Privacy Policy

1. Introduction

Travomate SP Z.O.O (hereinafter "Travomate", "we", "us", or "our"), with registered office at UL. NOWOGRODZKA 31, 00-511 Warsaw, Poland, NIP: 7011239205, REGON: 540531181, KRS: 0001146347, is committed to protecting your privacy and personal data. This Privacy Policy outlines how we collect, use, store, and protect your personal information when you use the Travomate Parcels mobile application (the "App") and related services, in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Polish data protection laws.

By using the Travomate Parcels App, you agree to the collection and use of information in accordance with this policy.

2. Data Controller

3. Personal Data We Collect

We collect various types of personal data to provide and improve our services. This includes:

3.1 Information You Provide Directly

When you register for an account, post a parcel, offer to travel, or communicate with other users, you may provide us with:

• Identity Data: Name, surname, date of birth.
• Contact Data: Email address, phone number, physical address.
• Profile Data: Profile picture, user ratings, delivery history, preferences.
• Financial Data: Payment information (processed securely by third-party payment providers; we do not store full payment card details).
• Parcel Details: Description of items, value, dimensions, weight, pickup and delivery addresses, recipient details.
• Travel Details: Travel routes, dates, available space for parcels.
• Communications Data: Messages exchanged with other users or with our support team.

3.2 Automatically Collected Data

When you use the App, we may automatically collect information about your device and usage:

• Device Data: IP address, device type, operating system, unique device identifiers.
• Usage Data: App usage patterns, pages viewed, features accessed, time spent on the App.
• Location Data: Precise or approximate location data from your mobile device, with your consent, to facilitate parcel matching and tracking. You can disable location services in your device settings.
• Tracking Technologies Data: Information collected through cookies and similar technologies (see Section 10).

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

• Performance of a Contract (Art. 6(1)(b) GDPR): To provide the Travomate Parcels App services, including facilitating parcel matching, communication between users, payment processing, and delivery tracking.
• Legitimate Interests (Art. 6(1)(f) GDPR): For purposes such as improving our services, ensuring security, preventing fraud, analyzing app usage, and for direct marketing (where not requiring consent), provided that these interests do not override your fundamental rights and freedoms.
• Consent (Art. 6(1)(a) GDPR): For specific purposes where we have obtained your explicit consent, such as for precise location tracking or sending certain marketing communications.
• Legal Obligation (Art. 6(1)(c) GDPR): To comply with applicable laws, regulations, and legal processes, such as tax and accounting requirements, or responding to lawful requests from public authorities.

5. How We Use Your Data

We use the collected data for various purposes, including:

• To provide, operate, and maintain the Travomate Parcels App and its functionalities.
• To facilitate the matching of senders with travellers for parcel delivery.
• To process transactions and manage payments securely.
• To enable communication between senders and travellers.
• To track parcel status and provide delivery updates.
• To personalize your experience and improve the App's features and performance.
• To provide customer support and respond to your inquiries.
• To send you service-related notifications, updates, and administrative messages.
• To send marketing and promotional communications (where you have consented or where permitted by legitimate interest).
• To detect, prevent, and address technical issues, fraud, and security incidents.
• To comply with legal obligations and enforce our Terms of Service.
• To conduct research and analysis to understand user behavior and improve our services.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention periods vary depending on the type of data and the purpose of processing:

• Account Data: Retained for the duration of your active account and for a period thereafter as required by law or for legitimate business interests (e.g., dispute resolution, fraud prevention).
• Transaction Data: Retained for a period required by tax and accounting laws (e.g., 6 years under Polish law).
• Communications Data: Retained for a reasonable period to manage customer service inquiries and for legal defense.
• Marketing Consent: Retained until you withdraw your consent.

7. Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your data with:

• Other Users: Limited information (e.g., name, ratings, parcel details, travel route) is shared between senders and travellers to facilitate the delivery process.
• Service Providers: Third-party vendors who perform services on our behalf, such as payment processing, hosting, analytics, customer support, and marketing. These providers are contractually bound to protect your data and use it only for the purposes for which it was disclosed.
• Legal Authorities: When required by law, court order, or governmental regulation, or to protect our rights, property, or safety, and the rights, property, or safety of our users or others.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity.
• With Your Consent: We may share your data with other third parties when you give us explicit consent to do so.

When transferring data outside the EU/EEA, we ensure adequate protection through appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, or by ensuring the recipient is certified under an approved data transfer mechanism.

8. Your Rights Under GDPR

As a data subject, you have the following rights concerning your personal data:

• Right to Access (Art. 15 GDPR): You have the right to obtain confirmation as to whether or not your personal data is being processed, and, where that is the case, access to the personal data and certain information regarding the processing.
• Right to Rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate or incomplete personal data concerning you.
• Right to Erasure (Art. 17 GDPR — "Right to be Forgotten"): You have the right to request the deletion of your personal data under certain conditions.
• Right to Restriction of Processing (Art. 18 GDPR): You have the right to request the restriction of processing of your personal data under certain conditions.
• Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance.
• Right to Object (Art. 21 GDPR): You have the right to object to the processing of your personal data, particularly where processing is based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent (Art. 7(3) GDPR): Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with the competent supervisory authority, which in Poland is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych — UODO).

To exercise any of these rights, please contact us at info@travomate.com.pl.

9. Security Measures

We implement robust technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, destruction, or loss. These measures include:

• Encryption: Data in transit and at rest is encrypted using industry-standard protocols (e.g., SSL/TLS).
• Access Controls: Strict access controls are in place to limit access to personal data only to authorized personnel who have a legitimate business need.
• Regular Security Audits: We conduct regular security assessments and penetration testing to identify and address vulnerabilities.
• Data Minimization: We collect and process only the personal data that is necessary for the stated purposes.
• Staff Training: Our staff receives regular training on data protection and security best practices.
• Backup and Disaster Recovery: Robust backup and disaster recovery procedures are in place to ensure data availability and resilience.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (e.g., pixels, web beacons) to enhance your experience on the Travomate Parcels App, analyze app usage, and for marketing purposes. For detailed information about the cookies we use, their purpose, and how you can manage your preferences, please refer to our separate Cookie Policy.

11. Children's Privacy

The Travomate Parcels App is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

13. Contact Information

If you have any questions about this Privacy Policy or our data protection practices, please contact us:

Polish Supervisory Authority (UODO):