This Privacy Policy is drafted for information purposes, and fulfils the information duties imposed on
the data controller by GDPR, namely Regulation (EU) 2016/679 of the European Parliament and of
the Council of 27 April 2016 on the protection of natural persons with regard to the processing of
personal data and on the free movement of such data, and repealing Directive 95/46/EC.
The terms used in this Privacy Policy shall have the meaning stated below:
Privacy Policy
this document stipulating the rules and methodology for User
personal data processing by Wandlee;
website at the address: www.wandlee.com;
services provided electronically by Wandlee via the Service, in
particular including explanations regarding Wandlee system
person using the Service and the related functionalities, among
others to contact Wandlee and receive replies to one’s inquiries͖
Wandlee/Service Provider data controller with registry data stipulated in Clause 1.1. of this
Privacy Policy.
1.1. Service Provider, namely Wandlee sp. z o. o. with its registered office in Warsaw, address:
02-001 Warszawa, Al. Jerozolimskie 85 m. 21, entered in the Register of Entrepreneurs of
the National Court Register as number KRS: 0000607072, VAT number (NIP): 7010557972,
REGON: 363933070, with equity of PLN 5,600, shall act as the Data Controller.
1.2. Wandlee can be contacted with respect to personal data in particular by e-mail at email
address: team@wandlee.com.
1.3. Wandlee has also appointed the Personal Data Inspector to be contacted by writing at the e-
mail address: iod@wandlee.com or at the aforementioned postal address of Wandlee.
2.1. The scope and objective of personal data processing shall be determined by the scope of
consents given and completed data, as sent via respective form, or otherwise provided to
Wandlee by the User.
2.2. Processing of personal data may refer to one’s full name, e-mail address, phone number, IP
address, Facebook ID, and other data you may voluntarily provide to Wandlee, or to which
you may provide Wandlee access.
2.3. The nature of services provided by Wandlee prevents anonymity of Users.
2.4. User personal data shall be processed for the following purposes:
2.4.1. compliance - the legal basis for processing is formed by a legal obligation to which the
controller is subject in order to comply with the law (Article 6(1)(c) GDPR);
2.4.2.rendering Services electronically - the legal basis for processing is formed by legitimate
interests pursued by Wandlee (Article 6(1)(f) GDPR) involving proper conduction of
business or in order to take steps at the request of the data subject prior to entering into
a contract (Article 6(1)(b) GDPR);
2.4.3.complaint handling and optimisation of Wandlee services
- the legal basis for
processing is formed by legitimate interests pursued by Wandlee (Article 6(1)(f) GDPR)
involving proper conduction of its business;
2.4.4.promotional and commercial activities carried out by Wandlee - the legal basis for
processing is formed by legitimate interests pursued by Wandlee (Article 6(1)(f) GDPR)
or by a voluntary consent by a data subject (Article 6(1)(a) GDPR);
2.5. Personal data are provided on voluntary basis, yet this is required to use the Services. In
some cases, failure to grant consent to personal data processing where such consent is
mandatory shall prevent Wandlee from taking specific actions to the extent whereby
granting consent permits Wandlee to take such actions.
2.6. If Wandlee becomes informed that the User uses the Services in breach of applicable
regulations (prohibited use), Wandlee may process User’s personal data to the extent
necessary to determine the degree of one’s accountability.
2.7. Personal data, in particular User personal data, shall be processed for the period:
2.7.1.adequate for Wandlee’s evidencing that it has properly performed its obligations,
whereas the period shall end on claims expiry date;
2.7.2.in the event of marketing activities, personal data shall be processed until a data
subject objects against further processing of one’s personal data for marketing
purposes, or withdraws the consent to send messages with such contents.
2.8. After the aforementioned period, personal data shall be erased unless their processing is
required on other legal grounds.
2.9. Wandlee shall not transfer personal data outside the territory of the European Union.
3.1. Wandlee may outsource personal data processing to third parties for the purpose of
servicing the User and to cooperate with other entities. In such cases, recipients of the data
may include: hosting provider, external servers, namely Microsoft Azure,
telecommunications provider, e-mail operator, invoice management system provider,
accountancy, insurer, and legal office.
3.2. Personal data gathered by Wandlee may also be provided to: relevant governmental
authorities on request, pursuant to applicable legal regulations, or other persons and
entities in cases envisaged by the law.
3.3. Any entity to whom Wandlee outsources personal data processing pursuant to data
processing agreement (hereinafter “Processing greement”) shall guarantee appropriate
security and confidentiality of personal data processing. The entity processing User personal
data pursuant to the Processing greement may process User’s personal data via another
entity exclusively under a prior consent from Wandlee.
3.4. Disclosure of personal data to unauthorised entities under this Privacy Policy may only occur
with a prior consent of a data subject.
4.1. Each and every User shall have the right to: (a) have one’s gathered personal data erased
both from the system owned by Wandlee, and from databases of the Service Provider’s
existing of prior collaborates, (b) restrict data processing, (c) portability of personal data
gathered by Wandlee about the User, including to obtain such data in a structured form, (d)
to request access to one’s personal data from Wandlee and to rectify such data, (e) object
against processing, (f) withdraw consent granted to Wandlee at any time, without affecting
the legality of processing under such a consent before the withdrawal; (g) submit a
complaint against Wandlee to a supervisory authority (President of the Personal Data
Protection Office).
5.1. Wandlee may store http inquiries and, therefore, server log files may include some
information, including IP address of a computer from which the inquiry has been received,
User’s station name - identification via http protocol, if possible, systemic date and time of
registration at the Service website and receipt of inquiry, number of bites sent by the server,
URL address of the website previously visited by the User, if a link was used, information
about User’s browser, information about errors upon http transaction, information about
User’s device, and mobile equipment identifiers. The logs may be gathered for correct
Service administration purposes. Access to such information is only provided to persons
authorised to administer the IT system. Log files may be analysed for the purpose of traffic
statistics on the Service website and errors occurring. The summary of such information
shall not provide for User identification.
6.1. The Service Provider shall implement appropriate technical and organisational measures to
ensure a level of personal data security appropriate to the risk and data categories subject to
protection, in particular assuring technical and organisational measures to secure the data
against unauthorised disclosure, unauthorised removal, processing in breach of the law, as
well as accidental or unlawful destruction, loss, or alteration. The User personal data set shall
be stored at a secured server, and the data shall also be protected by Wandlee’s internal
procedures on personal data processing and information security policy.
6.2. Wandlee has also implemented appropriate technical and organisational measures, such as
pseudonymisation, designed for the purpose of effective implementation of data protection
rules, such as data minimisation, and for the purpose of assuring necessary security in order
to meet the requirements under GDPR and to protect the rights of data subjects. The Service
Provider shall implement all the necessary technical measures stipulated in Articles 25, 30,
32-34, and 35-39 GDPR to assure increased protection and security of User personal data
6.3. At the same time, Wandlee points out that using the Internet and services rendered
electronically may pose a risk of malware permeating to the telecommunications system
and User devices, as well as of unauthorised access to User data, including personal data, by
third parties. In order to mitigate such risks, the User should apply appropriate technical
security measures, including the use of current anti-virus software, or software protecting
User ID in the Internet. In order to obtain detailed and professional information regarding
Internet security, Wandlee recommends to obtain such information from entities
specialising in such IT services.
7.1. Wandlee uses Cookies technology to assure correct operation of the Service. Cookies are
the data packets saved on User device via the Service, which usually contain information
conforming with the file purpose, used by the User when using the Service, which include:
service address, placement date, expiry date, unique number, and additional information in
line with the file purpose.
7.2. The Service uses two types of Cookies: (a) session cookies, to be permanently erased upon
the end of User’s browser session͖ (b) persistent cookies, which are saved after the end of
browser session at the User’s device, until deleted.
7.3. Cookies, both of the session and persistent type, do not permit User identification. The
Cookies mechanism does not allow downloading any personal data.
7.4. The Service Cookies are safe to the User’s device and, in particular, do not permit virus or
other malware spreading onto the User’s device.
7.5. Files generated directly by Wandlee cannot be read by other services. External Cookies
(namely Cookies placed by Wandlee’s collaborates) can be read by an external server.
7.6. The User may individually change the browser settings regarding Cookies at any time,
determining the terms for their storage, as well as service configuration settings.
7.7. Principally, the User may disable Cookies saving on one’s device, according to the browser
producer’s manual, but this may result in unavailability of Service functions in whole or in
7.8. The User may also individually delete the Cookies saved on one’s device at any time,
according to the browser producer’s manual.
7.9. The Service Provider shall use own Cookies for the following purposes: configuration of
Wandlee Service and adaptation of website content to User preferences or behaviour;
audience measurement analysis, click counter and paths taken to improve the appearance
and content organisation on the website, time spent on the website, as well as number of
visitors and frequency of visits.
7.10. The Service Provider shall use External Cookies for the following purposes:
Cookies of:
Purpose of saving:
Google Analytics
gathering general or anonymous statistical data via analytical tools
Google Adwords
promotional and marketing activities within the framework of
retargeting process
Apple Search Ads
promotional and marketing activities within the framework of
retargeting process at Apple AppStore
Facebook Ads
promotional and marketing activities within the framework of
retargeting process
7.11. Detailed information about Cookies handling are available at the Internet browser settings,
as used by the User.
8.1. This Privacy Policy shall enter into force on 20 May 2018.