PRIVACY POLICY

1. SOME BASIC CONCEPTS

  • 1.1. Administrator – the data administrator is us: Simply.In sp. z o.o. with its registered office in Łódź (ul. Bratysławska 10/26, 94-040 Łódź), entered in the register of entrepreneurs of the National Court Register under the KRS number: 0001031339, REGON: 525060145, NIP: 7272868199, share capital: 150,000 PLN.
  • 1.2. Personal data – all information that independently or in conjunction with other information allows the identification of a person directly (e.g., email address) or indirectly (e.g., website activity).
  • 1.3. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  • 1.4. User – a natural person using the System.
  • 1.5. Merchant – a natural person, an organizational unit without legal personality, or a legal person who has entered into a cooperation agreement with us.
  • 1.6. System – the Simply.In software we provide, which enables data to be remembered during online shopping and facilitates purchases, available in the Simply.In mobile application or on the website at https://simply.in.
  • 1.7. Terms and Conditions – the Simply.In Service Terms and Conditions available at https://simply.in/terms-b2c.

2. WHAT DATA DO WE PROCESS

  • 2.1. We collect the data necessary to provide electronic services, as well as information about your activity. Detailed rules and purposes of data processing are described below.
  • 2.2. When using certain services or forms, you may provide additional data. Providing them is voluntary – it is not necessary to use the service. We inform about this, e.g., by marking mandatory fields. Supplying data marked as “mandatory” is also voluntary, however, not providing them will result in the inability to use part or all of the services we offer.
  •  

3. WHY DO WE PROCESS DATA

use of the system by users

  • 3.1. To provide the User with services in the System, we process their identification and contact data, including: first name, last name, phone number, email address, home address, date of birth. With the User’s consent, to authorize the transaction, we may also process biometric data such as fingerprints or face scan.
  • 3.2. As part of operating and maintaining an account in the System, we process data relating to this account, including the date of account creation and the history of actions taken in it, such as transactions performed.
  • 3.3. We process this data for the purposes described in the table below.
PURPOSES OF PROCESSINGLEGAL BASIS FOR PROCESSINGDATA RETENTION PERIOD
Provision of services related to account creation and operation Necessity of processing for the performance of a contract (Art. 6(1)(b) GDPR) Until the account is closed
Transaction authorization User's consent (Art. 6(1)(a) GDPR in conjunction with Art. 9(2)(a) GDPR) Until consent is withdrawn
Analysis of User activity in the SystemAdministrator's legitimate interest (Art. 6(1)(f) GDPR), which involves analyzing User activity and preferences to improve Until the account is closed or until the User effectively objects (no later than the end of the year following 3 years
of the provided functionalities and services.
To the extent that cookies are used for analysis – User's consent (Art. 6(1)(a) GDPR). 		from the end of service provision).
When acting based on User's consent – until it is withdrawn or data loss of utility.
Optimization of functionalities based on User's geolocationUser's consent (Art. 6(1)(a) GDPR) Until consent is withdrawn or data loss of utility.
Completing forms on behalf of the UserNecessity of processing for the performance of the Agreement, if the User has authorized us (Art. 6(1)(b) GDPR)Until the service provision ends or until the authorization is withdrawn by the User

USE OF THE SYSTEM BY MERCHANTS AND THEIR REPRESENTATIVES

  • 3.4. To provide services in the System to a Merchant who is a natural person, we process their identification and contact data, including: first name, last name, company name, phone number, email address, home address, NIP.
  • 3.5. To provide services in the System to a Merchant who is not a natural person, we process the identification and contact data of the person representing them, including: first name, last name, company name, phone number, email address, home address, position/function.
  • 3.6. We process this data for the purposes described in the table below.
PURPOSES OF PROCESSINGLEGAL BASIS FOR PROCESSINGDATA RETENTION PERIOD
Provision of System access service to the Merchant Necessity of processing for the performance of the contract (Art. 6(1)(b) GDPR) – for Merchants who are natural persons.
Administrator's legitimate interest (Art. 6(1)(f) GDPR), which involves the proper execution of 		For the duration of the System access contract (in the case of processing based on Art. 6(1)(b) GDPR).
For the duration of the System access contract or until an effective objection is raised (in
the contract with the Merchant, represented by the person – for Merchants who are not natural persons.the case of processing based on Art. 6(1)(f) GDPR).
Identification of Merchants and their representatives Administrator's legitimate interest (Art. 6(1)(f) GDPR), which involves ensuring reliable identification of counterparties and their representatives.For the duration of the System access contract or until an effective objection is raised
Tax reporting and issuing accounting documents Necessity for the fulfillment of a legal obligation incumbent on the Administrator (Art. 6(1)(c) GDPR in conjunction with relevant tax and accounting regulations)5 years from the end of the calendar year in which the service was performed or the accounting document was issued
Maintaining a continuous business relationship in connection with contract performanceLegitimate interest of the Administrator (art. 6 sec. 1 letter f GDPR), which involves the ongoing execution of the contractFor the duration of the contract for access to the System or until an effective objection is raised
Our internal administrative objectives Legitimate interest of the Administrator (art. 6 sec. 1 letter f GDPR), which involves efficient management of the Administrator's enterpriseFor the duration of the contract for access to the System or until an effective objection is raised

MARKETING AND COMMERCIAL COMMUNICATION

  • 3.7. We use your email address and phone number to send you direct marketing messages (emails, push notifications, SMS, or telephone calls). We only do this when you agree to it by checking the appropriate box during registration or in your account. You can withdraw your consent at any time.
  • 3.8. You can withdraw individual consents in your profile in the System. If you have problems changing the settings, contact us at support@simply.in.
  • 3.9. As part of marketing activities, we process data for the purposes described in the table below.
PURPOSES OF PROCESSINGLEGAL BASIS FOR PROCESSINGDATA RETENTION PERIOD
Sending direct marketing messages via email, push notifications, SMS, or phone callsLegitimate interest of the administrator (art. 6 sec. 1 letter f GDPR) in connection with the expressed consent for a specific marketing communication channelUntil you withdraw consent to receive communications and information (based on electronic communication regulations) or express an effective objection to data processing

other processing purposes

  • 3.10. Personal data that you provide to us by email or phone for contact purposes is processed solely to identify you and respond to you.
  • 3.11. We collect all the information you choose to give us during phone calls or correspondence with us.
  • 3.12. To ensure your convenience and satisfaction with using the System, we continuously develop it. Therefore, we conduct various analyses, tests, and research using information about your activity in the System. We also gather, among others, data about the history of completed transactions.
  • 3.13 To prevent unwanted activities that violate the Terms and Conditions, we collect and analyze various types of data, such as information about your behavior in the System, transaction history, and login data.
  • 3.14 As part of these activities, we process data for the purposes described in the table below
PURPOSES OF PROCESSINGLEGAL BASIS FOR PROCESSINGDATA RETENTION PERIOD
Handling complaints Necessary for the performance of the contract (art. 6 sec. 1 letter b GDPR). Until the inquiry is resolved or for a period specified in legal regulations
Handling data subject requests Legal obligation (art. 6 sec. 1 letter c GDPR) Until the inquiry is resolved or for a period specified in legal regulations
Handling other requests and notifications Legitimate interest of the Administrator (art. 6 sec. 1 letter f GDPR), which involves responding to inquiries regarding its business activities; for data provided optionally, the legal basis for processing is consent (art. 6 sec. 1 letter a GDPR) Until the inquiry is resolved or until you express an effective objection to data processing For data provided optionally - until you withdraw consent
Improvement of service quality and support Legitimate interest of the Administrator (art. 6 sec. 1 letter f GDPR), which involves conducting analyses of System activity to improve and develop functionalitiesUntil we conclude data retention in connection with another active processing purpose, or until you express an effective objection (no longer than 5 years from the end of the year in which we ceased providing services)
Detecting and preventing abuseLegitimate interest of the Administrator (art. 6 sec. 1 letter f GDPR), which involves undertaking actions to prevent unauthorized activities in the System24 months from the account closure or until you express an effective objection

4. HOW LONG WE RETAIN DATA

  • 4.1. The data retention periods are indicated in the tables above. We can extend them if processing is necessary to establish and pursue potential claims or defend against claims. After that period, we retain data only if and to the extent required by legal regulations. When the storage period expires, we irreversibly delete or anonymize the data.

5. COOKIES AND SIMILAR TECHNOLOGIES

  • 5.1 Cookies are small text files stored on the User’s device when using online services. They store, among other things, the User’s visit and settings. They serve various functions, but we primarily use them to enable you to access the System and facilitate your use of services available in the System.
  • 5.2 We also use cookies for analytical and marketing purposes, but only when you consent. You can change or withdraw this consent at any time.
  • 5.3 Cookies are divided into permanent and session cookies—depending on how long they are stored, and into essential and optional cookies—depending on the purposes for which they are used.

PERMANENT AND SESSION COOKIES

TYPE DESCRIPTION
Session cookies Some cookies are temporary files, stored until you log out, leave the page, or close the web browser. These types of cookies help us analyze web traffic, enabling us to identify and troubleshoot technical issues.
“Permanent” cookies “Permanent” cookies are stored for a period specified in their parameters or until you delete them. They help us remember your settings and preferences to make your next visit more convenient (e.g., you won't have to re-enter login data).

ESSENTIAL AND OPTIONAL COOKIES

TYPEDESCRIPTION
Essential cookies These cookies are installed to ensure access to the System and its basic functions, so they do not require your consent. Without essential cookies, we would not be able to provide you with services within the System.
within the System.
Optional cookiesWe only use these cookies when you agree to it. They can be used, for instance, to achieve our analytical and advertising goals.
  • 5.4. We use our own cookies as well as those of our trusted partners. We collaborate with service providers and analytical tools such as Google Analytics to better understand how the System works. Detailed information on how they process your data can be found in their privacy policies.

MANAGING COOKIE SETTINGS

  • 5.5. You can also manage cookies by changing the browser settings. Detailed information on this can be found in the links below.
BROWSERLINK
Internet Explorer https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
Microsoft Edgehttps://support.microsoft.com/pl-pl/microsoft-edge/usuwanie-plik%C3%B3w-cookie-w-przegl%C4%85darce-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefoxhttp://support.mozilla.org/pl/kb/ciasteczka
Google Chromehttp://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
Operahttp://help.opera.com/Windows/12.10/pl/cookies.html
Safarihttps://support.apple.com/kb/PH5042?locale=en-GB

6. WHAT TOOLS DO WE USE

  • 6.1. To better understand your behavior in the System, we cooperate with providers of analytical tools described in the table below.
TOOLGOOGLE DATA PROCESSING PURPOSESDETAILED INFORMATION
Google Analytics
  • Analysis of how you use the System
  • Creating statistics and reports on the operation of the System
https://www.google.com/intl/pl/policies/privacy/partners
Google Firebase Analytics
  • Analysis of User behaviors within the System;
  • Analysis of how Users utilize the System
https://clarity.microsoft.com/privacy

7. TO WHOM WE MAY TRANSFER YOUR DATA

  • 7.1. We transfer your data to other entities to ensure execution and the highest level of services or when we have a legal obligation:
    • 7.1.1. Merchants – To properly execute the contract, we share User data with the Merchant whose site they logged into the System through (they then become the administrator of that User and should provide them with information regarding the rules and purposes of data processing);
    • 7.1.2. third-party service providers – We use third-party services that help us maintain and deliver specific System-related solutions. These are, for example, suppliers responsible for IT system maintenance, entities providing accounting or legal services, marketing agencies. They process data as processors according to our instructions, solely within the scope specified by us;
    • 7.1.3. law enforcement, regulatory and other authorities – We may disclose selected information about you to the relevant authorities or third parties who make such a request. We will do this in accordance with the law.

8. DO WE TRANSFER DATA OUTSIDE THE EEA

  • 8.1. We transfer personal data outside the EEA only when necessary. We provide protection at a level required by the GDPR. For this purpose:
    • 8.1.1. we cooperate with data processors in countries for which the European Commission has issued a decision stating they provide an adequate level of data protection;
    • 8.1.2. we apply standard contractual clauses issued by the European Commission.
  • 8.2. You can request additional information on data transfers outside the EEA and obtain a copy of the adopted protective measures by writing to us at support@simply.in or our mailing address.

9. HOW WE ENSURE DATA SECURITY

  • 9.1. We treat all personal data as confidential and store it on secure servers. Only persons who should have access to the data have access to it.
  • 9.2. We regularly conduct audits and internal controls to ensure that we apply measures that ensure compliance with international security standards and internal procedures.
  • 9.3. When access to the System is secured with a one-time code (or if you use such an option), you are obliged to keep this code confidential and not disclose it to third parties.

10. YOUR RIGHTS

  • 10.1. As we process your data, you have the following rights:
    • 10.1.1. right of access to data – you can check whether we process your data, and if so, you can receive a copy;
    • 10.1.2. right to rectification – you can request the correction of incomplete, false, or outdated data;
    • 10.1.3. right to data deletion – on this basis, you can request the deletion of data that is no longer necessary for any of the purposes for which it was collected;
    • 10.1.4. right to restrict processing – on this basis, we will cease operations on your data – except for operations for which you have consented – and store it in accordance with accepted retention principles or until the reasons for restricting processing no longer apply (e.g., a supervisory authority issues a decision allowing further data processing);
    • 10.1.5. right to data portability – in exercising this right, we will provide you or a person indicated by you with your data. However, you have this right only in respect of data processed on the basis of consent or under the contract, and the processing occurs in an automated manner (in IT systems);
    • 10.1.6. right to object to processing – applies when we process your data on the basis of a legitimate interest. You can object for reasons related to your particular situation, where you believe that the processing affects your rights or freedoms. You can always object to the processing of data for direct marketing purposes;
    • 10.1.7. right to withdraw consent – if you have given us consent to process some of your data, you have the right to withdraw it at any time. Withdrawing consent does not affect the lawfulness of processing carried out prior to its withdrawal;
    • 10.1.8. right to lodge a complaint – you have the right at any time to lodge a complaint with the appropriate supervisory authority. In Poland, this authority is the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.
  • 10.2. You can submit a request to exercise your rights at support@simply.in or to our correspondence address.
  • 10.3. If we cannot identify you based on your request, we will ask for additional information. You do not have to provide it, but in such a case, we will refuse to process the request.
  • 10.4. We will respond within a month. If we need to extend this period, we will inform you of the reasons.

11. HOW YOU CAN CONTACT US

12. PROFILING AND AUTOMATED DECISION-MAKING

  • 12.1. Within the System, we will not profile Users, and Users (including Merchants) will not be subject to automated decision-making processes.

13. CHANGES TO THE PRIVACY POLICY

  • 13.1. We continuously review and update the Privacy Policy. Its current version is effective from the date indicated at the top of the page.

Table of Contents

Other documents