Privacy Policy

1. Data Controller

The data controller of your personal data is Elżbieta Olekszy, conducting unregistered business activity under the name AS PLANNED, correspondence address: ul. Lubczykowa 53a, 62-064 Plewiska, Poland. You can contact the controller at: help@as-planned.org.

2. What Data We Collect

When using our platform, we may collect the following personal data:

• Registration data: name, email address, password (stored in encrypted form)
• Transaction data: travel plan purchase history, payment information (processed by Stripe)
• Technical data: IP address, browser type, device information, cookie data
• Usage data: how you use the platform, preferences, browsing history

3. Purpose of Data Processing

We process your personal data for the following purposes:

• Creating and managing user accounts
• Fulfilling purchased travel plans
• Processing payments and sending confirmations
• Communicating with users (technical support, notifications)
• Improving services and platform development
• Ensuring platform security
• Fulfilling legal obligations

4. Legal Basis for Processing

We process your data based on:

• Art. 6(1)(b) GDPR - performance of contract (service provision)
• Art. 6(1)(a) GDPR - consent (e.g., for marketing)
• Art. 6(1)(c) GDPR - legal obligation
• Art. 6(1)(f) GDPR - legitimate interest (security, service improvement)

5. Data Sharing

Your data may be shared with the following entities:

• Supabase - database hosting (data processor)
• Stripe - payment processing
• IT service providers - hosting, technical support
• Public authorities - when legally required

We do not sell or share your personal data with third parties for marketing purposes.

6. Data Retention Period

We retain your personal data for:

• Account data - until account deletion or consent withdrawal
• Transaction data - for the period required by law (min. 5 years)
• Marketing data - until consent withdrawal
• Technical logs - up to 12 months

7. Your Rights

Under GDPR, you have the following rights:

• Right of access - you can obtain information about processed data
• Right to rectification - you can correct inaccurate data
• Right to erasure - you can request data deletion ("right to be forgotten")
• Right to restriction of processing - you can limit how data is processed
• Right to data portability - you can receive data in a transferable format
• Right to object - you can object to data processing
• Right to withdraw consent - at any time
• Right to lodge a complaint - with the supervisory authority

8. Cookies

8.1. What are cookies?

Cookies are small text files stored on your device while browsing our website. They enable the recognition of your device and remembering selected preferences.

8.2. What cookies do we use?

Our website uses the following categories of cookies:

• Essential cookies - required for basic website operation (user authentication, session management, remembering cookie consent)
• Analytics cookies - Google Analytics for site traffic analysis and platform usage patterns (require your consent)
• Functional cookies - remember user preferences (interface language, site theme)
• Third-party cookies - Stripe (payments) and Supabase (backend)

8.3. Managing cookies

On your first visit, a cookie information banner is displayed where you can:

• Accept all cookies (including analytics)
• Decline analytics cookies (essential cookies remain active)

You can also manage cookies through your browser settings or install the Google Analytics Opt-out browser add-on available from Google.

8.4. Detailed Cookie Policy

Detailed information about the cookies we use, their retention period, and management options can be found in our Cookie Policy.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, destruction, or modification. All passwords are stored in encrypted form, and connections are secured with SSL/TLS protocol.

10. Privacy Policy Changes

We reserve the right to make changes to this privacy policy. We will inform users about any significant changes via email or platform notification.

11. Contact

For matters regarding personal data protection, you can contact us through the contact form available on the website or the Help & FAQ section.