Back to home

Privacy Policy

Last updated: November 14, 2025

1. General Information

The data controller within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) is:

Maciej Górski
Sole Proprietorship
Tax ID (NIP): 8952247433
Business Registry (REGON): 523214590
Contact email: kontakt@voucherownia.pl

2. Scope and Purpose of Data Processing

We process the following categories of personal data of our Customers (sellers/businesses):

  • Identification data: first name, last name, email address, phone number
  • Business data: company name, tax ID, business registry number, registered address
  • Login data: email address, password (in encrypted form)
  • Technical data: IP address, browser data, device information
  • Transaction data: information about sold vouchers, transaction values

Personal data is processed for the following purposes:

  • Providing the voucher sales platform service (legal basis: performance of contract - Art. 6(1)(b) GDPR)
  • Communication with the Customer (legal basis: legitimate interest of the Controller - Art. 6(1)(f) GDPR)
  • Commission and payment settlement (legal basis: performance of contract - Art. 6(1)(b) GDPR)
  • Compliance with legal obligations, particularly tax and accounting (legal basis: legal obligation - Art. 6(1)(c) GDPR)
  • Direct marketing of own products and services (legal basis: legitimate interest of the Controller - Art. 6(1)(f) GDPR)

3. Data Recipients

Personal data may be shared with the following categories of recipients:

  • Stripe, Inc. - payment processing (payment operator)
  • Supabase, Inc. - database hosting and user authentication
  • IT service providers - hosting and technical infrastructure
  • Courier companies - for delivery of physical vouchers
  • Public authorities - to the extent required by law

4. Transfer of Data to Third Countries

Some of our service providers (particularly Supabase and Stripe) may process data on servers located outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards, including standard contractual clauses approved by the European Commission.

5. Data Retention Period

We retain personal data for:

  • The period necessary to perform the contract and comply with legal obligations (particularly tax obligations - 5 years from the end of the tax year)
  • Until consent is withdrawn (in case of processing based on consent)
  • Until a valid objection is raised (in case of processing based on legitimate interest)

6. Rights of Data Subjects

Every person whose data we process has the right to:

  • Access their personal data (Art. 15 GDPR)
  • Rectification of data (Art. 16 GDPR)
  • Erasure of data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Withdraw consent at any time (Art. 7(3) GDPR)
  • Lodge a complaint with a supervisory authority - President of the Personal Data Protection Office

7. Data Security

We implement appropriate technical and organizational measures to ensure the security of processed data, including:

  • Connection encryption (SSL/TLS)
  • Password encryption
  • Regular backups
  • Access control to data
  • System security monitoring

8. Cookies

Our website uses cookies. Detailed information can be found in our Cookie Policy.

9. Changes to Privacy Policy

We reserve the right to make changes to this privacy policy. We will inform about any changes on the website and, if necessary, by email.

10. Contact

For matters related to personal data protection, please contact us at: kontakt@voucherownia.pl