Easy-Way CMS Panel Privacy Policy

Last updated: 12 June 2026

This Policy sets out the rules for processing the personal data of people using the Easy-Way CMS Panel on behalf of Clients (Administrators). A separate Wayfinder Privacy Policy applies to users of the Wayfinder app. This English version is provided for convenience only; in the event of any discrepancy, the Polish version of this document prevails.

§ 1. Data controller and the roles of the parties

1.1. The controller of the personal data of CMS Panel Administrators is DOT DOT sp. z o.o., ul. Ludwika 17, 40-176 Katowice, Poland, KRS 0001246224, Tax ID (NIP) 9542909898, owner of the Easy-Way.io brand (hereinafter “EasyWay”).

1.2. The controller of data published in the system, such as map content, descriptions and data in points and areas of interest (POI), is the Client who owns the CMS account. The Client decides on the scope of the published data. In this respect, EasyWay acts solely as a processor and may use further processors listed in the List of Subprocessors.

1.3. For matters relating to data protection, you can contact us at [email protected]. General contact: [email protected].

1.4. EasyWay has appointed a Data Protection Officer, Tomasz Budzyński. Contact with the Data Protection Officer: [email protected].

§ 1a. Precedence of a separate data processing agreement

1a.1. The provisions of this Policy concerning the entrustment of data processing apply where no separate Data Processing Agreement (DPA) has been concluded between the Client and EasyWay.

1a.2. If the Client has concluded a separate DPA with EasyWay, its provisions take precedence over this Policy and the documents available in the CMS Panel.

1a.3. For Accounts created without a separate Agreement, the basis for entrusting data processing is this Policy together with the CMS Terms of Service. For Clients processing special categories of data, in particular medical entities, the provisions of a signed DPA take precedence.

§ 2. Scope of personal data processed

2.1. Administrator data. We process identification and contact data (login and email address), authentication data (hashed password and 2FA settings), session and log data (login history, activity dates, IP address, browser information), operational data on actions performed in the CMS Panel, and a record of acceptance of the Terms and Privacy Policy.

2.2. Client data. Client data such as name, Tax ID (NIP), business registry number (REGON) or address generally does not constitute personal data, unless it concerns a sole proprietorship.

2.3. Data published in the system. Data on facilities, maps, rooms and points of interest (POI) generally does not constitute personal data. If the Client publishes data of natural persons, for example employees’ names, the Client acts as the controller and EasyWay as the processor in accordance with § 1.2.

2.4. Special categories of data. In the standard operation of the CMS Panel, we do not process special categories of Administrators’ data. Additional security measures described in § 8 apply to Clients in the healthcare sector.

§ 3. Purposes and legal bases for processing

3.1. We process personal data in order to provide and operate the Account and perform the Agreement on the basis of Article 6(1)(b) GDPR.

3.2. We process data related to authentication, system security, 2FA handling, monitoring and detecting irregularities on the basis of Article 6(1)(f) GDPR.

3.3. We process data necessary to provide technical support and handle complaints on the basis of Article 6(1)(b) GDPR.

3.4. We process data required by law, in particular relating to archiving, accounting and reporting data breaches, on the basis of Article 6(1)(c) GDPR.

3.5. We keep a record of acceptance of the Terms and Privacy Policy for evidentiary purposes on the basis of Article 6(1)(c) and Article 6(1)(f) GDPR.

3.6. We process analytics data on the use of the CMS Panel in order to develop and optimise the Service on the basis of Article 6(1)(f) GDPR.

3.7. We send the newsletter and marketing information on the basis of freely given consent in accordance with Article 6(1)(a) GDPR.

3.8. Data may be processed to establish, pursue or defend claims on the basis of Article 6(1)(f) GDPR.

§ 4. Data recipients

4.1. EasyWay uses processors providing hosting, IT infrastructure, backup, content delivery and product analytics services. The current List of Subprocessors is available at List of Subprocessors.

4.2. Data may also be transferred to authorised employees and associates of EasyWay, external advisers including accountants and lawyers, and public authorities where required by law.

4.3. Where a transfer of data outside the European Economic Area is necessary, it takes place in accordance with the GDPR, in particular on the basis of an adequacy decision of the European Commission or Standard Contractual Clauses (SCC). Information about the safeguards applied can be obtained at [email protected].

§ 5. Data retention period

5.1. We keep Administrator data for the duration of the Agreement or the activity of the Account.

5.2. We keep Administrator data for 30 days after the Account is deactivated, and then delete it.

5.3. We keep the record of acceptance of the Terms and Privacy Policy for the duration of the Agreement and for 6 years after it ends.

5.4. We keep security logs for 12 months.

5.5. We keep the record of actions performed in the CMS Panel for 24 months.

5.6. We keep analytics data for up to 14 months.

5.7. We keep accounting and tax data for 5 years from the end of the tax year.

5.8. We keep data processed for the purpose of claims until the relevant limitation period expires, generally for 3 years in B2B relationships.

Ładowanie...