Privacy Policy and Cookies Policy of Dotpay sp. z o.o. (Court Reg. No. KRS 0000700791), ver.1.1., Applicable as of 25 May 2018.

Personal Data Protection

  1. Administrator data.

Dotpay sp. z o.o. becomes the administrator of the Buyer’s personal data provided by the Merchant (entered by the Buyer in the Merchant’s Store), or provided directly by the Buyer at the payment gateway of Dotpay sp. z o.o. (

In matters related to the processing of personal data Dotpay sp. z o.o. can be contacted by phone at +48 12 688 26 00 or by e-mail at

  1. Scope of collected personal data.

The Buyer’s personal data includes at least the email address, however, in some cases it may also be the name, surname, address and IP address. This depends on the manner of the Store’s technical integration (i.e. the Merchant’s website or mobile application where the Buyer has entered into a contract of sales or provision of services or has made a declaration of will resulting in the initiation, cessation or modification of a legal relationship giving rise to the Buyer’s obligation to make payment to the Merchant). Dotpay sp. z o.o. is obliged to provide the Buyer with information which specific personal data of the Buyer is held by Dotpay sp. z o.o.

  1. The legal basis for the processing of personal data.

Personal data is processed by Dotpay sp. z o.o. on the following basis:

– execution of a single payment service contract which cannot be carried out with the Buyer’s personal data;

–the provisions of the generally applicable laws imposing on Dotpay sp. z o.o., as a national payment institution, the right and obligation to process the personal data of Buyers to counteract money laundering and financing of terrorism (Articles 8-10 of the Act on Counteracting Money Laundering and Financing of Terrorism) and to the extent necessary for the prevention or detection of fraud (Article 10 of the Payment Services Act);

– in the event that personal data is used for marketing purposes (sending commercial information to the email address provided by the Buyer), it is done on the basis of the Buyer’s express and voluntary consent. This consent is not necessary for Dotpay sp. z o.o. to render the payment service for the Buyer and the Merchant and it may be cancelled by the Buyer at any time without any consequences.

  1. The period of storage of personal data.

The data will be stored and processed for no longer than necessary to achieve the above described statutory objectives and obligations. This means that the data stored on the basis of:

– the contract execution will be kept for a period necessary for proper performance of the contract and handling of complaints, if any;

– exercising the rights and obligations arising from the statutory provisions will be kept for a period of at least 10 years after payment. This period is a derivative of the limitation period for fraud and the right and obligation of Dotpay sp. z o.o. to provide such data to the law enforcement authorities;

– for marketing purposes, until consent is withdrawn by the Buyer.

  1. Buyer’s access to data.

The Buyer may request Dotpay sp. z o.o. to provide access to his or her data, correct, transfer. delete and restrict the data processing, subject to the provision that the data can be deleted or restricted  only when such deletion or restriction does not breach the above stated obligations of Dotpay stipulated in the statutory provisions of the law.

  1. Providing data to other parties.

To carry out the contract and solely to the necessary extent, Dotpay provides the Buyer’s personal data to Intermediary Entities that become the independent administrators of such data. Depending on the payment method selected by the Buyer, the Intermediary Entities may be the bank holding the Buyer’s account or which has issued the Buyer’s payment card, the card organization, entities operating payment systems (e.g. BLIK), etc.

In the case of processing the data for marketing purposes, Dotpay sp. z o.o. can use the Buyer’s data for profiling, only to better match the commercial information to the Buyer’s preferences.

  1. The right to file a complaint.

In the event of any objections to the processing of personal data by Dotpay sp. z o.o., the Buyer has the right to file a complaint to the President of the Personal Data Protection Office.

  1. Organizational and technical security measures aimed at limiting the possibility of violating the protection of personal data in Dotpay sp. z o.o.

The personal data of Buyers is stored only on the servers of Dotpay sp. z o.o. using the proprietary software of Dotpay sp. z o.o. Access to personal data is restricted solely to the personnel of Dotpay sp. z o.o. to the extent to which it is required for the performance of their duties and to the minimum necessary extent.   This access is also limited also because it is secured by a login and a password and it can be allowed either via VPN or from specific IP addresses.



The below stated rules apply to storing and accessing information on the User’s devices using Cookies for services requested by the User and provided electronically by the Administrator.

I. Definitions

  1. Administrator – means Dotpay sp. z o.o., the provider of electronic services that stores and gains access to information on the User’s devices.
  2. Cookies – means IT data, in particular small text files, saved and stored on devices through which the User uses the Website pages.
  3. Administrator’s Cookies – mean Cookies posted by the Administrator, related to the provision of electronic services by the Administrator via the Website.
  4. Website – means a website or an application used by the Administrator to run the Website operating in the domain
  5. Device – means an electronic device through which the User gains access to the Website.
  6. User – means the entity for which services can be provided electronically or with which a contract for the provision of electronic services may be executed.

II. Types of cookies used

  1. The Cookies used by the Administrator are safe for the User’s Device. It is not possible for viruses or other unwanted software or malware to enter Users’ Devices. These files allow identifying the software used by the User and adjusting the Website individually to each User. Cookies usually contain the name of the domain from which they originate, the storage time on the Device and the assigned value.
  2. The Administrator uses two types of cookies:
  3. Session cookies: which are stored on the User’s Device and remain there until the end of a browser session. The saved information is then permanently removed from the Device’s memory. The mechanism of session cookies does not allow collection of any personal data or any confidential information from the User’s Device.
  4. Persistent cookies: which are stored on the User’s Device and remain there until they are deleted. Ending a browser session or shutting down the Device does not delete them from the User’s Device. The mechanism of permanent cookies does not allow collection of any personal data or any confidential information from the User’s Device.
  5. The User can limit or disable the storage of and access to cookies on his/her Device. If this option is used, it will be possible to use the Website, except for the functions which require cookies by their nature.

III. Purposes for which Cookies are used

  1. The Administrator uses Own Cookies in order to:
  2. Authenticate the User on the Website and provide the User’s session on the Website:
  3. maintain the Website User’s session (after logging in) whereby the User does not have to re-enter the login and password on every subpage of the Website;
  4. configure selected Website functions correctly, particularly to verify the authenticity of the browser session.

 IV. Possibilities of defining the conditions of storing or accessing Cookies

  1. The User may on his/her own and at any time change the settings for Cookies, specifying the conditions for storing and accessing Cookies on the User’s Device. Changes to the settings referred to in the previous sentence can be made by the User using the web browser settings or the Website configuration. These settings can be changed in such a way as to block the automatic handling of cookie files in the web browser settings or to inform about each posting of Cookies on the User’s device Detailed information about the possibilities and ways of handling cookies is available in the software (web browser) settings.
  2. The User may at any time delete cookies using the functions available in the web browser used.
  3. Limiting the use of Cookies may affect some of the functionalities available on the Website.