Privacy Policy and Cookies Policy of Dotpay sp. z o.o. (Court Reg. No. KRS 0000700791), ver.1.1., Applicable as of 19 August 2019.

Personal Data Protection

  1. Processor’s data.

Dotpay sp. z o.o. becomes the processor of the Buyer’s personal data provided by the Merchant (entered by the Buyer in the Merchant’s Store), or provided directly by the Buyer at the payment gateway of Dotpay sp. z o.o. (https://ssl.dotpay.pl/).

In matters related to the processing of personal data Dotpay sp. z o.o. can be contacted by phone at +48 12 688 26 00 or by e-mail at bok@dotpay.pl.

  1. Scope of collected personal data.

The Buyer’s personal data includes at least the email address, however, in some cases it may also be the name, surname, address and IP address. This depends on the manner of the Store’s technical integration (i.e. the Merchant’s website or mobile application where the Buyer has entered into a contract of sale or provision of services or has made a declaration of will resulting in the initiation, cessation or modification of a legal relationship giving rise to the Buyer’s obligation to make payment to the Merchant). Dotpay sp. sp. z o.o. shall be obliged to inform the Buyer about the Buyer’s personal data held.

  1. Legal basis for the processing of personal data.

Personal data is processed by Dotpay sp. z o.o. on the following basis:

  • execution of a single payment service contract which would not be possible without providing the Buyer’s personal data;
  • the provisions of the generally applicable laws imposing upon Dotpay sp. z o.o., as a national payment institution, the right and obligation to process the personal data of Buyers to counteract money laundering and financing of terrorism (the provisions of the Act on Counteracting Money Laundering and Financing of Terrorism of 1 March 2018) and to the extent necessary for the prevention or detection of fraud (the provisions of the Payment Services Act of 19 August 2011, i.e. Journal of Laws 2019.659, as amended);
  • the legitimate interest of Dotpay sp. z o.o. and their business partners consisting in analysis of data to better match offers addressed to Buyers;
  • in the event that personal data is used for marketing purposes (sending commercial information to the email address provided by the Buyer), it is done on the basis of the Buyer’s express and voluntary consent. This consent is not required for Dotpay sp. z o.o. to render the payment service for the Buyer and the Merchant and it may be cancelled by the Buyer at any time without any consequences.
  1. Period of storage of personal data.

The data will be stored and processed for no longer than necessary to achieve and fulfil the above mentioned statutory objectives and obligations. This means that the data stored on the basis of:

  • the contract performance will be kept for a period required for proper performance of the contract and handling of complaints, if any;
  • exercising the rights and obligations arising from the statutory provisions will be kept for a period of at least 10 years after payment. This period is a derivative of the limitation period for fraud and the right and obligation of Dotpay sp. z o.o. to provide such data to the law enforcement authorities;
  • legitimate interests will be kept for the time necessary to achieve the purpose for which it is stored, i.e. better matching of offers addressed to Buyers;
  • consent for marketing purposes, until such consent is withdrawn by the Buyer.

    5. Buyer’s access to data.

The Buyer may request Dotpay sp. z o.o. to provide access to his or her data, correct, transfer. delete and restrict the data processing, subject to the provision that the data can be deleted or restricted only when such deletion or restriction does not breach the above stated obligations of Dotpay stipulated in the statutory provisions of the law.

  1. Providing data to other parties.

In order to carry out the contract and solely to the necessary extent, Dotpay provides the Buyer’s personal data to Intermediary Entities (entities other than Dotpay sp. o.o. through which the Buyer provides Dotpay sp. z o.o. with funds for the purpose of paying the Merchant) that become the independent processors of such data. Depending on the payment method selected by the Buyer, the Intermediary Entities may be the bank holding the Buyer’s account or which has issued the Buyer’s payment card, the card organization, entities operating payment systems (e.g. BLIK), etc. As part of their legitimate interest, Dotpay sp. z o.o. may provide the Buyer’s personal data to third parties involved in data analysis in order to better match offers addressed to Buyers.

       7. Profiling.

In the event of processing of data for marketing purposes, Dotpay sp. z o.o. can use the Buyer’s data for profiling, only to better match the commercial information to the Buyer’s preferences.

  1. The right to file a complaint.

In the event of any objections to the processing of personal data by Dotpay sp. z o.o., the Buyer has the right to file a complaint to the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).

  1. Organizational and technical security measures aimed at limiting the possibility of violating the protection of personal data in Dotpay sp. z o.o.

The personal data of Buyers is stored only on the servers of Dotpay sp. z o.o. using the proprietary software of Dotpay sp. z o.o. Access to personal data is restricted solely to the personnel of Dotpay sp. z o.o. to the extent to which it is required for the performance of their duties and to the minimum necessary extent. This access is also limited also because it is secured by a login and a password and it can be allowed either via VPN or from specific IP addresses.

Cookies

The below stated rules apply to storing and accessing information on the User’s devices using Cookies for services requested by the User and provided electronically by the Processor.

I. Definitions

  1. Processor – means Dotpay sp. z o.o., the provider of electronic services that stores and gains access to information on the User’s devices.
  2. Cookies – mean IT data, in particular small text files, saved and stored on devices through which the User uses the Website pages.
  3. Processor’s Cookies – mean Cookies posted by the Processor, related to the provision of electronic services by the Processor via the Website.
  4. External Cookies – mean Cookies posted by the Processor’s partners via the Website.
  5. Website – means a website or an application used by the Processor to run the Website operating at the domains: dotpay.pl and dotpay.eu.
  6. Device – means an electronic device through which the User gains access to the Website.
  7. User – means the entity for which services can be provided electronically or with which a contract for the provision of electronic services may be executed.

II. Types of cookies used

  1. The Cookies used by the Processor are safe for the User’s Device. It is not possible for viruses or other unwanted software or malware to enter Users’ Devices. These files allow identifying the software used by the User and adjusting the Website individually to each User. Cookies usually contain the name of the domain from which they originate, the storage time on the Device and the assigned value.
  2. The Processor uses two types of cookies:

          a. Session cookies: which are stored on the User’s Device and remain there until the end of a browser session. The saved information is then permanently removed from the Device’s memory. The mechanism of session cookies does not allow collection of any personal data or any confidential information from the User’s Device.

           b. Persistent cookies: which are stored on the User’s Device and remain there until they are deleted. Ending a browser session or shutting down the Device does not delete them from the User’s Device. The mechanism of permanent cookies does not allow collection of any personal data or any confidential information from the User’s Device.

3. The User can limit or disable the storage of and access to cookies on his/her Device. In the event that this option is used, it will be possible to use the Website, except for the functions which require cookies by their nature.

III. Purposes for which Cookies are used

  1. The Processor uses the Processor’s Cookies to:

a. Authenticate the User on the Website and provide the User’s session on the Website:

i. Maintain the Website User’s session (after logging in) whereby the User does not have to re-enter the login and password on every subpage of the Website;

ii. Configure selected Website functions correctly, particularly to verify the authenticity of the browser session;

iii. Optimize and increase the efficiency of services provided by the Processor;

b. Ensure the safety and reliability of the Website.

  1. The Processor uses External Cookies to:

a. collect general and anonymous statistical data using analytical tools:

i. Google Analytics [Cookies Processor: Google Inc. based in the USA];

b. use the interactive features to provide a chat tool:

i. zopim.com [Cookies Processor: Zopim Technologies Pte Ltd. based in the USA].

IV. Possibilities of defining the conditions of storing or accessing Cookies.

  1. The User may on his/her own and at any time change the settings for Cookies, specifying the conditions for storing and accessing Cookies on the User’s Device. Changes to the settings referred to in the previous sentence can be made by the User using the web browser settings or the Website configuration. These settings can be changed in such a way as to block the automatic handling of cookie files in the web browser settings or to inform about each posting of Cookies on the User’s device Detailed information about the possibilities and ways of handling cookies is available in the software (web browser) settings.
  2. The User may at any time delete Cookies using the functions available in the web browser used.
  3. Limiting the use of Cookies may affect some of the functionalities available on the Website.

Basis and purpose of the processing of personal data.

The legal basis for the processing of data is primarily the execution of the agreement entered into by you and Dotpay sp. z o.o. (providing a one-off payment service), which would be impossible without such data. Secondly, the provisions of the generally applicable laws impose upon Dotpay sp. z o.o., as a national payment institution, the right and obligation to process the personal data of Buyers to counteract money laundering and financing of terrorism (the provisions of the Act on Counteracting Money Laundering and Financing of Terrorism of 1 March 2018, Journal of Laws 2018.723, as amended) and to the extent necessary for the prevention or detection of fraud (the provisions of the Payment Services Act of 19 August 2011, i.e. Journal of Laws 2019.659, as amended). Moreover, the basis for processing the data is the legitimate interest of Dotpay sp. z o.o. and their business partners consisting in analysis of data to better match offers addressed to Buyers,

Period of storage of personal data.

Your data will be stored and processed for no longer than necessary to achieve the above mentioned statutory objectives and obligations.

Access to the data

You may request Dotpay sp. z o.o. to provide access to your data, correct, transfer. delete and restrict the data processing, subject to the provision that the data can be deleted or restricted only when such deletion or restriction does not breach the above stated obligations of Dotpay sp. z o.o.

Providing data to other parties.

In order to execute the agreement and only to the extent to which this is necessary, Dotpay sp. z o.o. will provide your personal data to other processors which, depending on the selected method of payment, will be banks, credit card companies, acquirers, payment system operators, etc. As part of their legitimate interest, Dotpay sp. z o.o. may provide your personal data to third parties involved in data analysis in order to better match offers addressed to Buyers.

The right to file a complaint

In the event of any objections to the processing of data you have the right to file a complaint to the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).