Home | Privacy Policy
Localo regulations

Privacy policy

Overview

This Privacy Policy has been created to clarify the processing of personal data obtained through the https://localo.com/ website (hereinafter: the Website). We indicate that we exercise due diligence to ensure that your personal data is processed in accordance with the requirements of applicable law, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: GDPR).

Data management

  1. The processing of personal data is based on lawfulness, reliability and transparency of information. Data is collected by the Personal Data Controller for a specific, explicit and legally justified purpose, and the scope of the data is limited to the data necessary for this purpose. The Personal Data Controller makes the necessary efforts to ensure the greatest possible security and protection of the personal data it processes. Provision of data is voluntary. Each of you has the right to inspect and check your personal data, update them and request deletion of data.
  2. Personal data has been collected by us directly from you or from entities cooperating with us - mailing database administrators (Growbots Sp. z o.o., KRS No.: 0000504714) in order to perform the contract concluded with you or - in the case of Cookies - on the basis of your consent.

Personal Data Controller

  1. The Controller of Personal Data is: Localo Sp. z o.o. with its registered office in Wrocław, Plac Solny 14/3, 50-062 Wrocław, Poland, entered in the register of entrepreneurs by the District Court for Wrocław-Fabryczna in Wrocław, VI Economic Department of the National Court Register under the number 0000880128, NIP number 8971887866, share capital of PLN 5,000.00 (hereinafter: Localo or Controller).
  2. With respect for your rights as data subjects (i.e. data subjects) and in compliance with the mandatory provisions of the law, including in particular the GDPR, the Polish Personal Data Protection Act (hereinafter: the Act) and other relevant data protection laws, we are committed to maintaining the security and confidentiality of all personal data you provide to us. All of our employees have been adequately trained in the protection of personal data, and Localo, as a Personal Data Controller, has introduced new security measures and technical and organizational measures to ensure the highest possible level of personal data protection. We have implemented appropriate procedures and policies for the processing of personal data in accordance with the GDPR, so that the processing of personal data is carried out lawfully and fairly, and you, as data subjects, can exercise all your relevant rights. In addition, if necessary, we cooperate with the regulatory authority in the Republic of Poland, i.e. the President of the Office for Personal Data Protection (hereinafter: PUODO).
  3. Any questions, requests or complaints related to the processing of personal data at Localo (Personal Data Controller) should be addressed by e-mail to: [email protected] , or in writing to the postal address of the Personal Data Controller, i.e. pl. Solny 14/3, 50-062, WrocÅ‚aw, Poland.
  4. Requests should clearly state:
  • data of the person or persons to whom the request relates,
  • the event to which the request relates,
  • the demands being made,
  • the desired method of handling the case.

Type of personal data processed and purposes of personal data processing

  1. Our Service collects the following personal data:
  2. a) e-mail address - we collect your e-mail address in order to create an account for you on the Service,
  3. b) first name, last name, home address and NIP - we collect these from customers requesting an invoice from us,
  4. c) credit card number, CVC code and expiration date of the card - this information is necessary to make payment for our services,
  5. d) in the case of entrepreneurs, the above data may be expanded to include: company, other identification numbers of the entrepreneur (including REGON), business address.
  6. e) in connection with the use of the Website, additional data may be processed, in particular: IP address, domain name, browser type, access time or type of operating system, as well as navigation data, including information about the links and references you choose to click on and other actions you take on our Website,
  7. In connection with your use of the Service, your personal data may be collected by:
  • sending a request via the contact form,
  • communication via e-mail, as well as Messenger (Intercom) type communicators,
  1. Providing the data specified in section 1 letters a - d is voluntary and is only a contractual requirement. However, providing this data is necessary in order to set up an account on the Website and use its paid version, and thus to execute the agreement on local business card positioning (hereinafter: the Agreement). Provision of the data specified in section 1(e) is based on your consent.
  2. Your personal data are processed for the following purposes: proper execution of the Agreement or taking action at your request before the conclusion of the Agreement, in particular answering your questions, e.g. through the contact form (Art. 6(1)(b) GDPR); fulfillment of the Collector's legal obligation (Art. 6(1)(c) GDPR); possible establishment, investigation or defense against claims, as the Collector's legitimate interest (Art. 6(1)(f) GDPR); proper use of the contact form/log-in service posted on the Website in order to perform the Agreement (art. 6(1)(b) GDPR - the need to perform the contact form service agreement); signing up and receiving information about the services and their functionalities available on the Website in order to perform the Agreement, the subject of which is an electronic service. The Collector may also collect navigational data from users of the Website, including information about the links and references they choose to click on or other actions taken on the Website, for the purpose of facilitating the use of services provided electronically and on improving the functionality of such services, which constitutes the Collector's legitimate interest (Article 6(1)(f) GDPR).
  3. The source of personal data processed by the Personal Data Collector is the data subjects. 
  4. When filling in the login form on the Website, the User shall provide: e-mail address and confidential password for the User's information only. 
  5. There is no automated decision-making following the processing of personal data, including following profiling of such data.

Cookies and profiling

  1. The Website uses cookie technology to tailor its functionality to your individual needs. Therefore, you may agree to save the data and information you have entered so that it can be used later on subsequent visits to the site without having to re-enter it. Owners of other websites will not have access to this data and information. However, if you do not agree with the personalization of the Website, you can disable Cookies in your web browsers.
  2. Each person using the Website may choose whether and how he or she wants to use our services and share his or her data and information to a certain extent, in accordance with this Privacy Policy.

Period of processing of personal data

  1. Your data will be processed for the period necessary for the performance of the Agreement and may be processed for the period necessary for the realization of the legitimate interests of the Collector (i.e. until the statute of limitations for any claims arising from the performance of the Agreement),
  2. Where the basis for the processing of your personal data is consent, then the data shall be processed by the Collector until the consent is revoked.

Recipients of data

Your personal data may be transferred to entities cooperating with Localo, in particular to entities providing IT services and support and to accounting and IT companies serving us, as well as to all institutions having the right to process personal data on the basis of public law, in particular to Tax Authorities and, if necessary, to entities providing archiving services. In justified cases, your data may be sent outside the EU. In this case, Localo will ensure in each case the confidentiality of the transferred data and that only those data are transferred that are necessary for the proper execution of the Agreement and based on appropriate personal data safeguards required by applicable law.

The Collector transfers personal data to third countries, outside the European Economic Area, only to the following entities, due to the international nature of these entities and their possession of part of the ICT infrastructure outside the EEA:

  1. a) with respect to Users of the Service https://pl.localo.com/ from the territory of the United States - a company under the name: Paddle.com Inc, having an address: 3811 Ditmars Blvd #1071 Astoria NY 11105-1803 - the entity that is responsible for billing and sending financial documents (invoices) to users of the Service https://pl.localo.com/ . Paddel.com Inc declares compliance of the data transfer with the requirements of the GDPR, among others, through the use of standard contractual clauses. Information on the processing of personal data can also be found at https://www.paddle.com/legal/data-sharing-addendum‍ .
  2. b) with respect to Users of the Service https://pl.localo.com/ from the territory of other countries - a company under the name: Paddle.com Market Limited (registration number 08172165), having an address: 15 Briery Close, Great Oakley, Corby, Northamptonshire NN18 8JG, United Kingdom of Great Britain and Northern Ireland - the entity that is responsible for conducting billing and sending financial documents (invoices) to Users of the Service https://pl.localo.com/ . On the basis of the European Commission's decision of June 28, 2021, it was confirmed that the transfer of data to the United Kingdom of Great Britain and Northern Ireland provides an adequate level of protection of personal data (the first decision, ref. C(2021) 4800 final, was issued on the basis of Regulation (EU) 2016/679 (GDPR) and the second, ref. C(2021) 4801 final, was issued on the basis of Directive (EU) 2016/680.

Recognition by the European Commission of a specific third country, in this case the UK, as providing an adequate level of protection for personal data allows the free transfer of such data out of the European Economic Area without the need to obtain additional authorizations or implement additional safeguards under Chapter V of the GDPR, which are required if the third country does not provide such protection. Information on the processing of personal data can also be found at https://www.paddle.com/legal/data-sharing-addendum

Personal data may be shared with entities that process such data on our behalf, i.e. on behalf of the Personal Data Controller. In such cases, as the Personal Data Controller, we enter into a personal data processing agreement with such entity. The processing entity shall process the provided personal data only for the purposes specified in the aforementioned agreement. Without sharing personal data with such entities, we would not be able to conduct business on our Service. As a Personal Data Collector, we share personal data for processing with entities:

  • providing hosting services for the Website,
  • providing other services to us that are necessary for the proper functioning of the Website.

Pursuant to the GDPR, any person whose personal data is processed by the Personal Data Controller has the right to request from the Controller:

  1. to be informed about the processing of his/her personal data, in accordance with Article 12 of GDPR - The controller is obliged to make available the information specified in the GDPR (among others, concerning the data itself, the contact details, the purposes and legal grounds for processing the personal data, the recipients of the personal data or categories of recipients, if any, or the period for which the data will be processed or the criteria on the basis of which such period is determined) with the data subject; this obligation should be performed immediately upon obtaining the data for the first time, and if the data were not obtained from the data subject but from another source, then it should be performed within a reasonable period of time depending on the circumstances; the Collector may refrain from providing this information to the data subject if the data subject has already been informed,
  2. to access your personal data, in accordance with Article 15 of GDPR - by providing us with your personal data, you have the right to access and inspect it; however, this does not mean that you have access to all documents that contain your data, as these documents may contain confidential information; you have the right to know which of your data are processed and how, as well as the right to receive a copy of your personal data, with the first copy being issued free of charge, and for each subsequent copy, in accordance with the GDPR, we may charge an appropriate administrative fee related to the making of the copy,
  3. for the rectification of personal data, in accordance with Article 16 of GDPR - if your personal data has changed, please inform us, as the Collector, of this fact so that the personal data we hold corresponds to the actual information and is up-to-date; also, in situations where the personal data has not changed, but for some reason the data we hold is incorrect or has been incorrectly recorded (e.g. due to a drafting error), please inform us so that we can correct the relevant data points,
  4. for the deletion of your data (right to be forgotten), in accordance with Article 17 of GDPR - in other words, you have the right to demand that we, as the Collector, delete the data in our possession, and the right to demand that we, as the Collector, inform other collectors to whom we have shared your data of your request for deletion. You may request deletion of your personal data primarily when:
    1. the purposes for which your personal data was shared have been fulfilled, e.g. we have fully performed the Contract we entered into,
    2. the basis for the processing of your personal data was express consent, which was subsequently withdrawn, and there is no other legal basis for us to continue processing your personal data,
    3. you have objected to our processing of your personal data, in accordance with Article 21 of GDPR and you believe that we have no other legal basis allowing us to continue processing your personal data,
    4. your personal data has been processed unlawfully, i.e. for purposes that do not comply with the law or without a legal basis for processing (please note that in such cases you will need to provide the basis for such a request),
    5. the necessity of deletion of your personal data results from the mandatory provisions of law,
    6. your personal data relate to a minor and were collected as part of an information society service,
  5. for the limitation of processing, in accordance with Article 18 of GDPR - you may request us to limit the scope of processing of your personal data (meaning that we would limit ourselves to only storing the data until the matter is clarified) if:
    1. you question the accuracy of your personal data,
    2. you believe that we are processing your personal data without a legal basis, but at the same time you do not want us to delete your personal data (i.e. you do not exercise the above-mentioned right),
    3. you have filed an objection,

In addition, under GDPR, any person whose personal data is processed by a Personal Data Controller has the right to:

  1. data portability, in accordance with Article 20 of GDPR - you have the right to receive your data in a computer-viewable format and the right to transfer the data in such format to another controller; you have this right only if the basis for the processing of your personal data was explicit consent or the data was processed automatically,
  2. object to the processing of your personal data in accordance with Article 21 of GDPR - you have the right to object if you do not agree with our processing of your personal data that we have so far processed for specific purposes, in accordance with mandatory legal provisions,
  3. object to data profiling, in accordance with Article 22 (within the meaning to Article 4(4) of GDPR) - you will not be subjected to automated decision-making or profiling on our website, in accordance with GDPR, unless you give us express consent to do so; in addition, you will always be informed of any profiling, if any,
  4. file a complaint with a regulatory authority (i.e., the President of the Office for Personal Data Protection), in accordance with Article 77 of GDPR - if you believe that we are processing your personal data unlawfully or in violation of your rights under mandatory data protection laws, or with the supervisory authority of another European Union member state with jurisdiction over your habitual residence or place of work, or to the place of the alleged violation.

In the event of a Service User's assertion of an entitlement under the above-mentioned rights, the Collector will either comply with the request or refuse to comply with it immediately, but no later than within one month of receipt. However, it may happen that due to the complicated nature of the request or the number of requests, the Collector will not be able to fulfill the request within the month referred to in the preceding sentence, in which case it will fulfill the request within another two months while informing the user of the intended extension of the deadline and the reasons for it.

At any time, a user of the Service may report to the Collector any complaints, inquiries and requests regarding the processing of his/her personal data and the exercise of his/her rights.

Consent and information about the possibility of withdrawing consent.

Where the legal basis for the processing of your personal data is your consent, you have the right to withdraw your consent to the processing of your personal data at any time, whereby withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent given before its withdrawal.

Final provisions

  1. If you wish to exercise any of the above-mentioned rights, please refer to the relevant tabs on our Service for deletion of your account and data collected by our Service, or please send an e-mail to: [email protected]
  2. Any identified security breach shall be documented, and in the event of the occurrence of any of the events described in GDPR or in the Act, the data subjects and the PUODO, if applicable, shall be informed.
  3. Any matters not covered by this Privacy Policy shall be governed by the relevant mandatory provisions of law. If any of the provisions of this Privacy Policy do not comply with the aforementioned legal provisions, the legal provisions shall prevail.
  4. By using https://localo.com/ , you accept these terms of the Privacy Policy. Please be advised that your Cookies settings can be changed at any time via your browser settings.
  5. The Privacy Policy is subject to change, of which the Personal Data Controller will inform you 7 days in advance.
  6. Questions regarding the Privacy Policy should be directed to: [email protected] .
  7. Date of last modification: November 5, 2024.