I. Preliminary provisions
Portal Odealo.com (hereinafter Portal) is run by ODEALO Spółka z ograniczoną odpowiedzialnością Spółka komandytowa (Portal Owner), headquartered in Kraków, to allow users of the Portal to trade virtual objects with the use of Credits and to provide services connected with these transactions. Through the Portal, the User can purchase from the Portal Owner marketing services related to the promotion and advertising of offers put up by the User.
In accordance with the provisions of Article 7 of the Act of 29th August 1997 on the protection of personal data (Journal of Laws of 2016.922) (hereinafter: Act), whenever refers to:
Personal data - means all information relating to an identified or identifiable natural person;
Database of personal data - shall mean a set of personal data accessible according to specific criteria, regardless of whether the set is distracted or divided functionally;
Data processing - means all the operations performed upon personal data (including collection, recording, storage, organization, alteration, disclosure, and erasure), especially those performed in the computer systems;
Computer system - shall mean set of equipment, programs, procedures, information processing and software tools cooperating with each other and used to process the data;
Securing data in a computer system - shall mean the implementation and operation of appropriate technical and organizational measures to ensure the protection of data against unauthorized processing;
Data removal - means the destruction of personal data or modifying it in such a way that it will not be possible to establish the identity of the data subject;
Data Administrator - means the Portal Owner, deciding on the purposes and means of the processing of personal data;
User - shall mean a natural person completing trade transactions that are possible via the Portal;
User Account - a collection of personal data made available to the Data Administrator, which allows, depending on the level of authorization, to make transactions via the Portal, to entrust funds for safekeeping, and to withdraw those funds;
Approval of the user subject to the data - shall mean a declaration of will, representing the processing of personal data of whom such a declaration is made; it is not permissible to agree tacitly or at presumption; the consent may be revoked at any time;
Recipients of data - means anyone who is provided with personal data, except for:
the person to whom the data relate,
a person authorized to process the data,
state bodies or local government bodies to whom the data are disclosed in connection with legal proceedings,
Authorized person to process personal data - a person authorized by the data administrator to settle disputes between the Users, indicated in the Terms of Service;
Credits - (abbreviation "CR") means of payment issued by the Portal Owner in order to make payment transactions through the portal between his Users;
Terms of Service – terms of services of Portal Odealo.com;
GDPR - the EU general data protection regulation 2016/679;
Collection of users’ data after entering into the register of data sets processed by the Portal Odealo.com is run by ODEALO Spółka z ograniczoną odpowiedzialnością Spółka komandytowa, headquartered in Kraków;
Access to the register and User's personal data can be made at the Company's headquarters, or upon direct request made by the User through Email, post or private message within the Portal;
In case of concerns related to the processing of personal data within the Portal, the User has the right to fill a complaint with the supervisory body, which is the President of the Personal Data Protection Office (address: President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, Poland; website: https://uodo.gov.pl/en)
II. Acquisition, collection, and processing of Users’ personal data
User, in order to register their Account, shall complete the form on the Portal, stating: their e-mail address, account name, and password to log on to it. After registration, the User receives an email with a confirmation of the Account registration.
After registration of the Account, the User can obtain the following levels of authorization, filling a form on the portal website. Each level of authorization involves obtaining by the User rights to perform, under the Use and the Trust Agreements, the specified below actions. In order to reach a new level of authorization, the User provides the personal data and/or provides proof of identity and/or other desired form, whereby:
Created User Account is designed to allow contacts between the Users and make transactions via the Portal using the Credits as means of exchange.
The users may be able to share willingly other personal information via the Portal, at their sole responsibility. Providing information between the users takes place at their own responsibility.
The provisions of this chapter are not in contrary to the requirements related to the processing of personal data imposed on the Portal Owner on the basis of the applicable provisions of law, the Users agree to adhere to them.
the first level of authorization - the User provides their name and address; the level allows the purchase of goods via the Portal with the payments(deposits) limit of 20(twenty) Credits per day, a total of 200(two hundred) Credits a month, entrusting cash for safekeeping, to submit offers without their value limit;
the second level of authorization – entering the User’s mobile phone number - the payments(deposits) limit is increased to 50(fifty) Credits per day, a total of 500(five hundred) Credits per month, User receives the right to make withdrawals of funds entrusted for safekeeping within the Portal, on the User’s account opened at the payment portals including PayPal, Skrill and other payment operators indiciated by the Portal Owner on the principles defined in § 26 paragraph. 9 of Portal's Terms of Service;
the third level of authorization - attained by confirmation of personal data provided during the first authorization level by sending a copy of User's ID with a photo, and a copy of any other government-issued document that contains the User’s address - the payments(deposits) limit is increased to 100(one hundred) Credits per day, a total of 1,000 (one thousand) Credits per month;
the fourth level of authorization - attained by further confirmation of data provided during the first authorization level, by sending a copy of credit card or bank account statement (image should include only such contents of the credit card, bank statement or other forms of verification approved at the user’s request by the Portal Owner, which allow specifying the ownership of the specified payment method) - the payments(deposits) limit is increased to 500(five hundred) Credits per day, a total of 2,500 (two thousand five hundred) Credits per month;
the fifth level of authorization - individual verification made by the Portal Owner on the basis of available data of the User including the length of time of the use the Portal - no payments(deposits) limits made via the Portal.
The Portal Owner is entitled to keep information such as, among others, personal details and contact details, which are necessary to conclude the transaction between the Users, messaging, communications and payments. Additional information to be included in offers are provided by the users on their own responsibility.
The Portal Owner is empowered to collect data needed to implement users’ requests in contact with the Portal support services. The contact with the user will also be possible by using the contact information provided by them when registering the User Account.
The Portal Owner automatically acquires and records the data transmitted to the server by web browsers or other equipment used by the user. These data include IP address parameters of the software and hardware, pages viewed, identification number of the used computer equipment, as well as any other information regarding the use of the website.
The Portal has the right to supplement the users’ data with additional information lawfully obtained from business partners and other external entities.
III. Use of personal data
The Portal Owner has the right to use the acquired from the users and collected by the Portal personal data in order to:
Provide the users with services, understood among others as establishing and managing User Account, solving technical problems and enabling the use of additional functions;
Monitoring the activity of Users understood among others as the posting of offers, profiled data management and other activities necessary to make full use of the Portal;
Communicate with the users (mainly by phone or by e-mail) for the purposes related to the provision of services, users’ support, allowed marketing activity;
Conduct research and analysis aimed at improving the functioning of the Portal;
Storage of personal data collected by the Portal Owner is held exclusively for the implementation of these business objectives;
Personal data collected by the Portal Owner is stored indefinitely, with the exception of personal data requested for removal, personal data related to Users who closed their User Accounts and/or terminated the Use Agreement with the Portal Owner. Such data is stored for up to 6 months from the most recent User's transaction via the Portal, in case a dispute or complaint may arise.
IV. Use of cookie files
The Portal Owner is empowered to collect, within the Portal, data via technologies such as cookies, tracking pixels or other objects shared locally. Cookies are text files that store data locally on Users' computer, mobile phone or other devices. Tracking pixels are small images that are part of the website, which allow the server to measure, among others, number of viewers of a web page and are often used in conjunction with cookies. The website's source code keeps track of whether and when (and on what page) tracking pixel is loaded, providing the information that you have viewed all or certain part of the page.
Through cookies, certain information including preferences and settings of Users' computer, mobile phone or other devices, is stored locally on the Users' device and is loaded during Users' future visits to the website.
The Portal Owner may enable third parties using the Portal for the purpose of promotion and advertising of goods or services, to collect information using the above technologies directly on the websites. The collected data are subject to the privacy policies adopted by these parties.
V. Extending of users’ personal data
The Portal does not provide personal information to external entities, except when:
The data is requested by public authorities in order to combat fraud and abuse in online trade;
The Portal Owner undertakes not to rent and sell the acquired users’ personal data. However, in the case of a restructuring or sale of the Portal, the new owner becomes the administrator of the personal data, resulting in the continuation of the services within the Portal.
It is permissible to share anonymized (not allowing to identify the individuals) users' data to external service providers and research agencies to improve the quality and efficiency of services or to take part in scientific research bringing significant social benefit.
The User, who is party to a transaction carried out through the Portal, has a right to access to their personal information made available to a contractor. They can improve and control their processing in accordance with the provisions of the Act on the Protection of Personal Data. The User, realizing the right to control the processing of their personal data, is entitled to demand the cessation of data processing by the counterparty. Such a request should be made in writing and include the reasons.
User may object to the processing of their personal data or request its removal.
VI. Control and modification of the data by a User
User who opened the User Account is entitled to access, edit or remove their personal data in accordance with the GDPR regulations;
By providing personal data, User declares that they are correct and true;
User may access and view their personal data in the User Settings sub-page on the User's Account page;
Edition and removal of the data can be made upon direct request by the User. Such request shall be sent to the data administrator by email, private message via the Portal, or other means of contact indicated in § 27 of the Terms of Service;
Data prior to edition or removal is stored for up to 6 months from the most recent User's transaction via the Portal, in case a dispute or complaint may arise.
All collected through the Portal personal data is protected by technical and organizational measures, as well as by safety procedures designed to protect against access by unauthorized persons and against unauthorized use.
The Portal Owner may share information that does not identify specific users to trusted third parties in order to, among others, a better understanding of the attractiveness of advertising and services to users, improve the overall quality and efficiency of services provided by the Portal Owner or mentioned entities.
VIII. Change of provisions