Information on the processing of personal data (GDPR)

1. Personal data controller

The controller of your personal data is the operator of the MapiGO platform (MapiGO.net) - a natural person running an unregistered business.

Contact details:
Kacper Kwiek
Zielarska 96, 62-064 Plewiska, Poland
E-mail: contact@mapigo.net

2. Purposes and legal bases for processing

Your personal data is processed for the following purposes:

1. Providing electronic services - account operation, profile creation, adding points and groups, sharing maps, and using social features
   • Legal basis: Article 6(1)(b) GDPR (performance of a contract)
   • Data scope: e-mail address, password (encrypted), username, avatar, bio, point and group data, privacy settings, app settings
2. Processing payments for the paid plan - subscription and settlement handling
   • Legal basis: Article 6(1)(b) GDPR (performance of a contract) and Article 6(1)(c) GDPR (legal obligation)
   • Data scope: payment data, transaction identifiers, invoice data (if applicable)
3. Communication with users - responses to inquiries, complaint handling, technical support
   • Legal basis: Article 6(1)(b) GDPR (performance of a contract) and Article 6(1)(f) GDPR (legitimate interest)
   • Data scope: e-mail address, correspondence content, data provided in the request
4. Ensuring platform security and proper operation - log analysis, abuse detection, attack protection
   • Legal basis: Article 6(1)(f) GDPR (legitimate interest of the controller)
   • Data scope: IP address, browser technical data, system logs
5. Statistical analysis and service improvement
   • Legal basis: Article 6(1)(f) GDPR (legitimate interest of the controller)
   • Data scope: platform usage data (anonymized or pseudonymized)
6. Establishing and defending claims
   • Legal basis: Article 6(1)(f) GDPR (legitimate interest of the controller)
   • Data scope: data necessary for establishing, pursuing, or defending claims
7. Fulfilling legal obligations - including tax and accounting obligations
   • Legal basis: Article 6(1)(c) GDPR (legal obligation)
   • Data scope: data contained in accounting documents

3. Recipients of personal data

Your personal data may be shared with the following categories of recipients:

1. Technical service providers - hosting, IT infrastructure maintenance, data storage
2. Map and place data providers - for example Mapbox, Google, to the extent necessary for map features
3. Payment operators - entities handling online payments (for example Stripe) for transaction processing
4. Analytics tool providers - if used, with your consent or based on legitimate interest
5. Public authorities - where required by law
6. Claim support entities - law firms, debt collection entities (in justified cases)

All data recipients act under data processing agreements and are required to maintain confidentiality and process data in accordance with our instructions.

4. Data transfers to third countries

Due to the international nature of the Platform and the use of external providers, your data may be transferred outside the European Economic Area (EEA), in particular to the USA (for example in connection with Mapbox, Google, or Stripe services). Transfers are made on the basis of appropriate legal safeguards, such as standard contractual clauses approved by the European Commission.

5. Data retention periods

Your personal data will be stored for the following periods:

1. Data related to the user account - until the account is deleted
2. Point and group data - until deleted by the user
3. Transaction and accounting document data - for the period required by law (as a rule 5 years from the end of the tax year)
4. System logs data - up to 12 months
5. Claims-related data - until claims are time-barred

After the above periods, data is permanently deleted or anonymized.

6. Your rights regarding personal data processing

You have the following rights in relation to the processing of your personal data:

1. Right of access (Article 15 GDPR)
2. Right to rectification (Article 16 GDPR)
3. Right to erasure (Article 17 GDPR)
4. Right to restriction of processing (Article 18 GDPR)
5. Right to data portability (Article 20 GDPR)
6. Right to object (Article 21 GDPR)
7. Right to withdraw consent (Article 7(3) GDPR), if processing is based on consent
8. Right to lodge a complaint (Article 77 GDPR) with the supervisory authority, which in Poland is the President of the UODO

How to exercise your rights?
To exercise the above rights, contact us at contact@mapigo.net. We will respond without undue delay, no later than within one month of receiving the request.

7. Information on the requirement/voluntary nature of data provision

Providing personal data is voluntary, but necessary for:

• creating an account and using platform features (e-mail address, password)
• publishing a profile and points (username, point data)
• processing payments for the paid plan (payment data)

Failure to provide data will make it impossible to use the above features.

8. Automated decision-making and profiling

Your personal data is not processed in an automated manner (including profiling) to make decisions that produce legal effects or significantly affect your situation.

9. Data security

We apply appropriate technical and organizational measures to protect data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

10. Cookies and similar technologies

The Platform uses cookies and similar technologies to ensure proper operation. Details are described in the Cookie Policy.

11. Changes to the information on data processing

This information may be periodically updated due to changes in platform operation, legal requirements, or data processing methods.

Last updated: 18 January 2026

12. Contact regarding personal data protection

If you have questions about personal data processing or want to exercise your rights, contact us:

E-mail:contact@mapigo.net
Message subject: "Personal data protection" or "GDPR"

We will make every effort to respond to your request as quickly as possible.