Menu Zamknij

Privacy Policy


This Privacy Policy uses the terms introduced and explained in the Stipl Regulations (hereinafter: Regulations), which in this document have the same meaning as in the indicated Regulations, unless a different meaning is explicitly indicated in the Privacy Policy.

This Privacy Policy sets forth the rules for the processing and protection of personal data provided to the Operator, hereinafter also referred to as the Data Controller, by Users and payers, which are processed for purposes other than those provided for by applicable laws.

Personal data on the Website is processed in accordance with the provisions of generally applicable law, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 and national laws enacted in implementation of or in connection with the RODO.

This Privacy Policy is for informational purposes and does not constitute a source of obligation for Users.


The Data Controller processes personal data provided by Users and payers in order to use the services offered by the Data Controller. The Data Controller processes the following data provided to it by Users and payers: name, residential address, telephone and e-mail address, country, payment instrument data (hereinafter: Personal Data). In the case of entrepreneurs, the indicated scope of Personal Data is expanded to include the entrepreneur’s company and its Tax Identification Number.

The administrator of personal data is the Operator.

Users can contact the Data Controller through the contact information provided on the Website. The Data Controller has appointed a Data Protection Officer (hereinafter: DPO). Users can contact the DPA via the contact information mentioned above.

The recipient of the personal data is the owner of the Stipl service and the Payment Institution processing the payment, with which the Data Controller cooperates in order to process payments for the Services.

The Data Controller may entrust the processing of the collected Personal Data of Users to another entity based on the contract of entrustment of personal data processing concluded with it (data recipient), whereby such entities will be obliged to observe the principles of confidentiality and security, in particular not to make the Personal Data available to unauthorized persons, and to apply organizational, technical and physical security measures adequate to the manner of processing such data. These entities are, in particular, service providers supplying the Data Controller with IT, technical and organizational solutions to enable its operations, including the website and the electronic services provided through it, as well as providers of legal, accounting and consulting services providing the Data Controller with support in these areas.

The data controller, in order to ensure the high quality of the provided service and usability and optimization, may use external analytical tools on the basis of automated collection of a part of data about Users, among others. Using tools like Google Analytics.

On the websites of these tools, regulations, privacy policies and other internal documents are made available, which Users can read and whose contents they accept by accepting the Privacy Policy.

The User may make a request to the Operator to remove some of the external tools, but this request is not binding on the Operator, and the User will be notified of the final decision by email.


The Data Controller processes Users’ Personal Data only for the purpose and to the extent necessary to perform the Services offered by the Operator. Provision of Personal Data is voluntary, while necessary to grant Users access to the Services of their choice offered by the Data Controller.

The processing of Personal Data is necessary for, among other purposes:

  • to perform a contract to which the data subject is a party, or to take action at the request of the data subject before entering into a contract,
  • to fulfill the Data Controller’s accounting obligations arising in the event of the provision of paid services to Users,
  • answering questions asked by Users; Personal Data may be processed until the case presented by the User is concluded or until the User withdraws his/her consent to the processing of Personal Data; in some cases, depending on the content of the message sent, Personal Data may be archived on the basis of the legitimate interest of the Data Controller to demonstrate the course of the conversation in the future (e.g., in the case of User claims),

If Users give additional and voluntary consent, their Personal Data may be processed for marketing purposes related to the services offered by the Data Controller. If you have given your consent, your Personal Data will be processed for marketing purposes until you revoke it, which can happen at any time. When processing Personal Data for marketing purposes, the Data Controller shall respect all control rights of Users.

If Users give additional and voluntary consent, their personal data may be used to provide commercial information about the services offered by the Data Controller, by means of electronic communication, in the form of text messages (sms) and via e-mail. If you have given your consent, commercial information will be transmitted via electronic communications until you revoke it, which may happen at any time. When using Personal Data to provide commercial information as indicated above, the Data Controller shall respect all control rights of Users.

If you provide Personal Data solely for the purpose of gaining access to selected Services offered by the Data Controller, the Personal Data will be processed for the time necessary for the proper performance of such Services, unless you consent to the processing of the Personal Data provided by you also after the Data Controller has terminated the Services provided to you.

The period of data processing may be extended in case the processing is necessary for the establishment, investigation or defense against possible claims, and thereafter, only if and to the extent required by law.


Each User has the right at any time to access and correct the content of his Personal Data.

The Data Controller respects all the rights of Users, including in particular the right to request the updating of personal data, their correction and deletion, which may be exercised by Users at any time, unless their exercise is prevented by applicable laws.

Users have the right to object in the cases specified in the provisions of the RODO, as well as the right to restrict data processing and data portability, and the right to withdraw the consent given at any time without affecting the legality of the processing.

The rights indicated above can be exercised by sending the appropriate request via e-mail, to the Operator’s address.

In the event that the processing of Personal Data is deemed to be in violation of applicable laws, each User has the right to file a complaint with the Supervisory Authority.


The Data Controller shall use appropriate organizational, technical and physical safeguards to protect Personal Data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.

The Data Controller shall ensure that only persons authorized by the Data Controller have access to the Personal Data and only to the extent that it is necessary due to the tasks they perform.


The website uses cookies. Cookies (so-called “cookies”) are IT data, in particular text files, which are stored on the User’s terminal device and are intended for the use of the Operator’s website. Such files usually contain the name of the website from which they originate, the time they are stored on the end device and a unique number.

Cookies, apart from the files whose use is necessary for the proper functioning of the Operator’s website, are used with the User’s consent, expressed through the appropriate setting of the software, in particular the Internet browser, installed in the electronic device used by the User. Cookies are used in particular for statistical and functional purposes.

Two types of cookies are used on the Website:

  • Session – remain stored on the user’s computer or mobile device until the user leaves the website or shuts down the web browser,
  • Permanent – they remain on the User’s device for the time specified in the parameters of cookies or until they are manually deleted in the web browser.

The Operator reserves the rights to also use the data in LocalStorage and SessionStorage, which remain on the User’s device for the time specified in the parameters of cookies or until they are manually deleted in the web browser.

Restricting or disabling the use of cookies by the User is possible at any time, but it will have a negative impact on the ability to make payments, the operation of the Operator’s Services or completely prevent their operation. In order to maintain the full ability to make payments and use the Services, the Data Controller recommends not modifying the cookie settings.


This Privacy Policy is continuously reviewed and updated as necessary.

In the event of a change in the content of the Privacy Policy, the Data Controller will inform Users of this fact each time by posting information about the changes on the dedicated website.