For Buyers
1.1. Administrator — the administrator of the data is us: Simply.In sp. z o.o. based in Lodz (Bratysławska 10/26 Street, 94-040 Lodz).
1.2. Personal data — all information that identifies a person directly (e.g., email address) and indirectly (e.g., activity on the site).
1.3. GDPR — Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
1.4. User — a natural person using the System.
1.5. Merchant — a natural person, an unincorporated organizational unit or a legal entity that has entered into a cooperation agreement with us.
1.6. System — Simply.In software we provide that allows you to remember your data when shopping online and streamlines your shopping experience, available on the Simply.In mobile app or on the website at https://simply.in.
1.7. Terms and Conditions — Simply.In Terms of Service available at https://simply.in/en/legal/terms-b2c
2.1. We collect data necessary to provide electronic services, as well as information about your activity. We have described the detailed principles and purposes of data processing below.
2.2. When you use certain services or forms, you may provide additional data. Providing them is voluntary - it is not necessary to use the service. We inform you of this, for example, by marking mandatory fields.
USE OF THE SYSTEM BY USERS
3.1. In order to provide the User with services on the System, we process the User's identification and contact information, including: name, surname, telephone number, e-mail address, address of residence, date of birth. With the User's consent, in order to authorize a transaction, we may also process biometric data, such as fingerprint or facial scan.
3.2. As part of the operation and maintenance of an account in the System, we process data about the account, including the date the account was created and the history of actions taken in the account, such as transactions performed.
3.3. We process this data for the purposes described in the table below.
| PURPOSES OF PROCESSING | LEGAL BASIS FOR PROCESSING | DATA RETENTION PERIOD |
|---|---|---|
| Provision of services related to the establishment and operation of the account | Necessity of the processing for the performance of the contract (Article 6(1)(b) of the GDPR) | Until the account is closed |
| Authorization of transactions | User's consent ( Article 6(1)(a) of the GDPR) | Until you withdraw your consent |
| Analysis of the User's activity in the System | The legitimate interest of the Administrator (Article 6(1)(f) GDPR), which consists in conducting analysis of Users' activities, as well as their preferences in order to improve the functionalities used and services provided | Until the account is closed or until the User expresses an effective objection (no longer than the end of the year following 3 years after the termination of services) |
| Optimization of functionality based on user geolocation | User's consent ( Article 6(1)(a) of the GDPR) | Until you withdraw your consent |
USE OF THE SYSTEM BY USERS
3.4. In order to provide services in the System to a Merchant who is an individual, we process his/her identification and contact information, including: name, surname, company name, telephone number, e-mail address, residential address, Tax ID.
3.5. In order to provide services in the System to a Merchant who is not an individual, we process the identification and contact information of the person who represents him/her, including: name, surname, company name, telephone number, e-mail address, residential address, position/function.
3.6. We process this data for the purposes described in the table below.
| PURPOSES OF PROCESSING | LEGAL BASIS FOR PROCESSING | DATA RETENTION PERIOD |
|---|---|---|
| Providing the Merchant with the service of access to the System | Necessity of the processing for the performance of the contract (Article 6(1)(b) of the GDPR) | For the duration of the contract for access to the System |
| Identification of Merchants and their representatives | The Administrator's legitimate interest (Article 6(1)(f) GDPR), which is to provide reliable identification of the contractor and its representatives. | For the duration of the contract for access to the System or until an effective objection is made |
| Tax reporting | Necessity for the implementation of the legal obligation incumbent on the Controller (Article 6 (1) (c) of the GDPR in connection with the relevant tax and accounting regulations). | 5 years from the end of the calendar year in which the service was performed. |
| Maintaining an ongoing business relationship in connection with the performance of the contract | The legitimate interest of the Administrator (Article 6(1)(f) GDPR), which consists in the ongoing performance of the contract | For the duration of the contract for access to the System or until an effective objection is made |
| Our internal administrative goals | The legitimate interest of the Administrator (Article 6(1)(f) GDPR), which is the efficient management of the Administrator's business | For the duration of the contract for access to the System or until an effective objection is made |
MARKETING AND COMMERCIAL COMMUNICATION
3.7. We use your email address and phone number to send you direct marketing communications (emails, push notifications, SMS or phone calls). We only do this if you give us your consent by checking the appropriate box during registration or in your account. You can withdraw your consent at any time.
3.8. You can withdraw individual consents in your profile in the System. If you have problems changing your settings, please contact us at support@simply.in.
3.9. As part of our marketing activities, we process data for the purposes described in the table below.
| PURPOSES OF PROCESSING | LEGAL BASIS FOR PROCESSING | DATA RETENTION PERIOD |
|---|---|---|
| Sending direct marketing messages via email, push notifications, SMS or phone calls | Legitimate interest of the administrator (Article 6(1)(f) GDPR) in connection with the consent given for a specific marketing communication channel | Until you withdraw your consent to receive communications and information (based on electronic communication regulations) or express an effective objection to data processing |
OTHER PURPOSES OF PROCESSING
3.10. We process the personal data you provide to us by email or phone for contact purposes only to identify you and respond to you.
3.11. We collect all the information you choose to give us when you call or correspond with us.
3.12. To ensure your convenience and satisfaction with the System, we are constantly developing it. Therefore, we conduct various analyses, tests and studies, using information about your activity in the System. We also collect, among other things, data on the history of transactions performed.
3.13. To prevent unwanted activities that violate the Terms and Conditions, we collect and analyze various types of data, such as information about your behavior on the System, transaction history, and login data.
3.14. As part of these activities, we process data for the purposes described in the table below.
| PURPOSES OF PROCESSING | LEGAL BASIS FOR PROCESSING | DATA RETENTION PERIOD |
|---|---|---|
| Claims handling | Necessity of processing for the performance of the contract (Article 6(1)(b) of the DPA). | Until the service of the request is completed or for the period indicated by law |
| Handling requests from data subjects | Legal obligation (Article 6(1)(c) GDPR) | Until the service of the request is completed or for the period indicated by law |
| Handling of other requests and applications | The legitimate interest of the Administrator (Article 6(1)(f) GDPR), which consists in responding to inquiries addressed to it regarding its business activities; with regard to data provided on an optional basis, the legal basis for processing is consent (Article 6(1)(a) GDPR) | Until the completion of the handling of your request or until you successfully object to the processing of your data In the case of data provided optionally - until you withdraw your consent |
| Improving the quality of services and service | The legitimate interest of the Administrator (Article 6(1)(f) GDPR), which is to conduct analysis of activity in the System in order to improve and develop the functionalities used | Until we terminate the storage of your data in connection with another active purpose of processing, or until you make an effective objection (For no longer than 5 years from the end of the year in which we terminated the services) |
| Fraud detection and prevention | The legitimate interest of the Administrator (Article 6(1)(f) GDPR), which consists in taking actions to prevent unauthorized activities in the System | 24 months after account closure or until you make an effective objection |
4.1. We have indicated the data retention periods in the tables above. We may extend them if the processing is necessary for the establishment and investigation of possible claims or defense against claims. After this time, we store data only if and to the extent required by law. Once the retention period has expired, we irreversibly delete or anonymize the data.
5.1. Cookies are small text files stored on your device when you use websites. They remember, among other things, his/her visit and settings. They perform various functions, but we use them primarily to allow you to access the System and to facilitate the use of the services available on the System.
5.2. We also use cookies for analytics and marketing purposes, but only if you agree. You can withdraw this consent at any time.
5.3. Cookies are divided into permanent and session cookies - depending on how long they are stored, and into necessary and optional cookies - depending on the purposes for which they are used.
PERSISTENT AND SESSION COOKIES
| TYPE | DESCRIPTION |
|---|---|
| Session cookies | Some cookies are temporary files, stored until you log out, leave the site or turn off your web browser. These types of cookies help us analyze web traffic and enable us to identify and resolve technical problems, among other things. |
| “Permanent” cookies | "Permanent" cookies are kept for the time specified in their parameters or until you delete them. They help us remember your settings and preferences to make your next visit more convenient (e.g. not having to re-enter your login information). |
ESSENTIAL AND OPTIONAL COOKIES
| TYPE | DESCRIPTION |
|---|---|
| Necessary cookies | These cookies are installed to provide access to the System and its basic functions, and therefore do not require your consent. Without the necessary cookies, we would not be able to provide you with the services of the System. |
| Optional cookies | We only use these cookies if you agree to them. They may be used, for example, for our analytical and advertising purposes. |
5.4. We use our own cookies and those of our trusted partners. We work with analytics providers and tools, such as Google Analytics, to better understand how the System works. Please refer to their privacy policies for details on how they process your data.
COOKIE SETTINGS MANAGEMENT
5.5. You can also manage cookies by changing your browser settings. You can find detailed information about this at the links below.
6.1. In order to better understand your behavior on the System, we work with the analytics tool providers described in the table below.
| TOOL | PURPOSES OF DATA PROCESSING BY GOOGLE | DETAILED INFORMATION |
|---|---|---|
| Google Analytics |
| https://www.google.com/intl/pl/policies/privacy/partners |
| Google Firebase Analytics |
| https://firebase.google.com/policies/analytics |
7.1. We transfer your data to other parties to ensure performance and the highest level of service, or when we have a legal obligation to do so:
7.1.1. Merchants — in order to properly perform the contract, we share the User's data with the Merchant at whose site the User has logged into the System;
7.1.2. Third-party service providers — we use third-party service providers to help us maintain and provide certain solutions related to the System. These are, for example, providers responsible for operating IT systems, accounting or legal service providers, marketing agencies. They process data according to our instructions, only to the extent indicated by us;
7.1.3. Law enforcement, regulatory authorities and others — we may disclose selected information about you to competent authorities or third parties who make such a request. We will do this in accordance with the law.
8.1. We transfer personal data outside the EEA only when necessary. We provide the level of protection required by the GDPR. To this end:
8.1.1. we cooperate with data processors in countries for which the European Commission has issued a decision stating the assurance of an adequate level of data protection;
8.1.2. we use standard contractual clauses issued by the European Commission;
8.1.3. we apply binding corporate rules that have been approved by the relevant supervisory authority.
8.2. You can request additional information about data transfers outside the EEA and obtain a copy of the protection measures adopted by writing to us at support@simply.in or to our mailing address.
9.1. We treat all personal data as confidential and store it on secure servers. Only those who should have such access have access to the data.
9.2. We conduct audits and internal inspections on an ongoing basis to ensure that we have measures in place to ensure compliance with international security standards and internal procedures.
9.3. When we secure access to the System with a one-time code (or when you use such an option), you are obliged to keep this code confidential and not share it with third parties.
10.1. As we process your data, you have the following rights:
10.1.1. The right to access your data — you can check whether we process your data, and if so, you can get a copy;
10.1.2. The right to rectification — you can request the correction of incomplete, false or outdated data;
10.1.3. The right to erasure of data — on this basis you can request the deletion of data that are no longer necessary for any of the purposes for which they were collected;
10.1.4. The right to restrict processing — on this basis, we stop performing operations on your data - except for operations you have consented to - and storing them in accordance with accepted retention rules or until the reasons for restricting processing cease to exist (e.g., the supervisory authority issues a decision that permits further processing);
10.1.5. The right to data portability — in exercising this right, we will provide you or the person you designate with your data. However, you have this right only to the extent of data processed on the basis of consent or in the performance of a contract, and the processing is carried out by automated means (in IT systems);
10.1.6. The right to object to processing — applies when we process your data on the basis of a legitimate interest. You can object on grounds related to your particular situation, when in your opinion the processing affects your rights or freedoms. You can also always object to processing for direct marketing purposes;
10.1.7. The right to withdraw consent — if you have given us consent to process some of your data, you have the right to withdraw it at any time. Withdrawal of consent does not affect the lawfulness of the processing that was carried out before its withdrawal;
10.1.8. The right to complain — you have the right at any time to file a complaint to the competent supervisory authority. In Poland, such authority is the President of the Office for Personal Data Protection, 2 Stawki Street, 00-193 Warsaw.
10.2. You can submit a request for the exercise of rights to support@simply.in or to our mailing address.
10.3. If we are unable to identify you based on the request, we will ask for additional information. You do not have to provide them, however, in that case we will refuse to fulfill the request.
10.4. We will respond within a month. If we have to extend this deadline, we will inform you of the reasons.
11.1. You can write to us at support@simply.in or to our mailing address.
12.1. We review and update the Privacy Policy on an ongoing basis. Its current version is effective as of the date indicated at the top of the page.
