1.1. This Privacy Policy sets out the rules for processing and protecting personal data in connection with the use of the website and application AleSprzedawca, available at https://alesprzedawca.pl (hereinafter: the „Service" or the „Program").
1.2. The controller of personal data of the Service Users is:
1.3. Contact with the Controller on data protection matters: e-mail kontakt@alesprzedawca.pl, postal address as in point 1.2.
1.4. The Controller exercises particular care to protect the interests of data subjects and ensures, in particular, that data are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: „GDPR").
Within the Program, personal data are processed in two different roles:
2.1. As the data Controller — in relation to the data of persons who create and operate an Account in the Program (the entrepreneur, representatives or employees of the User): registration, login, billing data and data on the use of the Program.
2.2. As a Processor — in relation to personal data that the User (seller) enters or that are synchronised from their Allegro account into the Program, in particular the User's buyers' data (name, delivery address, e-mail, phone, invoicing details). In this respect the User is the controller of such data, and the Service Provider processes them solely on the User's documented instructions, on the terms of the data processing agreement constituting Appendix No. 1 to the Terms of Service.
| Purpose of processing | Scope of data | Legal basis (GDPR) |
|---|---|---|
| Registration and maintenance of the Account, provision of the service | name, e-mail, company data (name, tax ID, address), login, password (in encrypted form) | Art. 6(1)(b) (performance of a contract) |
| Handling the trial period and subscription, billing, invoicing | company data, tax ID, payment data, billing history | Art. 6(1)(b) and (c) (tax and accounting obligations) |
| Contact, handling of requests and complaints | contact data, content of correspondence | Art. 6(1)(b) and (f) (legitimate interest) |
| Ensuring security, technical logs, preventing abuse | IP address, login data, system logs | Art. 6(1)(f) |
| Establishing or defending against claims | data necessary to determine claims | Art. 6(1)(f) |
| Marketing of own services (if conducted) | e-mail, contact data | Art. 6(1)(f), and for electronic communication — consent (Art. 6(1)(a)) |
4.1. In connection with the Program's functions (synchronisation of Allegro orders, issuing invoices, generating shipping labels, sending e-invoices to KSeF) the Program processes data of the User's buyers and contractors, including: identification, address, contact data and invoicing details.
4.2. Such data are processed solely for the purpose of performing the contract with the User and providing the Program's functions. The Service Provider does not use them for its own purposes.
4.3. The User remains the controller of such data. The rules of entrustment (subject matter, duration, nature, categories of persons, processor's obligations, sub-processing) are set out in the data processing agreement contained in Appendix No. 1 to the Terms of Service.
5.1. Data may be disclosed or entrusted to the following categories of recipients, solely to the extent necessary to provide the service:
5.2. Entities processing data on behalf of the Controller do so on the basis of concluded processing agreements and solely in accordance with the Controller's instructions.
6.1. As a rule, data are processed within the European Economic Area (EEA).
6.2. If any service provider processes data outside the EEA, this takes place solely with appropriate safeguards required by the GDPR (e.g. a European Commission adequacy decision or standard contractual clauses).
7.1. Account data are processed for the duration of the contract, and after its termination:
7.2. Data processed in the role of a processor (the User's buyers' data) are deleted or returned after the termination of the contract with the User, in accordance with the processing agreement, subject to provisions requiring their further storage.
8.1. Every person has the right to: access their data, rectification, erasure („right to be forgotten"), restriction of processing, data portability, objection, and withdrawal of consent (without affecting the lawfulness of processing carried out before withdrawal).
8.2. To exercise these rights, please contact the Controller (point 1.3). Persons whose data the User has entrusted for processing (e.g. buyers) should address their requests to the User as the controller of such data; the Service Provider supports the User in fulfilling them.
8.3. Every person has the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland).
9.1. The Service uses cookies and data stored locally in the browser (localStorage) for:
9.2. Necessary cookies do not require consent. Other technologies (e.g. analytics, if implemented) are used on the basis of the User's consent.
9.3. The User can manage cookies in their browser settings; restricting necessary cookies may prevent the Program from working correctly.
10.1. The Controller applies technical and organisational measures ensuring data protection, including: encrypted connections (TLS/HTTPS), password encryption, access control, a firewall, protection against unauthorised access and encrypted backups.
10.2. Access to data is limited to authorised persons bound by confidentiality.
11.1. The Controller may update this Policy. Users will be informed of material changes electronically or via a notice in the Program with appropriate advance notice.
11.2. The current version is always available in the Service together with its effective date.
