Privacy Policy

Choose the language of the Terms and Conditions: 🇮🇩 Bahasa Indonesia| 🇨🇿 Česky| 🇩🇰 Dansk| 🇩🇪 Deutsch|🇪🇪 Eesti| 🇬🇧 English| 🇪🇸 Español| 🇫🇷 Français|🇮🇹 Italiano| 🇱🇻 Latviešu| 🇱🇹 Lietuvių kalba| 🇭🇺 Magyar| 🇳🇱 Nederlands| 🇳🇴 Norsk| 🇵🇱 Polski| 🇵🇹 Português| 🇷🇴 Română| 🇸🇰 Slovenská| 🇸🇮 Slovenski| 🇫🇮 Suomalainen| 🇸🇪 Svenska| 🇹🇷 Türkçe| 🇬🇷 Ελληνικά| 🇧🇬 Български| 🇷🇺 Русский| 🇺🇦 Українська| 🇨🇳 中文 (简体)| 🇯🇵 日本語| 🇰🇷 한국어

Privacy Policy – GDPR, UK GDPR & Global Compliance

§1 GENERAL PROVISIONS

1. This document sets out the Privacy Policy of the apgo online store (goapgo.com and apgo.eu), including principles for the protection and processing of personal data and the security of other information entered by the User while using the Service.
2. This Privacy Policy constitutes an integral part of the Terms and Conditions of the Store.

§2 DEFINITIONS

The following terms shall have the meanings indicated below:

1. Administrator – APCOMMERCE.PL ARTUR PIEKARCZYK, Klonów 21, 32-222 Klonów, Poland, Tax ID (NIP): 659-149-76-55.
2. Service – the website available at goapgo.com apgo.eu and all its subpages.
3. Parties – the Administrator and the User.
4. User – any natural person who uses the Service and provides their personal data within it.

§3 PERSONAL DATA PROTECTION

1. The Administrator is the controller of personal data within the meaning of:
   • Regulation (EU) 2016/679 (GDPR) – for users from the EU and Poland,
   • UK General Data Protection Regulation (UK GDPR) – for users from the United Kingdom,
   • California Consumer Privacy Act (CCPA) – applied voluntarily for users from California, USA.
   • Other applicable local laws in the User’s jurisdiction, where relevant.
2. The Administrator processes data in the scope, duration, and purposes each time defined in the content provided near forms used to collect personal data from the User.
3. Personal data may be transferred only to trusted subcontractors of the Administrator, including IT service providers, accounting services, payment processors, hosting services, and administrative providers, and only to the extent necessary for service performance.
4. For international transfers (outside the EEA or UK), appropriate safeguards are applied, such as Standard Contractual Clauses or other mechanisms in line with GDPR and UK GDPR.

§3a PURPOSES AND LEGAL BASIS OF DATA PROCESSING
The Administrator processes personal data for the following purposes:

Contractual Performance: To fulfill orders, provide customer support, and manage the sale of products and services. The legal basis for this processing is the performance of a contract between the Administrator and the User (Article 6(1)(b) GDPR).

Legal Obligations: To comply with applicable legal and regulatory requirements. The legal basis is compliance with a legal obligation (Article 6(1)(c) GDPR).

Consent-Based Processing: To send newsletters, promotional offers, and other marketing communications when the User has provided explicit consent. The legal basis for this processing is the User’s consent (Article 6(1)(a) GDPR).

Security and Technical Operations: To ensure the security and proper functioning of the Service, including maintaining logs and preventing fraud. The legal basis is the legitimate interests of the Administrator (Article 6(1)(f) GDPR), balanced against the rights and freedoms of the Users.

Additional purposes and legal bases may be specified where relevant, and Users will be informed accordingly at the point of data collection.

§3b DATA RETENTION PERIODS
The Administrator retains personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations. Specific retention periods are as follows:

Order-Related Data: Data related to completed orders is retained for 5 years from the date of the transaction to comply with tax and accounting requirements.

Marketing Data: Personal data collected for marketing purposes is retained until the User withdraws consent.

Log Files: Server log data is stored for a period of 12 months for security and technical purposes.

After the applicable retention period expires, the personal data will be securely deleted or anonymized.

§3c Payment Processors – Personal Data Processing

To process online payments, the Administrator uses two external payment service providers: mElements S.A. (Paynow) and Stripe Payments Europe Ltd. (Stripe).

The Buyer's personal data is transferred to the selected payment processor solely to the extent necessary to execute and secure the transaction. Below are details about each provider:

1. Paynow (mElements S.A.)

The controller of personal data is mElements S.A., with its registered office at ul. Prosta 18, 00-850 Warsaw, Poland.

The personal data provided by the Buyer will be used by mElements S.A. to process the payment transaction.
The legal basis for processing is the service agreement for the "Paynow Payment Integrator" concluded with the Administrator.

Personal data may be disclosed to:

• authorized institutions supervising mElements S.A. (e.g., Polish Financial Supervision Authority, Office of Competition and Consumer Protection),
• entities processing data on behalf of mElements S.A. to perform services for the Administrator.

Data will be retained no longer than 5 years after the contract is terminated (e.g., in case of a legal dispute). After this period, the data will be anonymized.

The Buyer has the right to:

• access and correct their data,
• request data portability, deletion, or restriction of processing,
• object to processing and lodge a complaint with the relevant data protection authority (in Poland: https://uodo.gov.pl).

Providing personal data is voluntary but necessary to complete the transaction — failure to provide it may result in a declined payment.

More information: https://www.paynow.pl
Data Protection Officer: iod@melements.pl

2. Stripe (Stripe Payments Europe Ltd.)

The data controller remains the Seller, while Stripe acts as a data processor to carry out the payment.

The Buyer's personal data (such as name, email address, IP address, card details, and transaction information) is shared with Stripe Payments Europe Ltd. (1 Grand Canal Street Lower, Dublin, Ireland) and Stripe, Inc. in the United States, in accordance with applicable data protection laws.

The legal bases for this processing are:

• Article 6(1)(b) GDPR – contract performance (processing the transaction),
• Article 6(1)(f) GDPR – the Administrator’s legitimate interest in ensuring secure transactions and preventing fraud.

Data may be transferred outside the European Economic Area (e.g., to the US) using adequate safeguards such as Standard Contractual Clauses (SCCs).

The Buyer has the right to access, correct, delete, or transfer their data, restrict processing, object to it, and lodge a complaint with the appropriate authority.

Providing data is voluntary but required to complete the payment — refusal may prevent the transaction.

More information: https://stripe.com/privacy

§4 USER RIGHTS

1. Users have the right to access their personal data, request its correction, deletion, or restriction of processing.
2. Users may withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
3. Users may also request data portability and object to processing of their personal data.
4. Users from the EU and Poland may lodge a complaint with the President of the Personal Data Protection Office (PUODO).
   Users from the UK may lodge a complaint with the Information Commissioner's Office (ICO).
   Users from the US, especially California, can contact the Seller using the contact details provided below for clarification regarding privacy rights.
5. Providing personal data is voluntary, but refusal to provide it may result in the inability to use certain features or services.
6. The Administrator may refuse to delete personal data if its retention is required by law or necessary for the establishment, exercise, or defense of legal claims.

§5 TECHNICAL DATA SECURITY

1. The Administrator uses all appropriate technical and organizational measures to ensure the security of Users' personal data and to protect it from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
2. Data is stored on secure servers using encrypted and protected infrastructure in certified data centers with restricted access.
3. Only authorized persons have access to personal data, and regular security audits are conducted.
4. The Administrator ensures regular backups and complies with the legal and technical standards for data protection applicable in Poland, the EU, UK, and, where applicable, internationally.
5. We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, and in accordance with applicable legal obligations. After the retention period expires, your personal data will be securely deleted or anonymized.
6. The Service may use automated decision-making processes, including profiling, to analyze user behavior and improve user experience. Such processing is based on your consent or is necessary for the performance of a contract between you and the Administrator. You have the right to request human intervention, obtain an explanation of the decision, and challenge the decision if you believe it adversely affects you. If you wish to withdraw your consent regarding such processing, please contact us using the details provided in §8 CONTACT.
   
   

§6 COOKIES POLICY

1. For Users' convenience and to enhance functionality, the Service uses cookies, which are small text files stored on the User’s device.
2. The Service uses the following types of cookies:
   • Session cookies – temporary files deleted after the session ends.
   • Persistent cookies – stored on the User’s device until they are manually deleted or expire.
3. Types of cookies used:
4. a. Necessary – essential for the proper operation of the site (e.g., user login).
   b. Security – help ensure safe use and detect potential abuses.
   c. Performance – gather anonymous statistics on website usage.
   d. Functional – remember user preferences like language, font size, and interface settings.
5. Users can manage cookie settings in their web browsers, including blocking or deleting them.
6. In addition to the cookies mentioned above, our Service may also use cookies provided by trusted third-party services (such as analytics and advertising platforms). These third-party cookies are used to collect anonymized data for the purposes of improving our Service and for personalized advertising. For more detailed information on the cookies used by these third parties, please refer to their respective privacy policies.

§7 SERVER LOGS

1. Like most websites, the Service logs HTTP requests to the server. Collected logs include:
   • IP address,
   • Request time and response time,
   • Browser and operating system details,
   • Referrer URL (previous page),
   • Error codes if applicable.
2. These logs are used solely for administrative and technical purposes.
3. Log data is stored for an indefinite period but is not shared with any third parties and does not identify individual users.

§8 CONTACT

1. Users can contact the Administrator at any time to ask about their personal data processing, exercise their rights, or request deletion or correction of their data.
2. Contact details:
   📧 Email: apgo@goapgo.com
   📞 Phone: +48 606 330 278

§9 FINAL REMARKS

1. The Administrator reserves the right to amend this Privacy Policy due to changes in applicable laws or improvements in data protection standards.
2. The current version of the Privacy Policy is always available at goapgo.com and apgo.eu.
3. Last Updated: [03.04.2025]
   This Privacy Policy was last updated on [03.04.2025]. We encourage you to review this page periodically to stay informed about any changes.