1. The Personal Data Administrator of the Story Planet Go application (hereinafter: the Application) is: SP sp. z o.o. with its registered office in Białystok at ul. Żurawia 71, 15-540 Białystok, share capital: PLN 5,000, NIP: 9662146888, REGON:71041900730, KRS: 0000880842
  2. This privacy policy applies to the users of the Application (hereinafter: the User/Users or, respectively, Visitors or Trail Creator). Respecting your rights as subjects of personal data (data subjects) and respecting applicable law, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR, the Personal Data Protection Act (hereinafter referred to as the Act) and other relevant provisions on the protection of personal data, we undertake to maintain the security and confidentiality of the personal data obtained from you. All employees have been properly trained in the processing of personal data, and our company, as the Personal Data Administrator, has implemented appropriate security measures as well as technical and organizational measures to ensure the highest level of personal data protection. We have implemented procedures and policies for the protection of personal data in accordance with the GDPR, thanks to which we ensure compliance with the law and reliability of data processing processes, as well as the enforcement of all rights you have as data subjects. Additionally, if necessary, we cooperate with the supervisory authority in the Republic of Poland, i.e. with the President of the Office for Personal Data Protection (hereinafter referred to as PUODO).
  3. All inquiries, applications, complaints regarding the processing of personal data by our company (Personal Data Administrator), hereinafter referred to as Submissions, should be sent to the following e-mail address: or in writing to the address of the Personal Data Administrator, i.e. ul. Żurawia 71, 15-540 Bialystok. The content of the Submission should clearly indicate:
    1. data of the person or persons to whom the Submission relates,
    2. the event that is the reason for the Submission,
    3. present your requests and the legal basis for these requests,
    4. indicate the expected way of settling the case.
  4. We collect the following personal data in the Application:
    1. name and surname and nickname /login/ – in order to use the Services, you will be asked to provide your name and surname and login,
    2. image – if the user wants to post an avatar with his/her photo in the Application,
    3. address – it is necessary for the correct invoicing; it is not necessary to provide it until the first time you purchase a Trip or post a Trip offer;
    4. e-mail address – via the e-mail address we send you confirmation of the services that you will use and we contact you in the event of such a need related to the service or sale,
    5. NIP, KRS – collected in order to issue an invoice from Users who are entrepreneurs,
    6. bank account number – collected in order to pay the Trail Creator funds from the sale of Trips,
    7. IP address of the device – information resulting from the general rules of connections made on the Internet, such as the IP address (and other information contained in system logs) are used by the Application administrator for technical purposes. IP addresses may also be used for statistical purposes, in particular to collect general demographic information (at least about the region from which the connection is made),
    8. location – if the User uses the Application by enabling the Application to track their location;
    9. data listed in the complaint or contact form.
  5. Providing the data indicated in the preceding point is necessary in the following cases:
    • in order to set up an Account, which is voluntary and enables the use of the Application’s functionalities – then the basis for the processing of personal data is Art. 6 sec. 1 lit. b of the GDPR (concluded contract);
    • in order to provide services, including: selling Trips, withdrawing funds from the Trail Creator, using the functionality of the Application – then the basis for the processing of personal data is art. 6 sec. 1 lit. b of the GDPR (concluded contract);
    • in order to respond to a complaint and defend against claims – then the basis for the processing of personal data is art. 6 sec. 1 lit. f of the GDPR (legitimate interest of the Administrator);
    • in order to respond to a message from the contact form or to report a violation of the Regulations – then the basis for the processing of personal data is art. 6 sec. 1 lit. f of the GDPR (legitimate interest of the Administrator).
  6. Each of you as a person using the Application or planning to use it has the option of choosing whether and to what extent you want to use our services and share information and data about yourself in the scope specified in this Privacy Policy.
  7. Your personal data is processed by us as the Personal Data Administrator in order to provide services to you (i.e. data subjects) offered as part of the Application. In accordance with the principle of minimization, we process only those categories of personal data that are necessary to achieve the goals referred to in the preceding sentence. Some of the data is required from the User only before purchasing/selling the Trip or at another stage of using the Application. Providing this data will remain necessary to use certain functions of the Application.
  8. We process personal data for the time necessary to achieve the purposes listed in the preceding point. In the case of processed data:
    • in connection with the implementation of the Agreement – until its full expiry, taking into account the 24-month duration of the license for the Trip, which the User, the Trail Creator, grants to the Visitor,
    • in connection with the response to the complaint and in connection with the defence against potential claims – until the expiry of the limitation period for claims,
    • in connection with the response to the message from the contact form – until the end of the correspondence thread or 1 month after sending the response to the inquiry by the Administrator, whichever comes first.
  9. The source of the Personal Data processed by the Administrator are the data subjects.
  10. Your personal data is not transferred to a third country within the meaning of the provisions of the GDPR.
  11. Personal data may be entrusted for processing to entities processing such data on behalf of the Administrator. In such a situation, as the Administrator, we conclude a contract for entrusting the processing of personal data with the processing entity. The processing entity processes the entrusted personal data, but only for the needs, to the extent and for the purposes indicated in the entrustment agreement referred to in the preceding sentence. Without entrusting your personal data for processing, we would not be able to run our business and provide the functionality of the Application. As the Administrator, we entrust personal data for processing to entities that provide services to us as the Administrator of personal data, which are necessary for the current functioning of the Application. The entities to which the data is entrusted are, to the extent necessary: online payment operators, companies providing hosting services, the manufacturer of software intended for invoicing sales by the Trail Creator, IT and programming support for the Application. User data – Creators of the trail are made available to the Visitor User, who becomes their administrator.
  12. Personal data is not subject to profiling by the Personal Data Administrator.
  13. In accordance with the provisions of the GDPR, each person whose personal data we process as the Personal Data Administrator has the right to:
    1. access to your personal data referred to in art. 15 of the GDPR – by providing us with personal data, you have the right to inspect and access them; however, this does not mean that you have the right to access all documents on which your data appears, as they may contain confidential information; however, you have the right to know what your data is and for what purpose we process it, and the right to obtain a copy of your personal data, with the first copy being issued free of charge, and for each subsequent copy, in accordance with the provisions of the GDPR, we charge an appropriate administrative fee corresponding to the cost of making a copy,
    2. correcting, supplementing, updating, rectifying personal data referred to in art. 16 of the GDPR – if your personal data has changed, please inform us as the Personal Data Administrator about this fact so that the data we have is consistent with the actual state and up-to-date; also in a situation where there has been no change in personal data, but for any reason these data are incorrect or have been recorded incorrectly (e.g. as a result of a typographical error), please inform us in order to correct or rectify such data,
    3. deletion of data (right to be forgotten), referred to in art. 17 of the GDPR – in other words, you have the right to request the “deletion” of data held by us as the Personal Data Administrator and the right to contact us as the Personal Data Administrator so that we inform other administrators to whom we have provided your data about the need to delete them. You can request the deletion of your personal data in particular when:
      • the purposes for which the personal data were collected have been achieved, e.g. we have fully implemented the sales contract concluded with you,
      • you have filed an objection pursuant to Art. 21 of the GDPR and you believe that we do not have any overriding legal grounds to further process your personal data,
      • Your personal data has been processed unlawfully, i.e. for unlawful purposes or without any basis for processing personal data – please remember that in this case you must have a basis for your request,
      • the need to delete your personal data results from the law,
      • you are a person under the age of 13 (then the declaration should be made by your parent or legal guardian).
    4. restriction of processing referred to in art. 18 of the GDPR – you can contact our company with a request to limit the processing of your personal data (which would mean that until the matter is clarified, our company would primarily only store it), if:
      • you contest the accuracy of your personal data or
      • you believe that we process your data without a legal basis, but at the same time you do not want us to delete this personal data (i.e. you do not use the right referred to in the preceding letter), or
      • you have filed an objection referred to in point f below, or
      • Your personal data is needed to establish, pursue or defend claims, e.g. in court,
    5. transfer of data referred to in art. 20 of the GDPR – you have the right to obtain your data in a format that allows reading this data on a computer and the right to send this data in such a format to another administrator; you have this right only if the basis for the processing of your data was consent or the data was processed automatically,
    6. object to the processing of personal data, as referred to in art. 21 of the GDPR – you have the right to object if you do not agree to the processing of personal data by us, which we have so far processed for legitimate purposes in accordance with the law,
    7. not to be subject to profiling referred to in art. 22 in relation to joke. 4 point 4 of the GDPR – in our Application you will not be subject to automated decision making or profiling within the meaning of the GDPR, unless you consent to it and our company decides to use profiling solutions; additionally, we will always inform you about profiling, should it take place, and we will ask for your consent;
    8. lodging a complaint to a supervisory body (i.e. to the President of the Office for Personal Data Protection), referred to in art. 77 of the GDPR – if you believe that we process your personal data unlawfully or in any way violate the rights resulting from generally applicable provisions of law on the protection of personal data.
  14. With regard to the right to delete data (the right to be forgotten), we point out that, in accordance with the provisions of the GDPR, you do not have the right to exercise this right if:
    1. the processing of your personal data is necessary to exercise the right to freedom of expression and information, e.g. if you have posted your data on a blog, in comments, etc.,
    2. the processing of personal data is necessary for our company to fulfil its legal obligations resulting from the regulations – we cannot delete your data for the period necessary to fulfil the obligations (e.g. tax) imposed on us by law,
    3. the processing of your data is carried out for the purpose of investigating, establishing or defending claims.
  15. If you want to exercise your rights referred to in the preceding point, please send us a message by e-mail to the e-mail address:
  16. Each identified case of a security breach is documented, and in the event of one of the situations specified in the provisions of the GDPR or the Act, the data subjects and, if applicable, PUODO are informed about such a breach of the provisions on the protection of personal data.
  17. All capitalized words have the meaning given to them in the Regulations of the Application, unless otherwise stated in this Privacy Policy.
  18. In matters not covered by this Privacy Policy, the relevant provisions of generally applicable law shall apply. In the event of non-compliance of the provisions of this Privacy Policy with the above provisions, these provisions shall prevail.