This Policy is of an informational nature and is intended to fulfill our information obligations under the GDPR, i.e. Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
This Privacy Policy is linked to the Terms and Conditions of the Tribes Online Application. All capitalized terms used in the Privacy Policy have the meaning assigned to them in those Terms and Conditions, unless the Privacy Policy expressly provides otherwise.
The Privacy Policy covers processing activities carried out both through our website (www.online-tribes.com) as well as the Tribes Online Application.
PERSONAL DATA CONTROLLER
- The controller of your personal data processed within the Website and the Application is us, that is Online Tribes sp. z o.o. […] (hereinafter referred to as “we,” “us”).
- You can contact us at the address indicated above. However, we recommend contacting us by email at: marianna@online-tribes.com. We have not appointed a Data Protection Officer, but each report received will be reviewed by persons with practical knowledge in the field of personal data protection and processing.
METHOD OF DATA PROCESSING
The scope, purposes, and legal bases of personal data processing are presented in the table below.
| Purpose of Processing | Categories of Data | Legal Basis | Data Retention Period |
|---|---|---|---|
| Providing Access to Online Tribes | IP address, Google Play identifier, App Store identifier | Art. 6(1)(f) GDPR – our legitimate interest consisting in enabling you to install our Application | For the period of installation of the Application on your device |
| Enabling the creation of an Account in the Application | email address, username, Apple ID, Google ID, gender, city, age | Art. 6(1)(b) GDPR – processing is necessary for the performance of the Agreement or to take steps at the request of the data subject prior to entering into the Agreement | Until the expiration of the limitation period for claims related to access to the Application and the User’s activities within the Application, counted from the moment of the User’s last visit in the Application. If there is no justified suspicion of the need to process data for the purpose of defending against claims or pursuing claims, the data will be deleted under the rules set out in the Terms of Use, after the Account is deleted by the User. |
| Managing the Account, enabling the use of Online Tribes through the Account | username, gender, city, age, email address, identifiers provided during Account registration in the Application | Art. 6(1)(b) GDPR | Until the expiration of the limitation period for claims related to the use of Online Tribes functionalities, counted from the User’s last visit in the Application. After deleting the Account, personal data is stored for an additional 90 days due to backup creation and overwriting rules. |
| Enabling Users to upload Materials | username, any personal data contained in published materials | Art. 6(1)(b) GDPR | Until the expiration of the limitation period for claims related to materials uploaded to the Application by the User. If there is no justified suspicion of the need to process data for the purpose of defending against claims or pursuing claims, the data will be deleted after the Materials or the Account are deleted by the User. |
| Providing access to paid Services within the Application | username, first name and last name, address, User ID, confirmation of completed payment | Art. 6(1)(b) GDPR | Until the expiration of the limitation period for claims related to the provision of paid Services. If there is no justified suspicion of the need to process data for the purpose of defending against claims or pursuing claims, the data will be deleted after the User ceases to use paid Services. |
| Settlements with Tribe Leaders | username, first name and last name, address, other data necessary to make payments to the Tribe Leader | Art. 6(1)(b) GDPR | Until the expiration of the limitation period for claims related to the given settlement. If there is no justified suspicion of the need to process data, the data will be deleted after the cooperation with the Tribe Leader ends. |
| Issuing accounting documents, documenting settlements with Users and Tribe Leaders | first name and last name, payment data, address | Art. 6(1)(c) GDPR | Until the expiry of the period for keeping accounting documentation (5 years from the end of the year in which the accounting document was issued) |
| Analyzing traffic within the Application, studying the actions of all Users | IP address, Google Play identifier, App Store identifier | Art. 6(1)(f) GDPR | Until the data becomes no longer useful or until objection is expressed |
| Conducting correspondence via electronic messages | email address, first name, last name, other data voluntarily provided by the data subject | Art. 6(1)(f) GDPR | Until the correspondence ends or until objection is expressed by the data subject |
| Providing access to the Website | IP address | Art. 6(1)(b) GDPR | Until the expiration of the limitation period for claims related to access to the Website. If there is no justified suspicion of the need to process data, the data will be deleted within 24 hours, unless another period results from solutions used by the hosting provider. |
| Providing access to and use of the contact form | first name, last name, email, phone number, other data voluntarily provided by the person | Art. 6(1)(f) GDPR | Until the correspondence ends or until objection is expressed by the person |
| Conducting telephone conversations after obtaining a number through the contact form | first name, last name, email address, phone number, other data voluntarily provided by the person | Art. 6(1)(f) GDPR | Until the telephone conversations end or until objection is expressed by the person |
| Marketing activities, including sending a newsletter | email address | Art. 6(1)(f) GDPR or Art. 6(1)(a) GDPR | Until the data becomes no longer useful or until objection is expressed by the data subject or consent is withdrawn |
| Analyzing traffic on the Website | IP address, identifiers you have consented to | Art. 6(1)(f) GDPR | Until the data becomes no longer useful or until objection is expressed by the data subject |
| Displaying personalized marketing messages | IP address, Account identifier, materials published within the Account | Art. 6(1)(f) GDPR | Until the data becomes no longer useful or until objection is expressed by the person |
| User identity verification, tracking bot activity | IP address, device identifier, device model, operating system version | Art. 6(1)(f) GDPR | Until the data becomes no longer useful (immediately after determining that actions are not taken by a bot) |
| Protection against claims, pursuing claims | email address, first name, last name, other data voluntarily provided by the person | Art. 6(1)(f) GDPR | Until the expiration of the limitation period for claims related to access to the Website or Application and User activities; if there is no justified suspicion of the need to process data, the data will not be processed for this purpose. |
FURTHER PRINCIPLES
- We will not transfer your personal data to third countries (outside the European Economic Area).
- If a data transfer outside the EEA should occur, we will inform you of this, and the transfer will take place: i) to countries with a European Commission adequacy decision; or ii) based on standard contractual clauses.
- You may be subject to profiling, in particular based on the number of sessions, your activities within Online Tribes, and your interactions with other Accounts, for the purpose of taking business and marketing actions. You will not be subject to automated decision-making.
- You can object to profiling at marianna@online-tribes.com.
- Providing personal data is voluntary, but failure to provide it may prevent you from using certain functionalities (e.g., Account registration).
- You can withdraw your consent to data processing at any time by contacting: marianna@online-tribes.com.
DATA RECIPIENTS
- We may entrust the processing of personal data to third parties in order to perform certain activities (e.g., hosting, technical support, mailing, law firms, CRM).
- Data may be disclosed to relevant public authorities under the law or to other persons/entities – in cases provided for by law.
- Each entity processing data on our behalf guarantees an adequate level of security and confidentiality and may act through other entities only with our prior consent.
- Personal data may be shared with unauthorized entities only with the consent of the data subject.
DATA SUBJECT RIGHTS
- You have the following rights:
- The right to request deletion of your personal data
- The right to restrict processing
- The right to data portability (to receive it in a structured form)
- The right to request access to and rectification of your data
- The right to object to processing
- The right to withdraw consent to processing at any time
- The right to lodge a complaint with the President of the Personal Data Protection Office
OTHER DATA
- We may store http requests, therefore the server log files may record, among others: IP address, user’s station name, date and time, number of bytes sent, URL address of the previously visited page, browser information, error information.
- Logs are stored for website administration and may be statistically analyzed, but they do not allow the identification of a natural person.
SECURITY
- We use technical and organizational measures appropriate to the risks and categories of data under protection (including SSL certificates, secured servers, information security policies, pseudonymization, data minimization).
- Using the Internet may involve risks, therefore we recommend using antivirus and privacy protection software.
COOKIES
- We use Cookies for the proper functioning of the website.
- Cookies are information saved on the user’s device – they may include: service address, date of placement, expiration date, unique number, etc.
- We distinguish between Cookies: (a) session (deleted after closing the browser), (b) persistent (remain until deleted).
- Cookies do not allow user identification.
- We use only secure Cookies.
- Cookies from our site cannot be read by other services. External Cookies may be read by the external server.
- The use of Cookies takes place in accordance with the consent given on the first visit or its change.
- We use Cookies for statistical, marketing, preference purposes – only after obtaining your consent. You can change the scope of consent at any time.
- Detailed information about the Cookies used can be found in a separate table on the website.
FINAL PROVISIONS
The Privacy Policy enters into force on 15.06.2025.
