Please Note: Our Privacy Policy was originally written in Polish following Polish law. If this translated version shows any variations compared to the Polish version, the Polish version is always decisive.
Privacy Policy
VeloPlanner respects the privacy of Users using the Website and Application, making efforts to protect the personal data provided. This Privacy Policy describes how we collect, use and protect the personal data provided and the rights of persons using the Website and Application. The Policy also sets out the rules for storing and accessing information on Users' devices through Cookies.
1. General Provisions
- This Privacy Policy defines the rules for processing personal data of Users of the website at veloplanner.com and the mobile application called "VeloPlanner" (hereinafter: "Website" and "Application").
- The controller of Users' personal data is VeloPlanner sp. z o.o. with its registered office in Elbląg, ul. Stanisława Sulimy 1, 82-300 Elbląg, entered into the Register of Entrepreneurs of the National Court Register by the District Court in Olsztyn, VIII Commercial Division of the National Court Register under KRS number: 0001147700, NIP: 5783175088, REGON: 540584603, share capital of PLN 5,000, fully paid up (hereinafter: "Controller" or "VeloPlanner").
- Contact with the Controller is possible via email: [email protected] or in writing to the company's registered office address.
- The Controller has not appointed a Data Protection Officer. Any questions regarding the processing of personal data should be directed to the Controller using the contact details provided in point 1.3.
- Using the Website and Application constitutes acceptance of the provisions of this Privacy Policy.
-
Definitions:
- Controller – entity responsible for processing personal data in the Website and Application.
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- User – person using the Website and Application whose personal data may be processed by the Controller.
- Personal Data – any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Website – website operated by the Controller available at https://veloplanner.com.
- Application - mobile software called "Veloplanner", available on Android and iOS devices, enabling, among other things, bicycle route planning, recording User activities and using additional Website features in a convenient way adapted to mobile devices.
- Cookies – IT data, in particular small text files, stored on the User's device, used to improve the operation of the Website and Application.
- Processing – operations performed on personal data such as collection, storage, modification or deletion.
- Profiling – form of automated processing of data consisting in evaluating certain characteristics of the User.
- Anonymization – process of transforming data in a way that makes it impossible to identify the data subject.
- Device – electronic device with software that enables the User to access the Website or Application.
- The purpose of processing personal data provided to VeloPlanner by the User, the scope of this data and their recipients are determined based on the User's consent or applicable law or the Controller's legitimate legal interest.
2. Scope of Processed Personal Data
-
The following personal data may be processed as part of using the Website and Application:
- Username, Full name, email address, login data (for registered Users);
- Location data (when using route planning features);
- Technical data of the User's Device, such as IP address, Device identifiers, browser and operating system information;
- Data related to activity in the Website and Application (e.g. saved routes, uploaded photos, comments);
- Data shared by third parties (e.g. when logging in via Google or Apple accounts).
- Providing personal data is voluntary, however, failure to provide it may prevent the use of certain Website and Application functionalities.
- Detailed information about categories of personal data, purposes of their collection, legal bases for processing and categories of service providers can be found in the table:
Data Category | Purpose of Collection | Legal Basis for Processing | Service Provider Categories |
---|---|---|---|
Full name, username | Account registration, service personalization, pursuit of Controller's legitimate interests, in particular establishing, pursuing and defending claims | Art. 6(1)(b) GDPR (contract performance) / Art. 6(1)(f) GDPR (Controller's legitimate interest) | Hosting service providers |
Email address | User contact, Newsletter delivery, marketing activities | Art. 6(1)(a) GDPR (consent) | Email marketing platforms, hosting service providers and mailing system operators |
Location data | Route planning, location-based features | Art. 6(1)(a) GDPR (consent) | Map service providers |
Device technical data | Website and Application optimization | Art. 6(1)(f) GDPR (Controller's legitimate interest) | Analytics tool providers |
Activity-related data | Service provision, user preference analysis | Art. 6(1)(b) GDPR (contract performance) / Art. 6(1)(f) GDPR (Controller's legitimate interest) | Analytics and IT service providers |
Device identifiers | Ensuring security and fraud prevention | Art. 6(1)(f) GDPR (Controller's legitimate interest) | Security system providers |
3. Purposes and Legal Bases for Data Processing
-
Users' personal data is processed for the following purposes:
- Providing services offered in the Website and Application, including bicycle route planning features and data synchronization between devices (Art. 6(1)(b) GDPR – contract performance);
- Newsletter delivery (Art. 6(1)(a) GDPR – consent);
- Conducting statistical analyses and personalizing Website and Application functionality (Art. 6(1)(f) GDPR – Controller's legitimate interest);
- Handling complaints and implementing consumer rights (Art. 6(1)(c) GDPR – legal obligation).
- If the User provides additional consent (e.g. for using location data), such data will be processed only for the purposes specified in the consent.
- The Controller declares that it does not profile Users' personal data or make automated decisions about them within the meaning of Art. 22 GDPR.
- The Controller declares that Users' personal data is not processed in an automated way that could produce legal effects concerning Users.
4. Cookie Policy
- The Website and Application use Cookies and other similar technologies to improve functionality, analyze traffic, personalize content and ensure security. Cookies are small text files stored on the User's device that allow the Website or Application to work properly and adapt to User needs.
-
Types of Cookies used in the Website and Application include:
- Necessary Cookies – enable proper operation of the Website and Application, providing basic functionalities such as navigation or access to secure areas;
- Functional Cookies – remember User preferences such as language settings;
- Persistent Cookies – these files remain stored on the User's device until manually deleted or until they expire according to their settings.
- For traffic analysis, we use Umami, which doesn't use Cookies and ensures complete user anonymity.
- We cooperate with the following external service providers who process data according to their own privacy policies:
- Users can manage Cookie settings through their web browser. Below are links to instructions for changing settings in the most popular browsers:
- Limiting the use of Cookies may affect some functionalities of the Website and Application.
5. Data Sharing
-
Data may be shared with external entities such as:
- Entities processing data on behalf of the Controller (e.g. IT service providers, hosting companies) based on appropriate data processing agreements;
- Public authorities based on legal requirements;
- External platforms such as AppStore and GooglePlay, to the extent necessary for processing payments and premium service subscriptions
- Analytics tools (e.g. Umami).
- When entrusting data processing to external entities, the Controller enters into appropriate data processing agreements with them in accordance with Art. 28 GDPR. The Controller cooperates with entities that ensure appropriate data protection standards.
-
The list of external provider categories with whom the Controller cooperates includes:
- Cloudflare - website security and performance optimization Privacy Policy: https://www.cloudflare.com/privacypolicy/
- Umami - anonymous analytics Privacy Policy: https://umami.is/privacy
- Sentry - error and performance monitoring Privacy Policy: https://sentry.io/privacy/
- Heroku - hosting (data stored in Europe) Privacy Policy: https://devcenter.heroku.com/articles/gdpr
- The Controller declares that Users' personal data is generally not transferred or processed outside the European Economic Area (EEA), unless based on appropriate legal mechanisms, such as standard contractual clauses approved by the European Commission or an adequacy decision issued by the European Commission.
6. Newsletter
The Controller uses its own secure Newsletter delivery system based on https://github.com/knadh/listmonk software. Personal data that the User provides in the Newsletter subscription form (email address and name) is stored on the Controller's servers located within the European Union.
7. User Rights
-
Users have the right to:
- Access their data and receive a copy;
- Rectify personal data that is incorrect;
- Request data deletion ("right to be forgotten");
- Restrict data processing;
- Transfer data to another Controller;
- Object to data processing, including profiling;
- Withdraw consent for personal data processing (if processing is based on consent).
- To exercise these rights, Users should contact the Controller using the contact details provided in section 1.
- Users have the right to lodge a complaint with their local data protection authority if they believe that data processing violates GDPR.
8. Data Storage
- The Controller ensures that Users' personal data is stored on servers located within the European Union, in accordance with applicable data protection regulations.
- The Controller implements appropriate technical and organizational measures to ensure the security of Users' personal data, including protection against accidental loss, destruction, unauthorized access or disclosure.
- The Controller reminds that data security also depends on the User, particularly on using up-to-date software, antivirus protection and avoiding sharing personal data with unauthorized persons.
-
Personal data will be stored until there is a basis for its processing, that is:
- In case of consent – until it is withdrawn, limited or other actions restricting this consent, no longer than 5 years.
- In case of a contract – for its duration and the limitation period for claims.
- In case of the Controller's legitimate interest – until effective objection is raised, no longer than until claims arising from processing are time-barred.
- In case of the Newsletter – until the User unsubscribes from the service or the Controller ceases to provide it.
9. Changes to the Privacy Policy
- The Privacy Policy is an integral part of the TODO:Website and Application Terms of Service.
- The Privacy Policy has been prepared in Polish and according to legal requirements applicable in the Republic of Poland. In case of discrepancies resulting from translation of the Policy, the Polish language version shall prevail.
- In matters not regulated by this Policy, Polish and European law shall apply.
- The Controller reserves the right to make changes to the Privacy Policy in connection with modifications to the Website and Application, applicable law or other significant circumstances
- Users will be informed about changes via the Website, Application or email.