Privacy and Personal Data Protection Policy

Identification and Contact Data In the process of account registration and identity verification, we collect information such as first name, last name, email address, phone number, and exact date of birth. Age verification is an absolute legal requirement in Poland – access to the platform is permitted only for persons over 18 years of age. This data is necessary to create a secure profile and ensure authorized access to services.

Technical Data and System Logs We automatically record data such as IP address, device type, operating system, browser version, and unique hardware identifiers. This information is critical for monitoring platform stability, preventing cyberattacks, and optimizing content display according to the technical specifications of the user's end device.

Activity and Transaction Data We process information about the way the service is used, login sessions, time spent in specific sections, and the status of performed technical operations. When using services requiring settlements, we process data on payment status through certified external entities.

Personal data processing processes are based on the following legal foundations:

• Performance of a contract: When data is necessary to provide services requested by the user under the terms and conditions.
• Legal obligation: When Polish regulations impose on us the obligation to verify identity, age, or report specific events.
• Legitimate interest: For the purpose of ensuring network cybersecurity, detecting fraud, and improving the platform's analytical tools.
• User consent: In the case of voluntary additional services, such as subscription to informational messages.

The collected data is used solely for proper management of the user's account, ensuring efficient technical support, analyzing service performance for the purpose of introducing ergonomic improvements, and protection against cyber threats. Data may also be used to fulfill regulatory requirements regarding operational transparency in Poland.

We store personal data only for the period necessary to achieve the purposes for which it was collected, or for the time required by Polish law (e.g., tax obligations or statute of limitations for claims). After this period, the data is permanently and securely deleted from our servers or subjected to an anonymization process that prevents re-assignment of the information to a specific natural person.

We never sell or rent our users' data to commercial entities. Data may be transferred only to trusted technical service providers (e.g., cloud server operators, cybersecurity companies) who act on our order under strict data processing agreements. In situations provided for by law, we may be obliged to disclose data to state authorities in Poland.

Most processing operations take place within the European Economic Area. In cases where our technical partners are located outside the EEA, we apply appropriate legal safeguards, such as Standard Contractual Clauses approved by the European Commission, to guarantee a level of data protection consistent with GDPR standards.

We apply advanced solutions to protect data against loss, unauthorized access, or modification. Our protocols include SSL/TLS connection encryption, intrusion detection systems, and restrictive access control for authorized technical personnel, based on the principle of least privilege.

In accordance with the regulations, every user has the right to access their data, rectify it, delete it ("right to be forgotten"), restrict processing, and transfer data to another controller. The user also has the right to object to processing based on legitimate interest.

To exercise your rights or obtain additional explanations, please contact our data protection team at: [email protected]. We treat every inquiry as a priority and respond within the deadlines provided by Polish law.

This policy is regularly reviewed and updated to adapt it to changes in law and technology. Any changes will be published in this section.