Privacy Policy

Last updated: 15 May 2026

1. Data controller

The data controller is:
ARI.CODE Arkadiusz Rosłoniec
Gostomia 17, 26-420 Nowe Miasto nad Pilicą, Poland
Tax ID (NIP): 7972027390
Website: zbierajmadrze.pl
Contact: kontakt@zbierajmadrze.pl

2. Scope of this Policy

This Policy covers processing of personal data in connection with:

3. What data we collect and for what purposes

3.1 Contact form

  • Full name (required)
  • Email address (required)
  • Phone number (optional)
  • Farm name (optional)
  • Message content (optional)
  • IP address - solely for abuse protection (rate limiting)

Purpose: responding to your inquiry. Legal basis: Art. 6(1)(f) GDPR - legitimate interest of the controller in communicating with interested parties.

3.2 Registration and Demo Account

  • First and last name
  • Email address
  • Tax ID (NIP) - optional
  • Farm address
  • IP address - abuse protection (rate limiting)
  • Registration and activation markers: verification token, document acceptance timestamp, document version, request status

Purpose: handling the registration flow, activating and maintaining the Demo Account, verifying the email address, and sending messages related to account activation and service handling.
Legal basis: Art. 6(1)(b) GDPR - necessary for the performance of the Demo Account agreement to which the data subject is a party; for IP - Art. 6(1)(f) GDPR (legitimate interest: preventing abuse).

3.3 Data entered into the Application

While using the Application, the User (farmer, farm owner) may enter data concerning their employees and other persons, in particular:

  • Employee name
  • Identifier (NFC tag, code, BLE scale number)
  • Harvest records (date, quantity, fruit type, assignment to employee)
  • Hourly and piecework records
  • Settlement data (for the User's purposes)

For this category of data the User is the controller (farmer/employer) and the Service Provider acts as a processor within the meaning of Art. 28 GDPR. Detailed rules are set out in the Data Processing Agreement, which forms an annex to the Terms of Service. Data subjects whose data the User enters into the Application should address data-subject requests to the User.

3.4 Paid Account purchase (payments)

  • First and last name
  • Email address
  • Company / farm name and address (country, postal code, city, street)
  • Tax ID (NIP) - when a VAT invoice has been requested
  • IP address (abuse and payment-fraud prevention)
  • Transaction identifiers from the Payment Operator (Checkout Session ID, Payment Intent ID, payment status, amount, currency)

Purpose: entering into and performing the Paid Account agreement, including accepting and settling payments, issuing a VAT invoice (if requested), handling complaints and refunds.
Legal basis: Art. 6(1)(b) GDPR (necessary for the performance of the contract), Art. 6(1)(c) GDPR (legal obligations under tax and accounting laws), Art. 6(1)(f) GDPR (legitimate interest - security and fraud prevention).

Payment-card details, BLIK confirmation codes, online-banking passwords and other payment authentication data are not transmitted to or stored by the Service Provider - they are entered directly on the Payment Operator's (Stripe) page.

3.5 Technical and authentication data

  • IP addresses and basic server logs (request type, path, timestamp) - necessary for operation, security and diagnostics of the service
  • Authentication data (login = email, session tokens) processed by the Service Provider's authentication system
  • Account security events (login attempts, password changes)

Purpose: providing and securing the service, abuse detection. Legal basis: Art. 6(1)(b) GDPR (performance of contract) and 6(1)(f) GDPR (legitimate interest - security).

3.6 Landing-page visit statistics (GoatCounter)

On the zbierajmadrze.pl website we use a self-hosted GoatCounter statistics mechanism, available at stats.zbierajmadrze.pl. This mechanism does not store cookies or localStorage; to count unique visits it relies on a short-lived, rotated hash derived from the IP address and basic browser metadata, without creating a persistent device identifier.

  • Visitor IP address (processed transiently solely to derive the rotated hash; not stored in clear in the statistical datasets)
  • Basic browser and system information (User-Agent, language, country derived from IP)
  • Address of the page visited (URL) and referrer

Purpose: measuring aggregated traffic to the website (number of visits, most-viewed pages, traffic sources) in order to develop the service and assess communication effectiveness. This is not used for marketing profiling.
Legal basis: Art. 6(1)(f) GDPR - the legitimate interest of the Service Provider in maintaining aggregated visit statistics for its own website.
Right to object: you may object at any time to processing based on legitimate interest by contacting kontakt@zbierajmadrze.pl.

3.7 Marketing and ad measurement (Meta Pixel) - only with consent

After you give consent in the cookie banner, we enable on zbierajmadrze.pl the Meta Pixel mechanism provided by Meta Platforms Ireland Ltd. (4 Grand Canal Square, Dublin 2, Ireland). As part of its operation, the following is transmitted to Meta in particular:

  • browser identifier (_fbp cookie) and, if you arrived from an ad, the ad-click identifier (_fbc cookie),
  • IP address, technical browser data (User-Agent), URL of the visited page and referrer,
  • events related to your activity on the site: PageView, CompleteRegistration (after submitting the Demo or Paid registration form).

Purpose: measuring the effectiveness of Facebook and Instagram ads, conversion attribution, ad-campaign optimization.
Legal basis: Article 6(1)(a) GDPR - your consent; for the storage and reading of cookies on your device - Article 173(1) of the Polish Telecommunications Act.
Joint controllership: in respect of the collection of pixel events and their transmission to Meta, the Service Provider and Meta Platforms Ireland Ltd. act as joint controllers within the meaning of Article 26 GDPR (see Meta's Controller Addendum). With respect to further use of the data for its own purposes, Meta acts as a separate controller - its rules are described in the Meta Privacy Policy.
Withdrawal of consent: at any time via "Cookie settings" in the page footer. After withdrawal we stop loading the pixel, and the _fbp and _fbc cookies are removed on the next page load. Details: Cookie Policy.

4. Data recipients

We entrust data processing to the following parties:

  • OVH SAS (France, EEA) - hosting of servers, database, authentication mechanisms and landing-page statistics.
  • Plus Five Five, Inc. (Resend) (USA) - email delivery related to the contact form, registration and account handling.
  • Meta Platforms Ireland Ltd. (Ireland) - in respect of marketing cookies and Meta Pixel events, only after you give consent. Meta acts as a joint controller (in respect of event collection) and as a separate controller (in respect of further use of the data) - see section 3.7.

In addition, during the Paid Account purchase flow User data is shared with the Payment Operator:

  • Stripe Payments Europe Ltd (Ireland, part of the Stripe group) - the payment-services operator collecting and settling payments on behalf of the Service Provider. With respect to payment data, Stripe acts as an independent controller to the extent required by payment-services and anti-fraud law (in particular transaction data and payment-instrument data). Details are available in Stripe's privacy policy: stripe.com/privacy.

Data is not sold to third parties for marketing purposes. On the landing page we use our own self-hosted GoatCounter statistics mechanism (see section 3.6) and - only after your consent - Meta Pixel to measure advertising performance (see section 3.7).

5. Transfers outside the EEA

Personal data may be transferred outside the EEA only to the extent necessary for using service providers supporting the service. When email is sent via Plus Five Five, Inc. (Resend), data may be transferred to the USA. According to information published by the provider, it relies on international-transfer mechanisms such as the EU-U.S. Data Privacy Framework and contractual safeguards made available in its legal documentation.

Stripe Payments Europe Ltd is established in Ireland (EEA); within the Stripe group it may rely on infrastructure and supporting entities outside the EEA (including the USA). Stripe declares the use of appropriate transfer mechanisms (in particular EU Standard Contractual Clauses and the EU-U.S. Data Privacy Framework, to the extent and in line with the provider's current legal documentation).

Meta Platforms Ireland Ltd. (part of the Meta group) may transfer data to Meta Platforms, Inc. in the USA. The transfer is based on EU Standard Contractual Clauses (SCC) and Meta's participation in the EU-U.S. Data Privacy Framework (European Commission implementing decision of 10 July 2023 establishing the adequate level of protection provided by the EU-US Data Privacy Framework).

6. Retention

  • Contact form: form data is used to handle the message. We do not keep it in a separate landing-page database; the IP address used for abuse protection is kept for a short technical period, generally around 10 minutes.
  • Registration requests before account activation: the verification link is valid for 24 hours. Request data may then remain in the system for a limited period needed to handle registration, security and anti-abuse purposes; open or rejected requests are currently archived periodically after about 30 days.
  • Demo Account and data in the Application: data is kept for the duration of account use and then for the period necessary to handle the account, potential transition to a paid version, support requests, claims or legal obligations. If you want the account removed earlier, contact us.
  • Server logs: up to 30 days, then deleted.
  • Data relating to concluded contracts and issued invoices (if paid service is activated): for the period required by tax and accounting law (generally 5 years from the end of the fiscal year).

7. Cookies, localStorage and similar technologies

The zbierajmadrze.pl (landing) website uses the following technologies:

  • essential - storing your decision regarding consent to marketing cookies in browser localStorage, so we don't ask on every visit (legal basis: Article 173(3)(2) of the Polish Telecommunications Act and Article 6(1)(f) GDPR);
  • marketing (consent only) - Meta Pixel cookies (_fbp, _fbc) used to measure the effectiveness of Meta ads - details in section 3.7 and in the Cookie Policy.

The GoatCounter statistics mechanism (see section 3.6) does not rely on cookies or localStorage. A full description of cookies (names, providers, purposes, lifetimes) and the consent-management mechanism is provided in the Cookie Policy.

The app.zbierajmadrze.pl application may use:

  • necessary session and authentication mechanisms used for login and maintaining access to the service;
  • browser storage, localStorage and IndexedDB used for selected settings, offline work and data synchronization;
  • Service Worker and cache storage used where needed for PWA operation and application updates.

These mechanisms are used to provide the requested service rather than for advertising profiling. Details about the information site are provided in the Cookie Policy.

8. Your rights

Under GDPR, you have the right to:

  • access your data and receive a copy,
  • rectify your data,
  • erase your data ("right to be forgotten"),
  • restrict processing,
  • object to processing based on legitimate interest,
  • data portability,
  • withdraw consent at any time where processing is based on consent (withdrawal does not affect the lawfulness of prior processing),
  • lodge a complaint with the Polish Personal Data Protection Office (Prezes UODO).

To exercise your rights, contact us: kontakt@zbierajmadrze.pl. We will respond within 30 days.

9. Profiling and automated decision-making

The Service Provider does not subject data subjects to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect them.

10. Changes to the Policy

This Privacy Policy may be updated. Material changes will be communicated by email sent to the address associated with the Account or by an in-app notice. The current version, together with the last-updated date, is always available at this URL.