Privacy Policy

Last updated: February 20, 2026

1. Data Controller

The data controller is Zaviki Sp. z o.o., a company registered in Warsaw, Poland, providing the PlataPOS service available at https://platapos.com (the "Service").

For all data protection matters, please contact us at: contact@platapos.com

2. Personal Data We Collect

In connection with providing the Service, we may collect and process the following categories of personal data:

  • Account data: name, surname, email address, company name, billing address, VAT/tax identification number
  • Technical data: IP address, browser type, device type, login timestamps, session data
  • Transaction and usage data: data entered into the Service (sales data, personnel data, product data) — processed on behalf of the Customer
  • Payment data: processed exclusively by our payment processors; Zaviki Sp. z o.o. does not store payment card numbers

3. Purposes and Legal Bases for Processing

Personal data is processed for the following purposes:

  • Providing the Service — performance of a contract (Art. 6(1)(b) GDPR)
  • Billing and invoicing — legal obligation (Art. 6(1)(c) GDPR)
  • Customer support and communication — legitimate interest (Art. 6(1)(f) GDPR)
  • Ensuring security and preventing abuse — legitimate interest (Art. 6(1)(f) GDPR)
  • Marketing communications — consent (Art. 6(1)(a) GDPR), where applicable

4. Data Entered Into the Service

Data entered by the Customer into the Service (including employee data, customer data, and transaction data) is processed by Zaviki Sp. z o.o. as a data processor on behalf of the Customer, who acts as the data controller for such data. The legal basis and responsibility for such processing rests with the Customer.

A Data Processing Agreement (DPA) is available upon request or in the customer panel.

5. Data Retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, and in particular:

  • Account data: for the duration of the contract and up to 5 years after termination (for legal and accounting purposes)
  • Transaction and usage data: as determined by the Customer's data retention policy and applicable law
  • Technical logs: up to 12 months

6. Data Sharing and Third-Party Processors

We may share personal data with the following categories of third parties:

  • Cloud hosting and infrastructure providers (e.g., Amazon Web Services, Google Cloud, Hetzner, OVHcloud)
  • Payment processing providers
  • Email and communication service providers
  • Analytics and monitoring tools

All third-party processors are bound by data processing agreements and are required to implement appropriate security measures. We do not sell personal data to third parties.

7. International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). In such cases, data transfers are carried out using appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Your Rights

Under the GDPR, you have the following rights with respect to your personal data:

  • Right of access — to request a copy of your personal data
  • Right to rectification — to correct inaccurate or incomplete data
  • Right to erasure — to request deletion of your data ("right to be forgotten")
  • Right to restriction of processing — to request a temporary halt on processing
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — to object to processing based on legitimate interest
  • Right to withdraw consent — where processing is based on your consent

To exercise any of these rights, please contact us at: contact@platapos.com

9. Cookies and Tracking Technologies

The Service uses cookies and similar technologies to ensure proper functioning, analyze usage, and improve user experience. Details about the types of cookies used are available in our Cookie Policy.

10. Security

We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. However, no system can guarantee absolute security.

11. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy. Significant changes will be communicated via email or a notification in the Service. The current version is always available at https://platapos.com/privacy/.

12. Supervisory Authority

If you believe that the processing of your personal data violates applicable law, you have the right to lodge a complaint with the competent supervisory authority.

In Poland, the supervisory authority is:
President of the Office for Personal Data Protection (UODO)
ul. Stawki 2, 00-193 Warsaw, Poland
www.uodo.gov.pl

13. Contact Information

WebPOS