Privacy Policy.

1. GENERAL INFORMATION

1.1. This Privacy Policy describes the rules for processing personal data on the Staytus Service, in accordance with the GDPR (EU 2016/679).

1.2. Depending on the situation, you may be a User of the Service or a Client using case management services.

2. DATA CONTROLLER

2.1. The data controller is SND Sp. z o.o. based in Warsaw (ul. Brylowska 6/U2, 01-216 Warsaw), NIP: 1133171965, KRS: 0001180800.

2.2. Contact regarding data matters: e-mail indicated in the Service (Contact tab) or contact details in the footer.

3. SCOPE OF DATA

3.1. We may process identification and contact data, in particular: first and last name, phone number, e-mail, address, document details (e.g., passport), PESEL number (if required), residence data, employment data, and other information necessary to provide the service.

3.2. We also process technical data: IP address, cookie identifiers, device and browser data (to the extent required for the operation of the Service and analytics - depending on consents).

4. PURPOSES AND LEGAL BASES FOR PROCESSING

4.1. We process data for the following purposes:

- creating and maintaining an Account (Art. 6 sec. 1 lit. b GDPR – performance of a contract/provision of an electronic service),

- provision of case handling and document preparation services (Art. 6 sec. 1 lit. b GDPR),

- fulfillment of legal obligations (e.g., accounting) (Art. 6 sec. 1 lit. c GDPR),

- establishing or defending against claims (Art. 6 sec. 1 lit. f GDPR – legitimate interest),

- analytics and marketing (regarding cookies) – based on consent (Art. 6 sec. 1 lit. a GDPR), if required.

4.2. Providing data is voluntary but necessary to create an account and/or perform services.

5. DATA RECIPIENTS

5.1. Data may be transferred to processing entities on our behalf (e.g., hosting, cloud, communication tools, CRM systems, signature and payment tools), solely to the extent necessary to provide services.

5.2. Data may also be transferred to public administration bodies and institutions if necessary to execute a case (based on your order/power of attorney or regulations).

6. TRANSFERS OUTSIDE THE EEA

6.1. If we use providers such as Google or other global providers, data may be processed outside the European Economic Area.

6.2. In this case, we apply appropriate legal safeguards, in particular standard contractual clauses (SCC) or other mechanisms compliant with the GDPR.

7. STORAGE PERIOD

7.1. We store account data for the duration of keeping the account and for the period necessary for settlements and securing claims.

7.2. Case documents are stored for the duration of the service and for a period justified by regulations or legal security (e.g., limitation of claims), unless the contract states otherwise.

7.3. We store accounting data for the period required by law.

8. RIGHTS OF THE DATA SUBJECT

8.1. You have the right to: access data, rectify, delete, restrict processing, transfer data, object (to processing based on legitimate interest), and withdraw consent at any time (if processing is based on consent).

8.2. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

8.3. You have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO).

9. SECURITY

9.1. We apply technical and organizational measures adequate to the risk, including transmission encryption, access control, segregation of privileges, and security monitoring.

9.2. Sensitive documents should be transmitted exclusively via the User Account, not through public communication channels.

10. POLICY CHANGES

10.1. The policy may be updated. The current version is published on the Service.