Privacy Policy

1. Introduction

This Privacy Policy sets out the rules for collecting, processing, and using personal data obtained from users of the StampStamp service (hereinafter: "Service").

The administrator of personal data collected through the Service is Halo Sp. z o. o., having its registered office at ul. Warszawska 40/2A, 40-008 Katowice, Poland, NIP: 9542880835, REGON: 54046242600000, registered in the National Court Register under number KRS: 0001145505 (hereinafter: "Administrator").

All payment transactions are processed using Stripe and are subject to Stripe's Privacy Policy and Terms of Service. This policy should be read in conjunction with Stripe's policies for a complete understanding of how your payment data is handled.

2. Scope of Data Collected

The Administrator collects the following personal data:

  • Data provided during registration: first name, last name, email address, password (stored in encrypted form);
  • Data provided when creating and managing a store: store name, address, logo, contact information;
  • Data related to the use of loyalty programs and loyalty cards;
  • Information about the devices used to access the Service;
  • Location data (with the User’s consent);
  • Information collected via cookies and similar technologies;
  • Payment information including cardholder name, billing address, and payment card details (processed and stored by our payment processor Stripe, not stored in our systems).

3. Purposes of Data Processing

Personal data is processed for the following purposes:

  • Providing services offered within the Service;
  • Executing loyalty programs and handling loyalty cards;
  • Processing subscription payments and managing recurring billing;
  • Communicating with Users regarding the Service;
  • Sending commercial and marketing information (with the User’s prior consent);
  • Analyzing and improving the quality of services provided;
  • Fulfilling legal obligations imposed on the Administrator;
  • Pursuing or defending against potential claims.

4. Legal Grounds for Data Processing

The processing of Users’ personal data is based on:

  • User’s consent (Art. 6(1)(a) GDPR);
  • Necessity to perform a contract to which the User is a party (Art. 6(1)(b) GDPR);
  • Legal obligation imposed on the Administrator (Art. 6(1)(c) GDPR);
  • Legitimate interest pursued by the Administrator (Art. 6(1)(f) GDPR).

5. Data Recipients

Users’ personal data may be transferred to the following categories of recipients:

  • Entities providing services to the Administrator, including:
    • Stripe Payments Europe, Ltd. - payment processing and secure storage of payment card information for recurring subscriptions;
    • IT service providers;
    • Accounting and legal service providers;
  • Entities cooperating with the Administrator in the implementation of loyalty programs;
  • Entities authorized under the law (e.g., state authorities).

The Administrator may transfer personal data to third countries (outside the European Economic Area) only if an adequate level of protection is ensured, in accordance with GDPR requirements.

6. Payment Processing

All financial transactions are processed through our payment service provider, Stripe Payments Europe, Ltd. We use Stripe's integrated checkout systems, which are completely secure, PCI compliant and SSL enabled.

Stripe's Role in Data Processing: Stripe has certain data processing activities for which it acts as a data controller, and others for which it acts as a data processor. When processing credit card transactions, Stripe:

  • Acts as a data processor when facilitating transactions on our behalf, processing cardholder data (name, credit card number, expiry date, and CVC code) through their secure API;
  • Acts as a data controller when using the data to comply with regulatory obligations such as Know Your Customer (KYC) and Anti Money Laundering (AML) requirements.

Stored Payment Information: For subscription services, Stripe securely stores your payment card information to process recurring charges. This data is:

  • Tokenized and encrypted using industry-standard security measures;
  • Never stored on our servers - only secure tokens are retained;
  • Used exclusively for processing your authorized recurring subscription payments;
  • Deletable at any time by canceling your subscription or updating your payment method.

Recurring Charges: By subscribing to our services, you authorize us to charge your stored payment method on a recurring basis according to your selected billing cycle (monthly or annually).

For more information about how Stripe handles your data, please review:

7. Data Retention Period

Personal data will be stored for a period:

  • Necessary to fulfill the purposes for which it was collected;
  • Required by law;
  • Until the expiration of any potential claims;
  • Until the User withdraws consent (in the case of data processed based on consent).

8. User Rights

The User has the following rights:

  • The right to access their data;
  • The right to rectify their data;
  • The right to delete their data;
  • The right to restrict data processing;
  • The right to data portability;
  • The right to object to processing;
  • The right to withdraw consent (without affecting the lawfulness of processing carried out based on consent before its withdrawal);
  • The right to lodge a complaint with a supervisory authority (President of the Personal Data Protection Office).

9. Cookie Information

The Service uses cookies and similar technologies in order to:

  • Ensure proper functioning of the Service;
  • Customize the Service to Users' preferences;
  • Analyze traffic on the Service's pages;
  • Ensure the security of using the Service;
  • Facilitate secure payment processing through Stripe (these cookies are essential for subscription services).

Additionally, Stripe may set its own cookies when processing payments to prevent fraud and ensure transaction security. These cookies are necessary for the proper operation of payment systems.

The User can manage cookie settings in their web browser independently. However, disabling certain cookies may affect the functionality of payment processing.

10. Data Security

The Administrator uses appropriate technical and organizational measures to ensure the security of Users' personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage.

11. Changes to the Privacy Policy

The Administrator reserves the right to amend this Privacy Policy. Users will be informed of any changes by posting information on the Service's website.

12. Contact

For matters related to personal data protection, you can contact the Administrator via email at contact@stampstampapp.com or in writing to the Administrator’s registered office address.

Last update: February 6, 2025