Blink-Cart Privacy Policy

Last updated: June 16, 2025

This Privacy Policy describes how Blink-Cart (PROPAGE, Księcia Bogusława 26/6, 70-242, Szczecin, Poland, VAT ID: 955-207-36-97), hereinafter "we", processes personal data.

§1 Data Controller

The controller of your personal data is PROPAGE, Księcia Bogusława 26/6, 70-242, Szczecin, Poland.

Contact: rodo@blink-cart.com

§2 What data do we process, for what purposes and on what legal basis?

1. Our Clients (Users of Blink-Cart Services):

  • Data: Company data, contact details of representatives (name, surname, e-mail, phone), address, VAT invoice data.
  • Purposes and legal bases:
    • Performance of service agreement (Art. 6(1)(b) GDPR).
    • Legal obligations, e.g. invoicing, accounting (Art. 6(1)(c) GDPR).
    • Communication, own marketing, defense of claims (Art. 6(1)(f) GDPR – our legitimate interest).

2. End Users of our Clients' stores (analytics data):

We act as a Data Processor on behalf of our Client, who is the Data Controller of their End Users' data and bears full responsibility for the lawfulness of their processing.

We collect analytics data ONLY:

  • At the explicit request and instruction of the Client
  • After the Client enables analytics functionality in our Services
  • After the Client obtains consent from the End User through the cookies banner, which we integrate with
  • Data: Analytics data about behavior in the Client's store (e.g. viewed products, queries, interactions, cookies data, pseudonymized IP).
  • Purposes and legal bases:
    • Providing analytics Services at the Client's request (Art. 6(1)(f) GDPR – pursuing the legitimate interest of the Client as Controller).
    • Improving Services based on anonymized/aggregated data (Art. 6(1)(f) GDPR – our legitimate interest).

Control mechanism: The Client can disable analytics data collection at any time by notifying us via email (rodo@blink-cart.com), and we immediately stop collecting it. When an End User withdraws consent through the Client's cookie banner, our system automatically stops data collection for that user in real-time.

3. Traffic data on our website and in Services (system logs):

  • Data: IP addresses, session data, system logs.
  • Purposes and legal bases: Ensuring system operation and security, basic technical analytics (Art. 6(1)(f) GDPR – our legitimate interest).

§3 Cookies and Tracking Technologies

On our website: We may use cookies in accordance with our Cookie Policy or information in the consent banner.

In Services for Clients (in their stores): Collection of analytics data from cookies occurs only after the Client obtains consent from the End User through the Client's cookies banner, which we integrate with. The Client is fully responsible for the consent mechanism in their store and for informing users about data processing.

§4 Who do we share data with?

We may share data with:

  • Service providers acting on our behalf (IT, hosting, payments, accounting, legal support)
  • State authorities (only based on legal request)
  • In case of End Users' data – with our Clients (as Controllers of such data)

§5 Data transfers outside the European Economic Area (EEA)

We currently do not transfer personal data outside the EEA. If this becomes necessary in the future for technical reasons, we will apply appropriate legal safeguards (e.g. standard contractual clauses approved by the European Commission) and inform about this in the updated privacy policy.

§6 How long do we retain data?

  • Client data: For the duration of the agreement and for the limitation period for claims and fulfillment of legal obligations (particularly tax and accounting obligations).
  • End Users' data: In accordance with the Client's instructions (as Controller) or until completion of the specific analytics service, then we may process them in anonymized form for the purpose of improving Services.
  • System logs: For the period necessary to ensure security and proper system operation (usually no longer than 12 months).

§7 Your rights

As a person whose data we process, you have the right to:

  • Access to data – you can obtain information about what data we process
  • Rectification of data – you can request correction of incorrect data
  • Erasure of data ("right to be forgotten") – in certain cases
  • Restriction of processing – you can request suspension of certain operations on data
  • Data portability – you can receive your data in a structured format
  • Object to processing – especially for marketing purposes
  • Withdraw consent – if processing is based on consent
  • Lodge a complaint with the supervisory authority (in Poland: PUODO)

Note for End Users of stores: If you are a user of our Client's store, regarding your personal data matters, please contact primarily the store owner (Controller of your data). For matters concerning data processed by us on their behalf, you can also contact us.

To exercise your rights, please contact us using the contact details specified in §1.

§8 Data security

We apply appropriate technical and organizational measures to ensure the security of processed personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage. These measures include encryption, access control, regular backups and security monitoring.

§9 Changes to the Privacy Policy

We may make changes to this Privacy Policy. The current version will always be available on our website with the date of last update. We may additionally inform about significant changes affecting the way data is processed via email or other available communication channels.

§10 Contact

PROPAGE
Księcia Bogusława 26/6
70-242 Szczecin, Poland
VAT ID: 955-207-36-97

E-mail: rodo@blink-cart.com

For data protection matters, please contact us at the above email address with "GDPR" in the subject line.

Blink-Cart Privacy Policy - version dated June 16, 2025