tippin' Privacy Policy

I. General Information

1. This Privacy Policy sets out the rules for processing and protecting personal data of Users and Clients of the tippin' service.

2. The data controller is Houda Tomasz Watras with registered office in Katowice, at ul. Żelazna 2, 40-851 Katowice, NIP 6292324622, REGON 521571765.

3. Contact regarding personal data protection:

   • Email: kontakt@tippin.pl
   • Correspondence address: ul. Żelazna 2, 40-851 Katowice

4. The Controller has appointed a Data Protection Officer, who can be contacted at: kontakt@tippin.pl

II. Categories of Processed Data

1. User Data (tip recipients):

   • Identification data: first name, last name, email address
   • Contact data: phone number, residential address (processed by Stripe)
   • Professional data: service location, work category
   • Financial data: bank account number (processed by Stripe)
   • Verification data required by Stripe
   • Transaction data and received tips

2. Client Data (tip senders):

   • Transaction data
   • Payment method data (processed by Stripe)
   • IP address and device data
   • Optionally: email address (when requesting an invoice)

3. Data automatically collected when using the Service:

   • IP address
   • Device and browser information
   • Cookies and similar technologies
   • Data about Service usage

III. Purposes and Legal Bases for Processing

1. Contract performance (Art. 6(1)(b) GDPR):

   • User account management
   • Tip transfer process handling
   • Payment processing through Stripe
   • Complaint handling

2. Legal obligations (Art. 6(1)(c) GDPR):

   • Accounting documentation storage
   • Tax obligations fulfillment
   • Money laundering prevention
   • Implementation of data subjects' rights

3. Legitimate interests of the Controller (Art. 6(1)(f) GDPR):

   • Service security
   • Fraud prevention
   • Analytics and statistics
   • Own services marketing
   • Claims pursuit and defense

4. Data subject consent (Art. 6(1)(a) GDPR):

   • Third-party marketing
   • Marketing profiling
   • Image usage

IV. Data Recipients

1. Data processors:

   • Stripe - payment operator
   • Apple Inc. - for Apple Pay payments
   • Hosting and IT service providers
   • Analytics tool providers
   • Accounting office
   • Law firm

2. Independent controllers:

   • Stripe (for payment services)
   • State authorities in cases provided by law

3. Data transfer outside EEA:

   • Data may be transferred to Stripe Inc. in the USA
   • Transfer is based on standard contractual clauses
   • Detailed information is available in Stripe's privacy policy

V. Data Retention Period

1. User account data:

   • For the period of account possession
   • Up to 5 years after account deletion (for accounting and claims purposes)

2. Transaction data:

   • 5 years from the end of the tax year (accounting requirements)
   • Longer in case of ongoing proceedings

3. Marketing data:

   • Until consent withdrawal
   • Until objection is raised

4. Analytics data:

   • Up to 26 months in aggregated form
   • Up to 14 days in detailed form

VI. Rights of Data Subjects

• Right to access data
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right not to be subject to automated decision-making

VII. Apple Pay and Other Payment Methods

1. Apple Pay:

   • When using Apple Pay, some data is processed by Apple Inc.
   • Apple Inc. acts as an independent data controller for Apple Pay services
   • The Service does not have access to payment card data stored in Apple Pay
   • Apple Inc. may collect and process additional data according to its privacy policy
   • Detailed information about data processing by Apple Pay is available at: https://support.apple.com/pl-pl/HT203027

2. Scope of data processed for Apple Pay payments:

   • Transaction identifier
   • Transaction amount
   • Transaction date and time
   • Transaction status
   • Unique device identifier
   • Transaction location (country)

3. Legal basis:

   • Data processing under Apple Pay is based on Art. 6(1)(b) GDPR (contract performance)
   • User additionally accepts Apple Pay terms of use

VIII. Cookies and Similar Technologies

1. Types of cookies used:

   • Essential for Service operation
   • Analytics (Google Analytics)
   • Marketing

2. Cookie management:

   • Through browser settings
   • Through Service preferences panel

3. Storage period:

   • Session - until browser closure
   • Persistent - maximum 2 years

IX. Data Security

1. Technical measures:

   • SSL/TLS encryption
   • Server security
   • Regular system updates
   • Backup copies

2. Organizational measures:

   • Security policies and procedures
   • Employee training
   • Access control
   • Data processing agreements

X. Profiling and Automated Decision-Making

1. Profiling scope:

   • Service activity analysis
   • User segmentation
   • Content personalization

2. Profiling consequences:

   • Marketing communication adaptation
   • Service feature recommendations

3. Objection to profiling:

   • Can be raised at any time
   • Does not affect basic Service functionality

XI. Final Provisions

1. Privacy Policy changes:

   • Announced 14 days in advance
   • Communicated through Service and email
   • Archived versions available upon request

2. Last update date: December 21, 2024

3. Applicable law:

   • Polish law
   • GDPR and other personal data protection regulations

XII. Detailed Information for Specific User Groups

1. Gastronomy sector:

   • Processing of workplace data
   • Rules for sharing data with gastronomy establishments
   • Specific QR code requirements

2. Beauty sector:

   • Processing of service provision data
   • Cooperation rules with salons
   • Reservation requirements

3. Internet content creators:

   • Processing of social media channel data
   • Identity verification rules
   • Promotion requirements