Privacy Policy

Updated: November 05, 2025

Welcome to data-loyalty.com (“Data Loyalty”, “we”, “us”, or “our”). This Privacy Policy ("Policy") outlines the principles and practices we adhere to in the collection, use, processing, and protection of your personal data in strict compliance with the EU General Data Protection Regulation ("GDPR") and the Data Protection Act 2018.

Please read this Policy carefully, as it provides a detailed explanation of our practices and your rights concerning your personal data. By engaging with our services, you acknowledge that you have read and understood the terms of this Policy, and you agree to the collection and processing of your data as described herein. If you have any questions or require further clarification, we encourage you to contact us at the details provided below.

Data controller responsible for the processing of your personal data under this Policy is Data Loyalty sp. z.o.o., a company registered in Poland (NIP number: 5214137348), with its registered office at str. WINCENTEGO RZYMOWSKIEGO 53, 02-697 WARSAW, district WARSAW, commune WARSAW, province MAZOWIECKIE. As the data controller, we are responsible for deciding how and why your personal data is processed, ensuring that all such activities are carried out in strict accordance with applicable data protection laws. Our responsibilities as the data controller include determining the purposes for which your personal data is collected, the means by which it is processed, and ensuring that all necessary measures are in place to protect your data throughout its lifecycle. We are committed to maintaining the highest standards of data security and to safeguarding your rights under the law.

For inquiries, feedback, or support regarding the processing of your personal data, you may contact us at [email protected].

Data Provision

To provide access to certain features and functionalities of our services, we must collect specific personal data. Such required information will be clearly indicated at the time of collection. Without this data, we may be unable to deliver some or all of our services.

Other types of personal data are optional and not essential for the core functionality of our services. Choosing not to provide optional information will not restrict your ability to use the main features of our platform.

You may review, update, or modify optional data at any time through your account settings. If you are uncertain which data fields are mandatory or optional, or if you require assistance in managing your personal information, please contact us for guidance.

Methods of Collecting Personal Data

We collect personal data through various methods, including but not limited to:

  1. Direct interactions: when you register for our services, create an account, contact us, or otherwise communicate and engage with our platform.
  2. Automated data collection: when you use our website, we automatically gather certain technical information through cookies and similar tracking tools. For more information, please review our Cookie Policy.
  3. Third-party and external sources: we may receive information from external providers (e.g., payment processors), public databases, or governmental bodies, where legally permissible.

Personal Data Categories that We Process

We may collect, store, and process the following categories of personal data:

  1. Contact Information: such as your name, email address, phone number, postal address, and other communication details.
  2. Account Information: including your profile ID, login data, passwords, activity logs, preferences, settings, and any content you upload or associate with your account.
  3. Identity Data: such as your full name, date of birth, and details from official identification documents (e.g., passport or ID card), required for verification purposes.
  4. User-Generated Content: text, images, or other materials that you create, upload, or share through our platform.
  5. Company and Representation Data: information about your company or business activities, including company name, registration number, VAT number, and registered address.
  6. Legal and Compliance Data: details necessary to meet legal and regulatory requirements, such as AML, CTF, and KYC obligations.
  7. Transaction Data: information about your purchases, payment history, invoices, billing details, and account balance.
  8. Payment Data: bank account details, credit or debit card information, and other financial data necessary for payment processing.
  9. Communication Records: transcripts or logs of interactions with us, including emails, chats, or call records.
  10. Marketing Information: details on your marketing preferences, participation in promotional programs or surveys, and engagement with marketing materials.
  11. Technical Information: device identifiers, IP addresses, browser type, operating system, cookie data, and analytics information.
  12. Customer Support Data: information about your inquiries, complaints, or support requests.

If you require clarification about the categories of personal data we collect or their intended use, please contact us. We are committed to maintaining transparency and helping you understand how your information is processed.

Legal Grounds and Purposes of Processing Personal Data

We process your personal data for multiple purposes, each supported by a specific legal basis in accordance with applicable data protection laws:

  1. Account Administration: create, manage, and maintain your user account. (Legal Basis: Performance of a contract)
  2. Service Delivery: provide services you requested. (Legal Basis: Performance of a contract)
  3. Identity Verification: protect your account against unauthorized access. (Legal Basis: Compliance with a legal obligation; Legitimate interests)
  4. Regulatory Compliance: meet AML, CTF, KYC obligations. (Legal Basis: Compliance with a legal obligation; Performance of a public task)
  5. Order Processing: manage and fulfill orders. (Legal Basis: Performance of a contract)
  6. Transaction Management: oversee and execute transactions. (Legal Basis: Performance of a contract; Legitimate interests)
  7. Risk and Compliance Management: evaluate and mitigate operational risks. (Legal Basis: Performance of a contract; Compliance with a legal obligation; Legitimate interests)
  8. Customer Communication: communicate regarding your account. (Legal Basis: Performance of a contract; Legitimate interests)
  9. Marketing Activities: send marketing materials. (Legal Basis: Consent; Legitimate interests)
  10. Fraud and Abuse Prevention: detect fraudulent activities. (Legal Basis: Compliance with a legal obligation; Legitimate interests)
  11. Data and System Security: protect systems and data. (Legal Basis: Performance of a contract; Compliance with a legal obligation; Legitimate interests)
  12. Technical Assistance: resolve technical issues. (Legal Basis: Performance of a contract)
  13. Service Enhancement: improve services. (Legal Basis: Legitimate interests)
  14. Legal and Dispute Management: handle legal proceedings. (Legal Basis: Performance of a contract; Compliance with a legal obligation; Legitimate interests)

Data Security

Protecting the confidentiality and integrity of your personal data is a top priority. We apply a comprehensive set of technical and organizational measures to safeguard your information from unauthorized access, alteration, disclosure, or loss. These measures include:

  1. Encryption: advanced encryption protocols are used to protect your data during transmission and storage, preventing unauthorized access.
  2. Access Control: Data access is restricted to authorized personnel based on their role and responsibilities, minimizing potential misuse.
  3. Regular Security Audits: We conduct periodic audits and risk assessments to identify and address vulnerabilities, updating our systems in line with evolving threats.
  4. Secure Infrastructure: Personal data is stored in secure environments equipped with firewalls, intrusion detection systems, and certified data centers meeting recognized security standards.
  5. Trusted Third Parties: We engage only with service providers who adhere to strict security requirements, including compliance with the Payment Card Industry Data Security Standard (PCI DSS) where applicable. Ea

Your active participation also plays a key role in protecting your personal data. We recommend that you:

  • Use strong, unique passwords and update them regularly.
  • Enable two-factor authentication (2FA) wherever possible.
  • Avoid using public Wi-Fi networks for sensitive activities.
  • Keep your devices and software up to date.
  • Monitor your account for unusual activity and report any suspicious behavior immediately.
  • Stay cautious of phishing attempts and verify any request for personal information.

If you have any concerns or questions regarding the security of your data, please contact us. Working together helps ensure that your information remains protected at all times.

Data Sharing

We may share data with trusted third-party service providers or authorities as required by law. We do not sell personal data. All transfers comply with legal requirements and data protection standards.

Additionally, we may disclose information to competent authorities or regulators where required by law. We do not sell personal data to any third parties. All data sharing is conducted in compliance with applicable legal requirements and with appropriate safeguards to protect your privacy.

International Data Transfers

Your personal data may be transferred to countries outside Poland and the European Economic Area (EEA) when necessary for the provision of our services. In such cases, we ensure that appropriate safeguards are in place to protect your data in accordance with the requirements of the General Data Protection Regulation (GDPR).

These safeguards may include the use of:

  • Standard Contractual Clauses (SCCs) adopted by the European Commission,
  • Binding Corporate Rules (BCRs), or
  • Other legally recognized transfer mechanisms ensuring adequate protection of personal data.

If the European Commission has issued an adequacy decision confirming that a non-EEA country ensures an adequate level of data protection, the transfer will take place on that basis.

These measures guarantee that your personal data remains secure and protected, regardless of the country where it is processed.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. The retention periods for different categories of data may vary. For example, data needed to comply with legal obligations is usually retained for a period of five years, with possible extensions if required by law. Data that may be relevant to potential legal claims is typically kept until the expiration of the statutory limitation period, which generally does not exceed ten years. After the relevant retention period has passed, we securely delete or anonymize your data to protect your privacy. If you have any questions about our data retention practices, please do not hesitate to contact us. We are committed to transparency and to ensuring that your privacy is fully safeguarded.

Your Data Subject Rights

As a data subject under the data protection laws, you are entitled to exercise the following rights concerning your personal data:

  1. Right of Access: You have the right to request access to your personal data and obtain a copy of the information we hold about you.
  2. Right to Rectification: You are entitled to request the correction of any inaccurate or incomplete personal data we hold about you.
  3. Right to Erasure: You may request the deletion of your personal data, subject to certain legal obligations and limitations.
  4. Right to Restrict Processing: Under specific circumstances, you may request that we restrict the processing of your personal data.
  5. Right to Object: You have the right to object to the processing of your personal data where it is based on our legitimate interests or is used for direct marketing purposes.
  6. Right to Data Portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format, and you may also request that we transfer this data to another data controller where technically feasible.
  7. Right to Withdraw Consent: Where the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

    8. To exercise any of these rights, please contact us using the contact details provided in this document. Upon receiving your request, we will inform you of any such limitations and the outcome of your request. Additionally, we may require you to provide sufficient information to verify your identity before we can process your request to ensure the security of your data.

    Automated Decision-Making

    We do not engage in automated decision-making, including profiling that produces legal effects or similarly significantly affects you.

    Children’s Privacy

    Our services and website are intended solely for individuals aged 18 and over. We do not knowingly collect, process, or retain personal data from anyone under the age of 18. Should we discover that personal data has been inadvertently collected from a minor, we will act promptly to erase such data from our systems. If you are a parent or legal guardian and believe that your child under 18 has provided us with personal information, please contact us without delay so we can investigate and ensure the prompt removal of any such data in accordance with applicable data protection laws.

    User-Generated Content

    When using our services, you may have the option to upload or share various types of information, including content that may be sensitive or confidential. To help protect your privacy and ensure the secure handling of your data, we recommend the following best practices:

    1. Use Discretion: Carefully consider the nature and sensitivity of any information you choose to upload or share. Only p
    2. Exercise Caution with Sensitive Data: Take particular care when submitting sensitive or confidential information, such as personal, financial, or protected data. Sensitive data requires heightened attention to prevent unauthorised access or misuse.
    3. Limit Disclosure: Share only the information that is strictly relevant and required for your intended purpose. Avoid providing unnecessary or excessive details to reduce potential privacy risks.
    4. Accept Responsibility: You are solely responsible for the content and nature of the information you disclose through our services. Please ensure you understand the potential implications of sharing sensitive data and make informed decisions accordingly.

    By uploading or submitting any data through our services, you acknowledge and accept responsibility for the information you provide. While we are committed to maintaining robust security measures to protect your data, the ultimate responsibility for the content you share rests with you. If you have any questions or concerns about the type of data you are submitting, please contact us for further guidance.

    Updates to This Policy

    We may update this Privacy Policy from time to time to reflect changes in our data processing practices or to comply with legal requirements. The most recent version of this Policy will always be available on our website, and any significant changes will be communicated to you through appropriate channels. We encourage you to periodically review this Policy to stay informed about how we are protecting your personal data and to ensure you are aware of any updates or modifications.

    Contact Us

    If you have any questions or concerns regarding this Privacy Policy or our data processing practices, please contact us at [email protected].