Privacy policy

Introduction

This Privacy Policy is addressed to the Users of the website www.tidyfy.pl
The Policy describes the principles and methods of collecting and using Users’ data, as well as their security and the regulations related to transferring Users’ data to other entities.
Data are collected directly from Users or through cookies and similar technologies.
We make every effort to ensure the protection of our Users’ privacy and to provide safe and transparent use of our services.

§ 1 Definitions

  1. Administrator 
  2. Personal Data – information about an identified or identifiable natural person, directly or indirectly, by one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural, or social identity of that person, including the IP address of the device, online identifiers, and information collected through cookies or other similar technologies.
  3. Data Protection Officer (DPO) – the person designated by the Administrator responsible for overseeing data protection compliance.
  4. Payment Operator – PayPro SA with its registered office in Poznań, at ul. Pastelowa 8 (60-198), entered into the Register of Entrepreneurs of the National Court Register kept by the District Court Poznań Nowe Miasto and Wilda, 8th Commercial Division of the National Court Register under KRS number 0000347935, NIP: 7792369887, with a share capital of PLN 5,476,300.00, fully paid, and entered into the register of national payment institutions kept by the Polish Financial Supervision Authority under number UKNF IP24/2014.
  5. Platform – means the website located at www.tidyfy.pl
    , which enables Users, under the terms defined in the Terms of Service, to order apartment cleaning services.
  6. Privacy Policy – this Privacy Policy.
  7. Profiling – the process of analyzing Users’ Personal Data involving the creation of digital profiles that help the Administrator understand their preferences, behavior, and needs.
  8. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
  9. Platform – the online service operated by the Administrator, available at the domain www.tidyfy.pl
  10. Services – cleaning and additional services provided by Tidyfy or its Partners.
  11. User – a natural person, legal person, or organizational unit without legal personality but having legal capacity under applicable law, who uses the Platform.
  12. Tidyfy – refers to the Administrator.

§ 2 General Provisions

  1. In connection with the User’s use of the Platform, the Administrator collects data to the extent necessary to provide services and to protect the Administrator’s legitimate interests. These data are processed in accordance with this Privacy Policy.
  2. According to the provisions of the GDPR, legal entities (including organizational units without legal personality that are granted legal capacity by law) are not subject to these regulations.
  3. The provision of Personal Data is voluntary but necessary for the proper use of certain functionalities of the Platform.
  4. Users who provide data to the Administrator, including personal data of third parties, are also bound by applicable data protection regulations.
  5. For matters related to the processing of your data by the Administrator, you may contact us using the address details provided above or the Data Protection Officer designated by the Administrator via e-mail: info@tidyfy.pl

§ 3 Scope and Categories of Processed Personal Data

  1. The Administrator processes the following categories of Users’ personal data, depending on the scope of services used on the Platform:
    a. Identification data – such as name, surname, company name (if applicable), and NIP (tax identification number);
    b. Contact details – including e-mail address, telephone number, and correspondence address;
    c. Address data – such as the address of the location where the service is to be provided;
    d. Payment information – including data necessary for payment processing, provided to the Payment Operator;
    e. Technical data – including IP address, type of device, browser type, operating system, and other information related to the User’s interaction with the Platform;
    f. Cookies and similar technologies – used for the purpose of website optimization, analytics, and marketing (as described in § 9 of this Policy);
    g. Data contained in correspondence – information voluntarily provided by the User in messages sent to the Administrator;
    h. Other data – which may be necessary for the proper performance of the service or for the fulfillment of the Administrator’s legal obligations.
  2. The Administrator does not process special categories of personal data (sensitive data) within the meaning of Article 9 of the GDPR, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sexual life or orientation.
  3. The data are processed only to the extent necessary for the purposes specified in this Policy, in particular for:
    a. providing and improving services available on the Platform,
    b. handling orders and payments,
    c. ensuring the security and proper functioning of the Platform,
    d. complying with legal obligations,
    e. pursuing or defending against legal claims,
    f. analytical, statistical, and marketing purposes (with the User’s consent, where required).

§ 4 Sources of Collected Personal Data

  1. The Administrator obtains Users’ personal data directly from them, in particular when:
    a. the User registers an account or places an order through the Platform;
    b. the User contacts the Administrator via contact form, e-mail, or telephone;
    c. the User subscribes to the newsletter;
    d. the User consents to the use of cookies and similar technologies.
  2. Additionally, the Administrator may collect certain information automatically when Users visit or use the Platform, including:
    a. IP address, device ID, browser type, operating system, date and time of access;
    b. data concerning User activity on the Platform (e.g., visited pages, clicks, navigation paths).
  3. In some cases, the Administrator may receive Users’ personal data from third parties cooperating with the Administrator (e.g., payment operators, advertising partners, or service providers), provided that such entities have an appropriate legal basis to share those data.
  4. In each case, the Administrator ensures that the processing of data obtained from external sources complies with applicable law and is limited to what is necessary for the purposes specified in this Policy.

§ 5 Purposes and Legal Bases for the Processing of Personal Data

  1. The Administrator processes Users’ Personal Data for the following purposes and on the indicated legal bases:
  2. a. Conclusion and performance of the contract for the provision of services via the Platform – pursuant to Article 6(1)(b) GDPR;
  3. b. Fulfillment of legal obligations imposed on the Administrator, resulting from accounting, tax, and consumer protection laws – pursuant to Article 6(1)(c) GDPR;
  4. c. Establishing, pursuing, or defending against legal claims that may arise in connection with the use of the Platform or the provision of services – pursuant to Article 6(1)(f) GDPR, as the Administrator’s legitimate interest;
  5. d. Direct marketing of the Administrator’s own services or those of its partners, including through profiling, provided that the User has given prior consent where required – pursuant to Article 6(1)(a) GDPR (consent) or Article 6(1)(f) GDPR (legitimate interest);
  6. e. Analyzing and improving the functionality and security of the Platform, as well as internal administrative purposes, such as service optimization and development of new functionalities – pursuant to Article 6(1)(f) GDPR;
  7. f. Sending newsletters or commercial information to Users who have expressed consent to receive such messages – pursuant to Article 6(1)(a) GDPR;
  8. g. Verification of payment transactions and prevention of fraud or abuse related to the use of the Platform – pursuant to Article 6(1)(f) GDPR;
  9. h. Statistical and analytical purposes, which help the Administrator understand how Users use the Platform and improve the quality of its services – pursuant to Article 6(1)(f) GDPR.
  10. If data processing is based on consent, the User has the right to withdraw consent at any time, without affecting the lawfulness of processing carried out prior to its withdrawal.
  11. The Administrator does not make decisions based solely on automated processing (including profiling) that could produce legal effects concerning the User or similarly significantly affect them.

§ 6 Recipients of Personal Data

  1. In order to properly perform services, comply with legal obligations, and ensure the functionality of the Platform, the Administrator may disclose Users’ Personal Data to the following categories of recipients:
    a. Service providers – entities cooperating with the Administrator in the provision of cleaning and additional services ordered through the Platform;
    b. Payment operators, including PayPro S.A., for the purpose of processing payments for services;
    c. IT service providers – entities providing hosting, maintenance, software, and other IT-related services ensuring the functioning of the Platform;
    d. Legal, accounting, and auditing firms providing services to the Administrator in connection with the performance of their legal obligations;
    e. Marketing and analytics partners – entities assisting in promoting the Platform and analyzing traffic and activity on the website (e.g., Google Ireland Limited for Google Analytics, Meta Platforms Ireland Limited for Meta Ads, etc.);
    f. Public authorities and other institutions authorized to receive data under applicable law (e.g., courts, tax authorities, law enforcement agencies).
  2. The Administrator ensures that every entity entrusted with data processing has entered into a data processing agreement in accordance with Article 28 GDPR, guaranteeing an adequate level of data protection.
  3. The Administrator does not transfer Users’ Personal Data outside the European Economic Area (EEA), unless:
    a. such transfer is necessary for the performance of a contract concluded with the User or another entity acting on the User’s behalf;
    b. the transfer is made to a country that ensures an adequate level of data protection as determined by a decision of the European Commission; or
    c. appropriate safeguards are applied, in particular standard contractual clauses approved by the European Commission.
  4. In each case, the Administrator ensures that the transfer of data outside the EEA takes place in accordance with applicable legal provisions and that Users are duly informed thereof.

§ 7 Period of Personal Data Retention

  1. Users’ Personal Data will be stored for no longer than is necessary to achieve the purposes for which they were collected. The specific retention periods are as follows:
    a. Data processed for the purpose of performing a contract – for the duration of the contract and thereafter until the expiry of limitation periods for potential legal claims;
    b. Data processed to fulfill legal obligations (e.g., accounting or tax regulations) – for the period required by applicable law, typically 5 years from the end of the fiscal year in which the transaction occurred;
    c. Data processed on the basis of consent – until the consent is withdrawn or the purpose for processing ceases to exist;
    d. Data processed for marketing, analytical, or statistical purposes – until an objection is raised or consent is withdrawn;
    e. Data processed for the purpose of establishing, pursuing, or defending against legal claims – until the relevant limitation periods expire.
  2. After the expiry of the relevant retention periods, Users’ Personal Data will be securely deleted or anonymized in a way that prevents identification of the User.

§ 8 Users’ Rights Regarding Personal Data Protection

  1. Users have the following rights in connection with the processing of their Personal Data by the Administrator:
    a. Right of access to their Personal Data (Article 15 GDPR) – to obtain confirmation as to whether their data are being processed and to receive a copy of the data;
    b. Right to rectification of data (Article 16 GDPR) – to correct inaccurate or incomplete information;
    c. Right to erasure (“right to be forgotten”) (Article 17 GDPR) – to request the deletion of data where there are no longer grounds for their processing;
    d. Right to restriction of processing (Article 18 GDPR) – to request that the Administrator limit data processing in certain situations;
    e. Right to data portability (Article 20 GDPR) – to receive the data provided to the Administrator in a structured, commonly used, and machine-readable format and to transfer those data to another controller;
    f. Right to object (Article 21 GDPR) – to object to processing based on the Administrator’s legitimate interests, including direct marketing;
    g. Right to withdraw consent – where processing is based on consent, at any time, without affecting the lawfulness of processing carried out prior to its withdrawal;
    h. Right to lodge a complaint with a supervisory authority, in particular the President of the Personal Data Protection Office (UODO) in Poland, if the User believes that the processing of their data violates applicable data protection laws.
  2. In order to exercise the above rights, the User may contact the Administrator directly using the contact details provided in this Policy or by sending an e-mail to: info@tidyfy.pl
  3. The Administrator will respond to any request related to Users’ rights within one month of its receipt, unless the nature or complexity of the request requires an extension of that period, in which case the User will be informed accordingly.

§ 9 Cookies and Similar Technologies

  1. The Administrator and cookie providers within the Platform collect and process information about Users through cookies (Administrator – first-party cookies; cookie providers – third-party cookies) and similar technologies.
    Cookies are small text files that the Platform or third-party cookie providers send to the User’s browser and which are returned by the browser during subsequent visits to the Platform or third-party websites. These tools are used, among others, to:
    • remember User decisions (e.g., graphic settings, acceptance of policies),
    • maintain User sessions (e.g., after login),
    • remember passwords (upon consent),
    • collect information about the User’s device and visit for security purposes,
    • perform analytics, and
    • tailor content to User preferences.
  2. The Platform uses the following cookies and similar technologies provided by third parties:
  3. a. Google Analytics
    Services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).
    These tools are used to generate analytical data and statistics to improve Platform performance. The Administrator has enabled IP anonymization, which means that no personal data are transferred to the United States.
    More information: https://support.google.com/analytics/answer/6004245
  4. b. Google Ads
    Also provided by Google Ireland Limited, Google Ads is used to attract interest in the Administrator’s content and offers through advertisements on other websites. Data from advertising campaigns are analyzed for optimization purposes.
    The Administrator also uses Google’s remarketing function, allowing interest-based ads to appear across the Google advertising network.
    More information: https://ads.google.com/intl/pl_pl/home/faq/gdpr/
  5. c. Facebook Pixel
    A marketing tool provided by Facebook Ireland Ltd. (Dublin, Ireland), used to target ads to Users on Facebook and Instagram based on consent for advertising cookies.
    Facebook may combine these data with other information gathered during the User’s activity on Facebook for its own marketing purposes.
    More information: https://www.facebook.com/privacy/explanation
  6. d. Przelewy24
    The Platform uses services provided by PayPro SA (Przelewy24), based in Poznań, to enable secure and fast online payments. Personal Data are processed to handle electronic transactions.
    More information: https://www.przelewy24.pl
  7. Consent for cookies is voluntary. Users may:
    • consent to all cookies,
    • consent only to essential cookies, or
    • refuse cookies entirely.
      Users can change their cookie preferences on the Platform at any time or delete cookies from their device manually.
  8. Information obtained through cookies and similar technologies is not combined with other User data and is not used to identify individual Users.
  9. Using the Platform without changing cookie settings (i.e., with default acceptance) means consent to the use of cookies for the purposes described in this Privacy Policy.
  10. Disabling or limiting essential cookies may result in difficulties or prevent the use of certain functionalities on the Platform.

§ 10 Final Provisions

  1. The Administrator conducts ongoing risk assessments to ensure that Personal Data are processed securely — granting access only to authorized persons and only to the extent necessary for their duties.
  2. Although the Administrator applies technical and organizational measures to protect Personal Data, Users are reminded that no method of electronic transmission or storage is completely secure, and therefore absolute data protection cannot be guaranteed.
  3. This Privacy Policy is regularly reviewed and updated in connection with the development of the Tidyfy Platform or changes in applicable law. Users are encouraged to periodically review this Policy to stay informed of any updates.
  4. The current version of this Privacy Policy was adopted and is effective as of June 1, 2025.


Contact us

  • Maciej Lizak Tidify 
    NIP 731 20 92 300,
    Poznań 61-763 ul. Wroniecka 5 

  • +48 693 994 510
  • info@tidyfy.pl