Policy | InPost

The protection of your personal data is very important to us. When providing postal services, we are required to maintain postal secrecy, which includes, among others things, information provided in postal items, data on entities using postal services, and data on the fact and circumstances of providing postal services or using these services. In addition, information or data covered by postal secrecy may be collected, recorded, stored, developed, changed, deleted, or made available only if these activities relate to the postal service provided or are necessary for its performance or if separate provisions provide otherwise.

In many cases, your personal data within the meaning of generally applicable law is also covered by postal secrecy. This document is intended to provide you with the necessary information on how we process your personal data and what your rights are in relation to the processing of your personal data.

The administrator of your data is, depending on the type of service performed, a relevant company with capital links to Integer.pl S.A. (a list of these entities is available at: https://integer.pl - hereinafter we will refer to these entities collectively as "InPost") or an external entity who provided data to InPost for the purpose of having the service performed, in particular:

If you are a natural person sending your parcel as part of the postal or transport services provided through InPost parcel lockers - the administrator of your data is InPost Paczkomaty sp. z o.o., with its registered office at ul. Pana Tadeusza 4, 30-727 Kraków.
If you are a natural person sending your parcel as part of courier services provided by InPost - the administrator of your data is InPost sp. z o.o., with its registered office at ul. Pana Tadeusza 4, 30-727 Kraków.
In the event that you commission an external entity to perform services on a parcel to be sent via the courier network of InPost sp. z o.o. or Parcel Lockers belonging to InPost Paczkomaty Sp. z o.o. (e.g. if you order goods in an on-line store, providing your data for delivery) - the administrator of your personal data is this external entity (e.g. on-line store), which commissioned InPost to perform the service on the shipment as its sender.

Whenever you consent to the processing of your personal data, you will be informed before expressing that consent which company among InPost companies is the administrator of your personal data.

As part of the services provided by InPost, we process the following personal data:

name and surname of the sender (including the payer) and the recipient (addressee) of the shipment,
the sender's address (street, house number, apartment number, zip/postal code, city),
the recipient's address (street, house number, apartment number, zip/postal code, city),
a new delivery address if, after posting, the sender asks InPost to deliver it to a new address, or InPost establishes a different delivery address with the recipient before delivery (the new address includes data in the form of street address, house number, apartment number, zip/postal code, and city),
the e-mail address of the sender and recipient of the shipment, which is processed to send messages regarding the performance of the service, in particular information on the current delivery status of the parcel, or information enabling collection of the parcel from a Parcel Locker,
the telephone number of the sender and recipient of the parcel for direct contact or sending messages regarding the performance of the service, in particular contact to determine another place of delivery of the parcel, or information enabling collection of the parcel from a Parcel Locker,
depending on the service, we can also process the bank account number necessary to transfer the collected cash (as part of the collection service, so-called cash on delivery) to the person indicated by the sender, as well as information enabling to identify payments or top-ups of accounts related to services we offer as pre-paid,
the IP addresses of people using our systems to purchase the services we provide.

We process the above data for the purpose and scope necessary to perform the services provided by InPost and to comply with InPost's legal obligations, including consideration of complaints submitted in relation to these services.
In addition, as part of marketing communications or to process your questions and requests, e.g. business inquiries (with your prior consent), we may process your personal data that you provided to us when expressing the above consent.

Providing personal data is voluntary, but necessary for the performance of services provided by InPost or for the consideration and possible implementation of the applications you send to us. The requirement to provide this data is a contractual requirement, while for data provided as part of complaints submitted to us for non-performance or improper performance of postal and transport services, this is also a statutory requirement (specified in the implementing provisions of Postal Law and Transport Law).

In addition, due to the fact that - for the purposes of security and protection of you and your parcels, in particular against theft and vandalism - we use InPost parcel locker monitoring, which may record your image, we also process this type of personal data. This processing of your data is therefore necessary not only to protect our legitimate interests, but also to protect your interests, and in the event that such a recording captured a crime being committed, this processing is also necessary to fulfill our obligation, which arises in particular from art. 81 of the Postal Law Act (Dz.U.2017.1481 i.e. ze zm.) and art. 304 of the Code of Criminal Procedure (Dz.U.2017.1904 t.j. ze zm.). We store recordings in a manner that ensures the security of their processing (we cover how we secure your personal data below in the chapter "How do we process your personal data?"), for up to one month from the date of recording.

We receive your personal data directly from you or the sender (including the payer) of the parcel which is sent by ordering InPost to perform the service on such a parcel. Data can therefore be received by InPost in the following circumstances:

if you give us your Shipment to be delivered to a person indicated by you or to the place indicated,
when our clients (e.g. on-line stores) provide us with your data to allow delivery of shipments to you,
in the event that you lodge a complaint with us for failure to perform or improper performance of the services we provide, or when your data is provided by a person authorized to make such a complaint, for example our customer who sent you a parcel and then lodged a complaint with InPost for non-performance or improper performance of the service regarding this shipment,
if you submit to us another inquiry regarding the services provided by InPost or InPost's activities,
if you provide InPost with your data to receive an InPost commercial offer,
if you provide InPost with your data to create an account in the InPost IT system, which allows you to purchase the services we offer,
if you provide your data - only with your consent - for the purpose of processing them for the purposes of marketing InPost products and services, as well as those offered by entities cooperating with InPost, which will be done by InPost or independently by these entities.

The purpose of processing your personal data is specified in particular in the relevant contract or InPost Terms and Conditions, on the basis of which we provide services to you or have access to your personal data, or directly when you consent to the processing of your personal data. These purposes may include:

providing postal or transport services to you, as well as services accompanying these services, including delivery of a shipment you have sent or delivery to you,
the need to fulfill tax, legal, and accounting obligations by InPost,
providing you with marketing information and materials for the purpose of providing you with our offer (this is optional and requires your consent to receiving this type of information).
analysis, including personalization, solely for the purposes of optimizing processes in the provision of our services and improving them.

We store your personal data no longer than necessary. In particular, we store this data for the time necessary for the proper performance of the services we provide, and after this period no longer than until the expiry of the limitation period for claims that may be raised in connection with the provision of these services. The duration of storing personal data is specified in our Terms and Conditions for the provision of services, data processing entrustment agreements (then this time is binding to the Parties to these contracts), the content of your consents to the processing of your personal data, and if it is not specified in these Terms and Conditions or contracts, we store your personal data for the following periods:

if you have an account in our systems that allow you to purchase the services we provide, and you order these services as the sender (including the payer), as well as if you do not have such an account, but use our services as the sender (including the payer), we store your personal data for a maximum period of 6 years from the day you sent the parcel,
if you are the recipient of a shipment, we store your personal data for a maximum period of 18 months, counting from the date of posting the shipment, and after this time we can store this data for no longer than the period of limitation of any claims relating to the provision of services, resulting from commonly applicable law,
if you file a complaint about the services provided by InPost, we process your personal data contained in the complaint for the time necessary to consider the complaint, and after this time we can store it for no longer than the period of limitation of any claims relating to the complaint arising from generally applicable law,
if you submit another application or inquiry to us, we store your personal data for the period of service and possible implementation of your application, and after this period we can store it for a period not exceeding the period of possible limitation of claims resulting from generally applicable law,
if the period of storage of your personal data results from mandatory provisions of law, we store your personal data for the period specified in these provisions.

Because InPost has to comply with obligations arising from the provisions of generally applicable law, in particular in the field of:

implementation of postal law, transport law, tax and accounting regulations,
to the extent that the processing of personal data is necessary for purposes arising from legitimate interests pursued by InPost, in the form of matters related to the pursuit of claims arising from the provision of services by InPost,
continuous improvement of security, including in particular the prevention of fraud,
other legal obligations imposed on InPost.

In the field of postal and transport services provided by InPost, we process your personal data:

in electronic form in InPost IT systems and those of InPost subcontractors, to the extent necessary for the proper performance of services provided by InPost, also in an automated manner,
in physical form (e.g. in written form), to the extent necessary for the proper performance of the services provided by InPost, in particular as printouts on shipping labels generated from InPost's IT systems, which are attached to the parcel.

When processing your personal data, we use safeguards appropriate to the type, amount, and scope of personal data processed, as well as appropriate organizational and technical measures to best protect your personal data against unauthorized activities.

Realizing the importance of protecting your personal data, we use, among others:

encrypting your data using SSL (Secure Sockets Layer) during transmission,
in certain cases, anonymisation, pseudonymisation, and encryption of your personal data
other hardware, network, and system security, such as: firewalls, licensed hardware, and network anti-virus software, controlled access through a secured VPN, and many other IT security measures,
electronic and physical mechanisms for controlling access of people to buildings and rooms in which your personal data is processed (e.g. magnetic and electronic keys, security locks, monitoring),
other safeguards that are designed to protect your personal data.

InPost's contact details: ul. Pana Tadeusza 4, 30-727 Kraków. Contact with the person responsible for the protection of personal data at InPost is possible at the following e-mail address: dane_osobowe@grupainteger.pl, or by traditional correspondence to the above address.

If you have any questions or concerns regarding the protection of your personal data, you can contact us via the email address: dane_osobowe@grupainteger.pl.

InPost processes your personal data in particular to perform the postal and transport services it offers. These services are performed on the basis of contracts, including contracts concluded with senders. We cannot perform these services without processing personal data (e.g. without knowing the delivery address for a parcel and its addressee, we are not able to deliver it), nor other services to which we have committed. The processing of your personal data is also necessary to fulfill our legal obligations. One of these obligations is the one specified in art. 81 of the Postal Law Act (Dz.U.2017.1481 i.e. z późn. zm.) - in accordance with this law, InPost, acting as a postal operator, is obliged to perform tasks and obligations for defence, state security, as well as public safety and order in the scope and under the conditions specified in the Postal Law Act and separate provisions.

We also process your personal data for purposes arising from our legitimate interests - by 'legitimate interest' we understand the lawful and rational purpose of data processing (e.g. direct marketing of our products or services, or pursuing claims arising from business operations). Whenever we want to process your personal data on the basis of a legitimate interest, we examine and assess whether such processing of personal data will affect you and your rights. We will not process your personal data on the basis of our "legitimate interest", if your interest or your rights and freedoms override it.

For other purposes of processing your personal data, you may withdraw your consent to the processing of your personal data for these purposes without affecting the validity of the processing of personal data before the consent is withdrawn. We obtain your consent especially for the use of your personal data for marketing purposes.

Pursuant to the provisions of the GDPR, the "recipient" of personal data is a natural or legal person, public authority, or other entity to whom personal data is disclosed, regardless of whether it is a third party. Your personal data is not processed exclusively by InPost and its staff. We provide our services with the help of many subcontractors, ranging from transport companies to entities that run post offices for us and issue shipments to you. Your data is therefore processed by such categories of recipients as:

InPost employees and associates,
InPost subcontractors, providing services on our behalf for receiving, moving, sorting, and delivery of shipments,
insurer dealing with damage to shipments,
subcontractors operating our IT networks and databases, creating IT solutions for us, and providing marketing services to us,
subcontractors servicing the InPost helpline and customer service department,
companies related by capital to Integer.pl S.A. (a list of these entities is available at: https://integer.pl/pl/grupa-kapitalowa-integer-pl/profil-dzialalnosci),
professional entities providing InPost with tax, legal, auditing, and settlement consultancy.

Your personal data is transferred to third countries in the event that the services provided by InPost are also to be performed in the territory of a third country. This is the situation for example if you send a parcel via InPost to such a country. Your personal data may also be transferred to our subcontractors (e.g. entities that deliver your parcel in a third country) and entities providing InPost with tax, legal, audit, and billing advice if they operate in a third country. In each of the above cases, we secure the processing of your personal data, in particular by entering into confidentiality agreements and contracts for the processing of personal data in a manner that complies with the provisions of the law generally applicable in the European Union and Poland in the field of personal data protection, as well as on conditions that ensure the security of processing your personal data. We do not transfer your personal data to international organizations. We do not transfer your personal data to third countries if such transfer is not possible on the basis of or is excluded by generally applicable law.

If you use our websites and systems available through these websites (in particular enabling the generation of shipping orders and other activities related to ordering postal and transport services), when browsing these pages, so-called "cookies" are created. These are small text files that are stored on your device, which you use to browse websites. They are commonly used to ensure the functioning of websites and other services provided via the Internet, and to improve and develop these pages, which is based on reading the content of these files.

InPost collects information contained in "cookies", such as the date of connection to the website or the IP address of the device from which the connection to the website takes place - this is data showing how you use our websites. This information is used for administrative and statistical purposes and to improve these pages and improve your user experience. In addition, this data, processed automatically, can be used to analyse the behaviour of these pages' content recipients (e.g. time spent on the website) or to personalize the content of websites, in particular by providing on-line advertisements.

You do not have to accept cookies (you can accept their use by selecting the appropriate button on our website, as well as by selecting the appropriate settings in your web browser), but this may cause the website to function improperly.

You have the right to demand from InPost, as the administrator of your personal data, access to your personal data, rectification, deletion, or limitation of processing, as well as the right to object to its processing, and the right to transfer the data and receive a copy.

If you have consented to the processing of your data by InPost, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing on the basis of your consent before its withdrawal.

You can exercise the above rights by submitting a relevant statement to InPost, in particular via the email address: dane_osobowe@grupainteger.pl.

You also have the right to lodge a complaint with a supervisory body (the President of the Personal Data Office or another state office obliged by law to supervise the rules of processing personal data) if you feel that we have not properly addressed our obligations.

This policy may change, in particular if it is necessary due to a change in generally applicable law or a change in the scope of services offered by InPost. The current version of the policy is available at: https://inpost.pl/en/policy.

3.1 The administrator of personal data of persons using the Website is InPost sp. z o.o. with its registered office in Krakow (30-727) at ul. Pana Tadeusza 4. Personal data (including IP addresses or other identifiers and information collected through cookies or other similar technologies) of all persons using the Website who are not registered Users (i.e. those who do not have a profile on the Website), are processed by the Administrator:
- 3.1.1 in order to provide services electronically in the scope of making the content collected on the Website available to the Users - in this case the legal basis for processing is the necessity of processing to fulfil the contract (Art. 6 section 1 point b of GDPR);
- 3.1.2 for analytical and statistical purposes - in this case the legal basis for processing is the legitimate interest of the Administrator (Art. 6 section 1 point f GDPR), consisting in the analysis of User activity and preferences in order to improve the functionalities and services provided;
- 3.1.3 in order to possibly make and enforce claims or defend against them - the legal basis for processing is the legitimate interest of the Administrator (Art. 6 section 1 point f GDPR), consisting in the protection of the Administrator's rights;
- 3.1.4 for use in the marketing activities of the Administrator and other entities, in particular those related to the presentation of behavioural advertising - the principles of processing personal data for marketing purposes are described in the "MARKETING" section.
3.2 The Users' activity on the Website, including their personal data, is recorded in system logs (a special computer program used for storing a chronological record containing information on events and activities in the IT system used by the Administrator to provide services). Information collected in the logs is processed primarily for purposes related to the provision of services. The administrator also processes data for technical and administrative purposes, for the purpose of ensuring the security of the IT system and management of this system, as well as for analytical and statistical purposes - in this respect the legal basis for processing is the legitimate interest of the Administrator (Art. 6 section 1 point f of GDPR).
3.3 The Users' personal data in the form of information about how they use the Website may be processed in order to ensure its proper functioning, conduct analyses, and adapt the displayed advertising content to the Users' interests. The Administrator only uses the User's personal data for the purpose of marketing activities if the User had previously consented to it; this consent can be withdrawn at any time. Information about the tracking technologies used and the User's rights are described in the section TRACKING TECHNOLOGIES USED ON THE WEBSITE.

3.4 The Administrator of personal data of persons registering on the Website is Inpost sp. z o.o. with its registered office in Krakow (30-727), ul. Pana Tadeusza 4. Persons who register on the Website are asked to provide the data necessary to create and operate an account. In order to facilitate the operation, the User may provide additional data, thereby agreeing to their processing. This data can be deleted at any time. Providing data marked as mandatory is required in order to create and operate an account and failure to do so results in the inability to create an account. Providing other data is voluntary.
3.5 Personal data is processed:
- 3.5.1 in order to provide services related to the maintenance of accounts on the Website – the legal basis for processing is the necessity of processing to perform the contract (art. 6 section 1 point b of GDPR), and in relation to data provided optionally – the legal basis for processing is consent (art. 6 section 1 point a of GDPR);
- 3.5.2 for analytical and statistical purposes - in this case the legal basis for processing is the legitimate interest of the Administrator (Art. 6 section 1 point f of GDPR), consisting in conducting analyses of User activity on the Website and the manner of using accounts, as well as User preferences, in order to improve the system's functionalities;
- 3.5.3 in order to possibly make and enforce claims or defend against them - the legal basis for processing is the legitimate interest of the Administrator (Art. 6 section 1 point f GDPR), consisting in the protection of the Administrator's rights;
- 3.5.4 for use in the marketing activities of the Administrator and other entities - the principles of processing personal data for marketing purposes are described in the "MARKETING" section.
3.6 Accounts on the Website can also be logged into via third party portals (Facebook, Allegro), if such an option is made available. In this case, the Website will only download data necessary to register and operate the account from the User's account within the third party portal. Information on the scope and purposes of data processing by third party portals can be found in their privacy policies.
3.7 If the User adds the personal data of other people on the Website (including their names, addresses, telephone numbers, or e-mail addresses), they can do so only on condition that they do not violate applicable law and personal rights of the people in question.

4.1 The Administrator processes Users' personal data in order to carry out marketing activities, which may include:
- 4.1.1 displaying marketing content to the User on the Website, corresponding to their interests (behavioural advertising), as well as directing advertising messages to Users who use the Website on other websites and on social networks (remarketing);
- 4.1.2 sending through various channels, including via e-mail, MMS / SMS, telephone calls, and push notifications, commercial information pertaining to interesting offers or content regarding the Administrator's products and services, companies from the Integer.pl Group, and entities cooperating with the above-mentioned companies.
4.2 The Administrator undertakes these activities above in the event of receiving appropriate consent (hereinafter referred to as:„Marketing consent”).
4.3 For the activities referred to in 4.1.1. The Administrator receives the User's consent to the use of tracking technologies using information about the way the Website is used via a banner displayed on the Website. For more information, see the “Tracking Technologies Used on the Website” section below.
4.4 For the activities referred to in 4.1.2. The Administrator receives consent from the User to send marketing messages through the indicated communication channel by selecting the appropriate check-box under the form.
4.5 If the marketing consent is given, the Administrator may start processing the User's personal data collected in connection with the implementation of other data processing processes (maintaining an account, providing services via InPost's mobile applications, etc.) for marketing purposes, pursuing their legitimate interest (art. 6 section 1 point f of GDPR). This data can be used for profiling the User. This means that the Administrator uses automated data processing to evaluate selected factors concerning Users, in order to analyse their behaviour or create a forecast for the future. This makes it possible to match the content displayed or sent to the user to their individual preferences and interests. How the profiles are used depends on the content of the marketing consent given by the User (e.g. if the User has consented to marketing communication, the commercial information sent via e-mail will be appropriately tailored to the User's interests).

5.1 Cookies are small text files saved to the User's device. Cookies collect information that facilitates the use of the website – e.g. by recording information about the User, e.g. regarding logging in or language preferences. The Administrator of data processed in connection with the use of cookies is Inpost sp. z o.o. with its registered office in Krakow (30-727), ul. Pana Tadeusza 4. On the Website, the Administrator uses its own files, which are installed directly by the Website. Third party cookies are also used - which are cookies from a domain other than the domain of the website visited – primarily for analytical and advertising activities of the Administrator.
5.2 The Website uses cookies primarily to ensure its proper functioning, to remember the User's choices on the website – and if the User had given consent – also to analyse and track the traffic on the website and to match advertising content to the User's interests. Cookies are also installed by the Website, with prior consent, to enable the use of social media functionalities.
5.3 Detailed information about cookies that the Administrator uses on the Website can be found below. The Administrator regularly uses tools to scan the Website in order to determine what cookies are stored on the User's device, so that the list of cookies used is as accurate as possible. The Administrator uses the following categories of cookies: necessary and functional, analytical, advertising, and social media cookies.

6.1 The Administrator and its partners use various methods and tools for analytical and marketing purposes. Below you will find the basic information about these tools. However, more detailed information can be found in a given partner's privacy policy.

6.12 The Website uses plugins for social networks (Facebook, Google+, LinkedIn, Twitter). Plugins allow the User to share the content published on the Website on the selected social network. The use of plugins on the Website means that a given social network receives information about the use of the Website by the User and may connect it with the User's profile created in a given social network. With regard to the use of social media plug-ins, data is co-administered by The Administrator and individual providers of social media plug-ins. Detailed information on this can be found at the following links:
- 6.12.1 Facebook: https://www.facebook.com/policy.php
- 6.12.2 Google: https://policies.google.com/technologies/product-privacy?hl=pl
- 6.12.3 LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=%7Berror-page%7D-privacy-policy
- 6.12.4 Twitter: https://twitter.com/en/privacy

7.1 The use of cookies to collect data, including accessing data stored on the User's device, requires the User's consent. On the Website, the Administrator receives consent from the User via a cookie banner. This consent may be withdrawn at any time in accordance with the rules described below.
7.2 Consent is not required only in the case of cookies, the use of which is necessary for the provision of a telecommunications service (data transmission in order to display content).
7.3 In order to receive advertising tailored to the User's preferences, in addition to agreeing to the installation of cookies via the banner, it is necessary to set appropriate browser settings that allow cookies from the Website to be stored on the User's end device.
7.4 Withdrawal of consent to the use of cookies on the Website is possible via the cookie banner. The user can return to the banner by clicking on the button below:
7.5 After displaying the banner, the User may withdraw consent by clicking the "Manage cookies" button, then move the slider next to the selected cookie category and press the "Close and save" button.
7.6 The user also has the option of withdrawing consent by changing browser settings. Detailed information on this can be found at the following links:
- 7.6.1 Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka
- 7.6.2 Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
- 7.6.3 Opera: http://help.opera.com/Windows/12.10/pl/cookie.html/
- 7.6.4 Safari: https://support.apple.com/kb/PH5042?locale=en-GB
7.7 The user may at any time verify the status of their current browser privacy settings by using the tools available at the following links:
- 7.7.1 http://www.youronlinechoices.com/pl/twojewybory
- 7.7.2>http://optout.aboutads.info/?c=2&lang=EN
7.8 In order to exercise the right to access, rectify, delete, limit, transfer, object to the processing of Personal Data, submit a complaint or ask another question concerning cookie files, please send an inquiry to dane_osobowe@inpost.pl or the Administrator's other contact details indicated in the Privacy Policy.

8.1 The period of data processing and storage depends on the type of service provided and the purpose of processing. As a rule, the data is processed throughout the time the service is being provided, until the consent is withdrawn, or an effective objection to data processing is filed in cases where the legal basis for data processing is the Administrator's legitimate interest.
8.2 Personal data is processed by the Administrator:
- 8.2.1 in order to provide electronic services made available by the Administrator on the Website – until a given service is no longer being provided;
- 8.2.2 for analytical and statistical purposes - until the User's Personal Data is no longer stored in connection with another active processing goal or until an effective objection to the processing of Personal Data is expressed (but not longer than until the last day of the calendar year following the expiry of 3 years from the end of the period when the Administrator was providing services);
- 8.2.3 in order to establish and pursue claims or defend against claims - until the last day of the calendar year following the expiry of 6 years (in the case of consumer claims) or 3 years (in the case of claims related to business activities) from the moment the service is no longer being provided;
- 8.2.4 in order to respond to complaints regarding the services provided by electronic means – by the last day of the calendar year following the expiry of 6 years (in the case of consumer claims) or 3 years (in the case of claims related to business activities) from the moment the complaint is dealt with;
- 8.2.5 for marketing purposes of the Administrator and other entities - until the withdrawal of the Marketing Consent or an effective objection to the processing of Personal Data.
8.3 The data processing period may be extended if processing is necessary to establish and assert claims or defend against them, but after that time only in the event and to the extent required by law. After the processing period, backup copies are permanently destroyed or anonymised.

3.1 The User's Personal Data are provided voluntarily, but it is necessary to use the features of the App, in particular the Services offered in the Mobile App.

3.2 Using the App involves the processing by the Controller of the User's following Personal Data:
- 3.2.1 the identification data, including in particular: the name, the last name, the telephone number, the address, the e - mail, the residence address, the delivery address, the NIP;
- 3.2.2the details regarding the User Account, including, in particular: the account creation date in the Mobile App, the data related to the localization;
- 3.2.3 the history of the actions undertaken within the User Account, including, in particular, the list of the parcels collected and dispatched, the list of returns;
- 3.2.4 marketing data, among others, data on how the mobile device and the Mobile App are used, including, in particular: clicks and traffic in the Mobile App, the manufacturer, the operating system, and the model of the mobile device, the IP address, opened push notifications (if the User expresses their consent to receive push notifications).
3.3 The personal data of the Users are processed by the Controller:
- 3.3.1 for the purpose of providing services made available to the User through the Application electronically – the legal basis for the processing is the need to process them in order to perform a contract (art. 6 section 1 letter b of GDPR);
- 3.3.2 for the analytical and statistical purposes – the legal basis for the processing is the Controller's legitimate interest (Article 6 section 1 letter f of GDPR) consisting in conducting analyses of users' activity and preferences in order to improve the functionalities applied and the Services provided;
- 3.3.3 to determine and pursue claims or to defend against claims – the legal basis for the processing is the Controller's legitimate interest (Article 6 section 1 letter f of GDPR) consisting in protecting their rights;
- 3.3.4 in order to answer complaints concerning any services provided electronically, and to respond – then the legal basis for processing is the Controller's legitimate interest (Article 6 section 1 letter f of GDPR) consisting in the need to examine them and respond to them;
- 3.3.5 for the marketing purposes of the Controller and other entities – the rules of processing the Personal Data for marketing purposes are described in the section MARKETING.
3.4 The User's personal data in the form of information about the mobile device and the use of the Mobile App may be processed in order to ensure its proper functioning, analyses, and to adjust the contents of the commercials displayed to the interests. Analytical and marketing activities, which are undertaken by the Controller only when the User has expressed their consent thereto, which may be retracted at any time. Information about the tracing technologies used and information regarding the User's rights are described in the section TRACING TECHNOLOGIES USED IN THE MOBILE APPLICATION.

4.1 The Controller processes the Users' Personal Data in order to perform marketing activities, which may consist in:
- 4.1.1 displaying marketing content for the User in the Mobile App corresponding to their interests (behavioral advertisement), and also presenting advertising messages to the Users, who use the Mobile Application, on websites and in social media (re-marketing).
- 4.1.2 transferring commercial data through different channels, among others by e-mail, by means of SMS/MMS, through push notifications or by phone, with information about interesting offers or concerning products and services of the Controller, of the companies from the Integer.pl Group of Companies and of entities cooperating with the aforementioned companies.
4.2 The Controller takes actions discussed above in the case of receiving the relevant permit (hereinafter: "Marketing Consent”).
4.3 In the case of any activities mentioned in 4.1.2. the Controller receives the User's consent for transferring marketing content to the specified communication channel by checking the relevant checkbox under the form available at the App installation stage in the user panel, or in other sites being managed by the Controller (among others websites, competition and promotional forms, and other).
4.4 In the case of any activities referred to in item 4.1.1., the legal basis for processing the data is the Controller's legitimate interest (art.6 sect.1 letter f of GDPR), consisting in running marketing activities. The option of blocking behavioral advertisements in the mobile app is described in item 4.9. In the case of consenting to the marketing activities, the Controller may start the processing of the personal data of the User, in association with the implementation of other data processing processes, (managing the account, providing services in the Mobile App etc.) for marketing purposes, to achieve their substantiated interest (Article 6 section 1 letter f of GDPR). These data can be used for User profiling. This means that, by automatic data processing, the Controller evaluates selected factors pertaining to the Users, to analyze their behavior or to prepare future forecasts. This makes it possible to adjust the commercials displayed or contents transmitted to the individual preferences and interests better. The method of using the profiles depends on what content is covered by the User's marketing consent (e.g., if the user has ordered marketing communication, then the commercial information sent in e - mails will match their interests).

5.1 The Controller and their partners apply different solutions and tools used for analytical and marketing purposes. The following is the basic information regarding these tools. The detailed information in this respect is available in the privacy policy of a given partner.

6.1 The period of data processing by the Controller depends on the type of the service being provided and the purpose of the processing. As a rule, the data is processed for the time of providing the service, until the consent given is withdrawn, or an effective objection against the processing of the data is reported when the legal basis for the processing of the data is the Controller's legitimate interest.
6.2 The Personal Data is processed by the Controller:
- 6.2.1 to provide electronic services by the Controller within the Mobile App – until the end of the provision of the given service;
- 6.2.2 for analytical and statistical purposes - until the end of the User's data retention in relation to another active purpose of the processing , or until an effective objection against the processing of the Personal Data is expresses (no longer however, than until the last day of the calendar year following 3 years from the moment of finishing the provision of the services by the Controller);
- 6.2.3 in order to determine and pursue claims or to defend against claims - by the last day of the calendar year after the elapse of 6 years (in the case of the consumer claims), or 3 years (in the case of the claims related to business operations) from the moment of finishing the provision of the service;
- 6.2.4 in order to answer complaints concerning any services provided electronically, and to respond – until the last day of the calendar year following the elapse of 6 years (in the case of the consumer claims) , or 3 years (in the case of the claims related to business operations) from examining the complaint;
- 6.2.5 for the marketing purposes of the Controller and other entities - until the withdrawal of the marketing consent, or until an effective objection against the processing of the Personal Data is reported.
6.3 The data processing period can be prolonged if the processing is necessary to determine and pursue claims or defend against claims, and after this time only when and to the extent to which this is required by any legal provisions. After the expiration of the processing period, the data are irreversibly removed or anonymized.

Privacy policy of the Integer.pl S.A. capital group companies

valid from June 14, 2018 (as version No. 1.1)

Who is the administrator of your personal data?

What personal data do we process?

How do we receive your personal data?

For what purposes do we process your personal data?

How long do we store your personal data?

Why do we store your data for such a period of time?

How do we process your personal data?

What are the contact details of the Personal Data Administrator and the person responsible for the protection of personal data?

What are the legal grounds for processing your personal data by InPost?

Who is the recipient of your personal data?

Is your personal data transferred to third countries, i.e. countries that do not belong to the European Economic Area?

Cookies

What are your rights regarding access to your personal data?

Privacy Policy

1. Definitions

2. Integer.pl Capital Group

3. Scope, purposes, and legal grounds for data processing

Using the website

Registering at the website

Offer forms

Contact forms

Marketing forms

4. Marketing

Behavioural advertising and remarketing

Sending commercial information

5. Cookies and similar technologies

Essential and functional cookies

Analytical cookies

Advertising cookies

Social media cookies

Tracking technologies used on the website

6. Analytical and marketing tools used by the Administrator

Google Analytics

Google Ads

Facebook Pixels

Linkedin Insight Tag

Twitter Ads

Adform

Hotjar

Salesmanago

Pushpushgo

Synerise

Social media plugins

7. Managing cookie settings

8. Personal data processing period

9. Users' Rights

10. Data recipients

11. Data transmission outside the EEA

12. Security of personal data

13. Contact data

14. Changes to the Policy

INPOST MOBILE PRIVACY POLICY

1. Definitions

2. Integer.pl Group of Companies

3. Scope, Objectives, and Legal Basis of Data Processing

Using the InPost MOBILE APP

4. Marketing

Behavioral advertisement and re-marketing

Sending Commercial Information

The Tracing Technologies Used in the Mobile App

5. Analytical and Marketing Tools Used by the Controller

Google Firebase Analytics

SDK Facebook

Synerise

6. Personal Data Processing Period

7. User's Rights

8. Data Recipients

9. Data Transfer Outside the EEA

10. Personal Data Safety

11. Contact Details

12. Changes in the Policy