secure the processing of personal data adequately to the threats and category of data to be secured, in particular, through technical and organisational means we secure data against being disclosed to unauthorized persons, taken over by an unauthorized person, processed in violation of the law, and changed, lost, damaged or destroyed. The set of collected personal data is stored on a secured server, while the data are secured by our internal procedures related to the processing of personal data and information security policy.
  2. We have also implemented appropriate technical and organisational means, such as pseudonymisation, designed to effectively enforce the data protection principles, such as data minimisation, and for the purpose of providing the processing with necessary safeguards, so as to meet the GDPR requirements and protect the rights of data subjects.
  3. We advise you that using the Internet and services provided by electronic means may pose a threat of malware breaking into your teleinformatic system and device, as well as any other unauthorized access to your data, including personal data, by third parties. In order to minimize such threats, you should use appropriate technical security means, e.g. use updated antivirus programs or programs securing the identification in the Internet. In order to obtain detailed and professional information related to security in the Internet, we recommend taking advice from entities specializing in such IT services.


  1. This Privacy Policy shall come into effect on 11.09.2019.