%201.png)
Languages
PRIVACY STATEMENT
updated: 19.01.2026
This Privacy Statement (hereinafter, the Statement) governs the processing of personal data of users of RETAILYX SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ (hereafter, Leniwka) products and services including its websites (hereafter, collectively “the Services”).
We attach great importance to the protection of your personal data, so take a moment to find out more about our Privacy Statement and contact us if you have any questions.
This Statement shall govern any interaction between Leniwka and users related to personal data when you:
● use our website – leniwka.com.
● use of our services.
● reach us with your questions and enquiries or interact with us in any other form.
This Statement neither governs nor determines the rights and obligations of third parties. It also does not apply to third-party applications or software available to users for integration with the Services. Thus, if you integrate any third-party applications with our Services, we will not be able to control how such applications and tools process your personal data.
Please do not use the Services if you do not agree with the provisions and scope hereof.
Who determines the purposes and means of personal data collection?
The purposes and means of how your personal data is collected in these services are determined by the following legal entity:
RETAILYX SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ ul. DOMANIEWSKA nr. 17/19 lok. 133. WARSZAWA 02-672 POLSKA email: hello@leniwka.com
Personal data is any information that could enable direct or indirect identification of a person (e.g., their name, passport details, online identifier, etc.).
In accordance herewith, personal data may be collected both directly and indirectly.
(1) Personal data are collected directly when you provide them voluntarily (e.g. when registering in the Services).
(2) Indirect collection of personal data may occur automatically when accessing the Services. For example such a personal data collecting will occur when we receive your personal data from third parties (e.g. our analytics partners) or via cookies.
The personal information we collect varies based on your interactions with our website and other services. The categories of data we may gather include:
● Authorization Data – telephone number, email address, password, Google or Apple account.
● Account Data – first name, last name, gender, language, orders and relating information, chats, account and relating information, personal identification documents, certifications, applicable service categories, reviews, profile picture, disputes.
● Payment Data – transactions relating to orders, payment methods, payment information.
● Log Data – application logs, interactions with the application.
● Customer Support Data – your contact information as well as details shared when you reach out with your enquiry, such as your messages and any relevant information needed to address your inquiries.
● Marketing Data – your contact details, your subscriptions to our newsletters and/or blog updates as well as your other marketing preferences.
● Analytics Data – IP-address, traffic data, location data, internet connection details, device details, browser details, operating system details, your search queries on our website.
We may collect certain sensitive personal information and only use it for permitted business purposes. You may have the right to limit our use of this information.
“Processing” is understood as at least one of the following: storage, modification, retrieval, disclosure, structuring, use, destruction as well as any other action with respect to your personal data.
When it comes to application processing purposes as well as respective legal bases, we process your personal data as follows.
|
Data type |
Purposes |
Legal Basis |
Retention period |
Source |
|
Authorization Data |
We process your Authorization Data so that to enable you to access the tool and manage your user account. |
The performance of a contract, namely our Terms of Service. |
Until a user’s account is deleted. |
Directly from you. |
|
Account Data |
We process your Account Data so that to enable you to use all the functionality of our application. |
The performance of a contract, namely our Terms of Service. |
6 years after a user account is deleted. |
Directly from you. |
|
Payment Data |
We process your payment data so that to process payments in accordance with our Terms of Service. |
The performance of a contract, namely our Terms of Service. |
Up to 10 calendar years. |
Directly from you and/or from relevant payment provider. |
|
Log Data |
We process your log data so that to monitor and control compliance with our Terms of Service, ensure cybersecurity, and provide technical support. |
Our legitimate interest in improving our products and services. |
6 months. |
Directly from you. |
|
Customer Support Data |
We process your Customer Support Data so that to provide you with customer support and respond to your requests and enquiries. |
Our legitimate interest in answering your customer support requests and enquiries. |
5 calendar years. |
Directly from you. |
|
Marketing Data |
We process your marketing data so that to carry out our marketing activities and inform you about everything related to our products, services, and updates. |
Your consent. |
Until a user’s consent is withdrawn. |
Directly from you. |
|
Analytics Data |
We process your Analytics Data so that to analyze usage of our products and services and improve their functionality, performance, and user experience. |
Your consent. |
As per our Cookie Policy. |
Directly from you and/or from our analytics partners. |
We also might process your personal data to comply with applicable legal, regulatory, or contractual obligations, including responding to lawful requests and enforcing our Terms of Service.
Subject to data anonymisation, your personal data may be used by Leniwka for any other purposes. This allows us to both strictly respect the data protection rights of our users, and not to lose the value of the user experience that they have shared within the Services.
We may use automated processing, including profiling, to analyze user activity and interactions with our products. Such processing may be used to improve the functionality of the Services, enhance user experience, optimize the presentation of content, and facilitate matching between users and service providers.
Profiling may be based on factors such as activity history, interactions with our products, ratings, feedback, and other usage-related information.
The automated processing described above does not result in decisions that produce legal effects concerning users or similarly significantly affect them within the meaning of application data protection regulations. Decisions that may materially affect users are not based solely on automated processing. Where relevant, decisions affecting the operation of user accounts or access to certain features may involve human review or oversight.
Your personal data will be stored on the servers of our counterparties that we are using for operating our Services.
Employees of Leniwka shall also take all necessary organisational, legal and technical measures available to us for protection of your personal data. Users of the Services shall also be responsible to the maximum possible extent for the provision of accurate account details, keeping passwords and any other information required for authorisation confidential and its protection from unauthorised access by third parties.
Any personal data collected and processed hereunder shall be properly protected unless:
(1) you consent to their disclosure;
(2) such personal data are anonymised;
(3) such personal data are subject to disclosure under the applicable law.
We will do our best to keep your personal data protected. However, despite any possible measures taken on our part, we cannot guarantee full protection of the Services against information security risks.
A number of third parties may have access to your personal data - processors, services of which we use in order to constantly improve our Services, as well as provide you with the opportunity to use all its functionality.
The following entities might be having access to the personal data you provide us with:
(1) Elastic N.V. (the Netherlands) – to enable log data analytics;
(2) Intercom, Inc. (USA) – to support customer support procedures;
(3) Stream.io, Inc. (USA) – to enable API Stream that is supporting the functionality of our products;
(4) Stripe, Inc. (USA) – to support payments in our products;
(5) Atman sp. z o.o. (Poland) – to host our application.
To ensure the provision of our services, your personal data may also be transferred to a legal entity created after reorganisation of Leniwka should it be necessary.
Please note that disclosure of your personal data may be required in accordance with the law and judicial procedures or at the request of public bodies of the country of your stay or other countries.
Your personal data will be disclosed if it is necessary for the purposes of national security, law enforcement, protection of the rights and legitimate interests of Leniwka and third parties or for other substantial public interest purposes.
To the extent to which it is not prohibited by the applicable law, we do not authorise the use of our Services by individuals who have not reached the age of full legal capacity in accordance with the legislation of the country of their citizenship. We do not collect and process (at least knowingly) their personal data without the consent of their legal representatives.
The following provisions apply specifically to individuals residing in the United States, in accordance with applicable federal and state privacy laws. These provisions describe our practices related to the collection, use, disclosure, and potential sale of personal information, with a particular focus on the rights of California residents under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).
Under the CCPA and CPRA, “sell” and “sale” refer to the transfer, disclosure, or making available of a consumer’s personal information to a third party for valuable consideration. This does not necessarily involve a direct monetary exchange but may include other forms of benefit.
We do not sell personal information in the traditional sense. However, we may allow Service Providers to process personal information for business purposes such as advertising, marketing, and analytics, which may be considered a “sale” under CCPA/CPRA.
In the past twelve (12) months, we may have sold the following categories of personal information:
● Identifiers
● Personal information categories listed under the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
● Commercial information
● Internet or other similar network activity
The categories listed above align with CCPA/CPRA definitions. This does not mean that all types of personal information within these categories were sold, but rather that some data within these categories may have been shared in exchange for value.
Your rights regarding the collection and use of your personal information are governed by the privacy laws applicable to your place of residence, including the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and similar state laws such as those in Virginia, Colorado, Connecticut, and others.
Depending on your state of residence, you may have the following rights:
● Right to Know: You may request information about the categories and specific pieces of personal information we collect, use, disclose, and share.
● Right to Delete: You may request that we delete personal information we have collected from you, subject to certain exceptions.
● Right to Correct: You may request that we correct inaccuracies in your personal information.
● Right to Opt-Out of Sale or Sharing: You may opt out of the sale or sharing of your personal information, if applicable.
● Right to Limit Use of Sensitive Personal Information: In certain states, you may request to limit our use or disclosure of sensitive personal information.
● Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your privacy rights.
The following provisions apply specifically to individuals residing in the European Economic Area (EEA) and are intended to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. These provisions describe your rights regarding the collection, processing, and use of your personal information, as well as the choices available to you for managing your privacy.
Depending on your place of residence, you may have the following rights:
● Right of Access: You may request confirmation as to whether we process your personal data and, if so, obtain a copy of that data along with information about how it is used.
● Right to Rectification: You may request that we correct inaccuracies or complete incomplete personal data concerning you.
● Right to Erasure (“Right to be Forgotten”): You may request that we delete your personal data, subject to certain legal exceptions.
● Right to Restrict Processing: You may request that we limit the processing of your personal data under certain circumstances.
● Right to Data Portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller where technically feasible.
● Right to Object: You may object to the processing of your personal data on grounds relating to your particular situation, including the right to object to processing for direct marketing purposes.
● Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable data protection laws.
To exercise any of your rights under applicable laws or if you have any questions related to your personal information, please contact us at hello@leniwka.com.
Please note that Leniwka may need to verify your identity before fulfilling your request. If we are unable to fulfill your request, we will explain the reasons why. If we deny your request, you may appeal our decision by contacting us at the same email and stating “Privacy Request Appeal” in the subject line.
We will typically respond to your request within 30 calendar days from the date we receive it. If we need more time (up to an additional 60 days), we will inform you of the reason and extension period in writing.
This Statement may be amended and (or) modified at any time of the Services operation. In this case, a notice with information about the changes accompanied by the new version of the Statement and date of its adoption will be published in the Services. The User of the Services must read and acknowledge the new version hereof.
The Statement is an agreement between us and the User about the use of the Services. Any other pre-existing written or oral agreements or arrangements with respect to such use are hereby canceled.
If any provision hereof is invalid or unenforceable, other provisions shall remain valid and enforceable to the fullest extent permitted by applicable law.
Failure to enforce your strict compliance herewith cannot be construed as our waiver of any provision hereof or any right hereunder.