GDPR Information Clause
Last updated: February 27, 2026
Last updated: February 27, 2026
Introduction
This document fulfills the information obligation under Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR").
The purpose of this GDPR Information Clause is to inform you, as Users of the Kladivio platform, in detail about all aspects of the processing of your personal data. We aim to ensure full transparency of our actions and to guarantee that your data is processed in a secure, lawful manner and with respect for your rights.
§ 1. Identity and Contact Details of the Data Controller
The data controller of your personal data, i.e., the entity determining the purposes and means of processing, is:
Hoang Duc Vu, conducting business under the name PROTOSOFT Hoang Duc Vu
- Registered office: Poland
- NIP (Tax ID): 5252341878
- REGON: 382872920
(hereinafter referred to as the "Controller" or "Operator").
For all matters regarding the processing of personal data and the exercise of rights related to such processing, you may contact us at: dev@kladivio.pl. Please include "GDPR" or "Data Protection" in the subject line for faster and more efficient handling of your inquiry.
§ 2. Purpose and Legal Basis for Processing
Your personal data is processed for the following purposes and on the following legal bases:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provision of Kladivio Platform Services (account, Allegro integration, AI Auto-Responder, subscription) | Art. 6(1)(b) – Performance of contract |
| Payment handling and accounting (invoicing, transaction records, tax obligations) | Art. 6(1)(c) – Legal obligation |
| Direct marketing of our own services | Art. 6(1)(f) – Legitimate interest |
| Analytics and statistics | Art. 6(1)(f) or (a) – Legitimate interest or consent |
| Platform security (logs, incident detection, attack prevention) | Art. 6(1)(f) – Legitimate interest |
| Establishing, pursuing, or defending claims | Art. 6(1)(f) – Legitimate interest |
| Handling inquiries and communication | Art. 6(1)(f) – Legitimate interest |
§ 3. Categories of Personal Data
We process the following categories of data:
- Identification and contact data: Email address, first and last name (or company name), Allegro login
- Authentication data: OAuth access tokens (encrypted)
- Commercial data: Offer data, order data, message content (from Allegro integration)
- Technical data: IP address, activity logs, browser and device information
- Billing data: Payment history, invoice data (NIP, company name, address)
We apply the principle of data minimization: we collect only data necessary for the stated purposes.
§ 4. Recipients of Personal Data
Your data may be disclosed to:
- Infrastructure providers (e.g., Hetzner, Supabase) – hosting, database, EU-based
- AI service providers – Auto-Responder functionality, under SCC
- Authentication providers (Google) – OAuth login
- Marketplace (Allegro) – integration, Poland
- Payment operators (Stripe, PayU) – payment processing
- Public authorities – when required by law
All recipients process data under appropriate agreements and safeguards.
§ 5. Retention Periods
| Data | Retention Period |
|---|---|
| Account and service data | Until account deletion + 30 days |
| Billing and invoice data | As required by law (e.g., 5 years) |
| Security logs | Up to 12 months |
| Marketing data | Until objection or consent withdrawal |
| Legal claims data | Until prescription (typically 3-6 years) |
We retain data only as long as necessary for the purposes of processing or as required by law.
§ 6. Rights of Data Subjects
You have the right to:
- Access your data (Art. 15 GDPR)
- Rectification of inaccurate data (Art. 16 GDPR)
- Erasure ("right to be forgotten") in certain cases (Art. 17 GDPR)
- Restriction of processing in certain cases (Art. 18 GDPR)
- Data portability – receive your data in a structured format (Art. 20 GDPR)
- Object to processing based on legitimate interest (Art. 21 GDPR)
- Withdraw consent at any time, where processing is based on consent
- Lodge a complaint with a supervisory authority
To exercise your rights, contact us at: dev@kladivio.pl
§ 7. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence, place of work, or place of the alleged infringement.
In Poland, the supervisory authority is: President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych) ul. Stawki 2, 00-193 Warsaw, Poland Website: uodo.gov.pl
§ 8. Contact Information
For all matters regarding personal data processing:
Email: dev@kladivio.pl
Please include "GDPR" or "Data Protection" in the subject line.
We are at your disposal to provide comprehensive answers and explanations.