UnderStand IoT is an Internet of Things hardware and software solution. It collects and processes data from POSs in real time allowing you to assess the results of promotions and pretest promotional activities. Edge IoT measures KPIs, taking into account the entire purchasing funnel, including traffic, consumer interest, and product turnover. It also monitors operational elements related to sales (such as the distribution of secondary placements).

The provider of this solution is Edge NPD Sp z o.o. 22A Czeska Street 03-902 Warsaw / Poland  (“the Provider”).

The Provider believes in the right to privacy of all Internet users. This Privacy Policy describes the practices used by Provider for gathering, storing, using, and disclosing information that we collect from users UnderStand (our “Service”), as well as from our former, current, and prospective clients and individuals that communicate with us. This section also outlines some of the measures we take to protect that information.

“Personal data” means any information relating to an identified or identifiable natural person (“Data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The Provider collects, uses, discloses and processes Personal Data in accordance with this Privacy Policy, including for the purpose of providing the Services and our business.

For the purposes of GDPR, the Provider is the controller of your personal information, unless you are explicitly told otherwise.

In accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR and other relevant provisions on the protection of personal data, we undertake to maintain the security and confidentiality of personal data obtained from you. Provider has implemented appropriate safeguards, technical and organizational measures to ensure an adequate level of protection of personal data.

Data Collected by our Services

When using the Services, we process your Personal Data in various ways and for different purposes, including:

  1. when registering an Account or interacting with our Services – we process Personal Data in order to conclude an agreement for the provision of Services and to provide them – pursuant to Art. 6(1)(b) GDPR; these data may include login and password, e-mail address, payment information, name and surname, mailing address; these data are used to create your User Account and enable you to use the functionality of our Services;
  2. when you communicate with us through the form or e-mail address – we process Personal Data for correspondence – for this purpose we process, among others, e-mail address based on Art. 6(1)(f). GDPR; We may send you notifications related to the performance of our Services, such as changes to our Regulation or this Privacy Policy or other formal messages related to the Services; In addition, we may use your Personal Information to respond to your support requests regarding the Services, including information about Paid Services. We may also use your Personal Information to respond to your requests, inquiries and complaints.

As a rule, the data are processed by the time the Services are provided, until the consent is withdrawn or the effective opposition to the data processing is filed in cases where the legal basis for data processing is the Provider’s legitimate interest. The data processing period may be extended if the processing is necessary to establish and assert any claims or defend against them, and after that time only in the case and to the extent required by law. After the processing period has expired, the data is irreversibly deleted or anonymized.


The Services are hosted in European Union. Installation of the Application on virtual machines involves data processing in accordance with the rules indicated by the virtual machine provider. If you access our Services from any jurisdiction with laws or regulations governing personal data collection, use, and disclosure that differ from the laws of Poland, please be advised that through your continued use of the Services, you are transferring your Personal Information to EU and you consent to that transfer.


The Provider takes steps to use generally accepted standards to protect the security of information that we collect. To that end, we have designed and deployed hardware, software, and networking solutions in an effort to reasonably secure and protect access to our systems and data. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions regarding security you can contact us at

Recipients of your Personal Data

The recipient of your Personal Data is entities that process data on behalf of the Provider, (eg Provider’s employees), entities that process personal data on behalf of the Provider (ie IT systems and IT services providers, including hosting and marketing services provider), legal and advisory services providers (in particular law firms in the event of a dispute), as well as other entities that are authorized to process data on the basis of legal provisions.

Legal Disclaimer

We may need to disclose information, including Personal Data, when in our good-faith judgment we are required to do so by law, or when such action is necessary to comply with a current judicial proceeding, a court order or legal process. We may also transfer all or some of the data discussed in this policy, in connection with a of assets, bankruptcy, or other corporate change.

Rights related to personal data

You have the following rights with respect to your personal data:


  • Access


You can ask us to: confirm whether we are processing your Personal Data; give you a copy of that data; provide you with other information about your Personal Data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out any profiling, to the extent that such information has not already been provided to you in this Policy.


  • Rectification


You can ask us to rectify inaccurate information. We may seek to verify the accuracy of the data before rectifying it.


  • Erasure


You can ask us to erase your Personal Data, but only where:

  • it is no longer needed for the purposes for which it was collected;
  • you have withdrawn your consent (where the data processing was based on consent);
  • following a successful right to object (see “Objection” below);
  • it has been processed unlawfully;
  • or to comply with a legal obligation to which we are subject.

We are not required to comply with your request to erase your Personal Data if the processing of your personal data is necessary:

  • for compliance with a legal obligation;
  • or for the establishment, exercise, or defense of legal claims.

There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.


  • Restriction


You can ask us to restrict (i.e. keep but not use) your personal data, but only where:

  • its accuracy is contested (see “Rectification” above), to allow us to verify its accuracy;
  • the processing is unlawful, but you do not want it erased;
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise, or defend legal claims;
  • you have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your personal data following a request for restriction, where: we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.


  • Right to object


You can ask us to stop processing your Personal Data, and we will do so:

  • to the extent that we are relying on our legitimate interests to use your personal information, you have the right to object to such use, unless we can either demonstrate compelling legitimate grounds for the use that override your interests, rights, and freedoms or where we need to process the data for the establishment, exercise or defense of legal claims, and
  • where we are processing your personal information for direct marketing purposes.


  • Portability


You can ask us to provide your Personal Data to you in a structured, commonly used, machine-readable format, or you can ask to have it “ported” directly to another data controller, but only where our processing is based on your consent and the processing is carried out by automated means.


  • Withdrawal of Consent


You can withdraw your consent in respect of any processing of Personal Data which is based upon a consent which you have previously provided.

If you wish to access personal information that you have submitted to us, to request the correction of any inaccurate information you have submitted to us, to request deletion of or object to processing of your information, please send your request to We may ask you for additional information so that we can confirm your identity.

We will take steps to try to resolve any complaint you raise regarding our treatment of your Personal Data. You also have the right to raise a complaint with the privacy regulator in your jurisdiction.

Governing Law and Dispute Resolution

This Privacy Policy, and all related matters are governed solely by the laws of Poland, excluding any rules of private international law or the conflict of laws which would lead to the application of any laws.

You have the right to lodge a complaint to the supervisory body referred to in art. 77 GDPR – if you feel that we are processing your personal data unlawfully or in any way violate the rights resulting from generally applicable provisions of law in the field of personal data protection.


As a general rule, we retain your Personal Data for as long as necessary to fulfil the purposes for which it was collected, or as necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records, and enforce our agreements. Our clients instruct us on how long to retain client data, which we handle as a data processor. We may retain personal data for longer where required by our regulatory obligations, professional indemnity obligations, or where we believe necessary to establish, defend, or protect our legal rights and interests or those of others.

Information about children

The Services are not intended for minors under the age of 16. We do not knowingly or specifically collect information about minors under the age of 16. If you believe we have unintentionally collected such information, please notify us at, so that we can delete this information from our servers.

Providing Personal Data

Providing your Personal Data is voluntary. Not submitting Personal Data will result in the inability to use the Services or in the event of changes to the privacy settings in the device settings – inability to use all functionalities of the Services. In the case of optional data, you have the right to withdraw your consents regarding the processing of Personal Data. The withdrawal of a given consent does not affect Provider’s right to process the data for the purpose for which it was granted, until it is revoked.

Further information

This Privacy Policy may be updated from time to time. All changes will be posted on this site. The Provider encourages users to periodically check back to this site for any changes to the Privacy Policy. Except when required by law, any modifications made to this Privacy Policy will not affect the privacy of data collected by the Provider prior to the effective date of the policy change.

Contact us

If you have questions or concerns regarding the way in which your personal data is being processed or this Policy, please contact us at