Data Controller: Tradeco Krzysztof Cichy Address: os. Tysiąclecia 71/51 61-255 Poznań, Poland VAT ID: PL7822918532 Website: https://launchdirectories.com Email: hello@launchdirectories.com
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website LaunchDirectories. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and Polish data protection laws.
2. Legal Basis for Processing
We process your personal data based on the following legal grounds:
Consent (Art. 6(1)(a) GDPR): For analytics and marketing communications
Contract Performance (Art. 6(1)(b) GDPR): For processing payments and delivering services
Legitimate Interests (Art. 6(1)(f) GDPR): For website functionality, security, and improvement
Legal Obligation (Art. 6(1)(c) GDPR): For compliance with tax and legal requirements
3. Personal Data We Collect
3.1 Information You Provide Directly
Contact Information: Name, email address when you contact us or use our services
Payment Information: Billing details (name, email, billing address) for sponsorship and paid services. All payments are processed securely through Stripe, Inc. We do not collect or store full payment card numbers, CVV codes, or other sensitive payment card data on our servers
Communication Data: Content of communications with our support team
Service-related Data: Information you provide when using our Auto-Submit Service or Platform Submissions
3.2 Information We Collect Automatically
Website Analytics: Page views, time spent on site, referral sources, user journey (privacy-focused, no personal identification)
Usage Data: Pages visited, features used, search queries, interaction patterns
Security Data: Server logs for security monitoring and fraud prevention
3.3 Cookies and Tracking Technologies
We use the following types of cookies:
Essential Cookies: Required for website functionality, user authentication, and security
Analytics Cookies: Privacy-focused cookies for understanding website usage (anonymized)
Functional Cookies: Remember your preferences and settings
Third-party Cookies: From integrated services and payment processors. Stripe uses cookies and similar technologies for payment processing, fraud prevention, and security purposes. These cookies are essential for payment functionality and security
4. Third-Party Services and Data Sharing
4.1 Analytics and Performance
Google Search Console: Search performance data to improve our website's visibility and user experience
4.2 Payment Processing
We accept payments through Stripe, a leading payment processor that is fully compliant with GDPR, PCI-DSS Level 1 (the highest level of payment card industry security standards), and European data protection regulations. For customers in the European Economic Area (EEA), payments are processed by Stripe Payments Europe Limited (Ireland), which is authorized and regulated by the Central Bank of Ireland. For customers outside the EEA, payments are processed by Stripe, Inc. (United States).
Payment Methods Accepted: Credit cards, debit cards, and other payment methods supported by Stripe in your region (including Visa, Mastercard, American Express, and other major card networks). Payments can be processed in multiple currencies including USD, EUR, PLN, and other currencies supported by Stripe in your region
Payment Data Collection: When you make a payment, Stripe collects and processes payment information including card numbers, expiration dates, CVV codes, billing addresses, transaction details, and authentication data (such as 3D Secure authentication results). We do not have access to or store your full payment card details on our servers. Stripe may store your payment method information (tokenized) for future transactions if you choose to save it during checkout
Stripe's Role: Stripe acts as an independent data controller for payment processing. They process your payment data in accordance with their own Privacy Policy and Terms of Service, which comply with GDPR and European data protection laws
Data We Receive: We receive limited payment information from Stripe necessary to process your order, including transaction IDs, payment status, billing address (for invoicing), and the last four digits of your card number (for customer service purposes only)
Security Standards: All payment transactions are encrypted using industry-standard SSL/TLS encryption. Stripe maintains PCI-DSS Level 1 certification and implements additional security measures including tokenization, fraud detection, and secure data storage
GDPR Compliance: Stripe is GDPR-compliant and processes payment data in accordance with European data protection regulations. Stripe has implemented appropriate technical and organizational measures to protect your payment data
International Transfers: For EU/EEA customers, payment data is primarily processed within the European Economic Area by Stripe Payments Europe Limited. Stripe may process payment data in countries outside the EEA, but they ensure adequate safeguards are in place through Standard Contractual Clauses (SCCs), Binding Corporate Rules, and other approved mechanisms under GDPR Article 46
Sub-processors: Stripe uses sub-processors (including financial institutions, fraud detection services, and cloud infrastructure providers) to process payments. Stripe maintains a list of sub-processors and ensures they meet the same data protection standards. You can view Stripe's sub-processors at https://stripe.com/legal/sub-processors
Automated Decision-Making: Stripe uses automated fraud detection and risk assessment systems to evaluate payment transactions. This automated processing helps protect against fraudulent transactions and is necessary for payment security. You have the right to object to automated decision-making under GDPR Article 22, though this may affect your ability to complete payment transactions. If you have concerns, please contact us or Stripe
Chargeback and Dispute Handling: In the event of payment disputes or chargebacks, we may share transaction details, communication records, and service delivery evidence with Stripe and relevant financial institutions to resolve the dispute, as required by payment card network rules and regulations
Invoice and Receipt Data: We generate invoices and receipts that include your name, billing address, email address, transaction details, and service description. These documents are retained for accounting and tax purposes as required by Polish law
Payment Failure Data: If a payment fails, Stripe may retain limited transaction attempt data (without full card details) for fraud prevention and security purposes. We do not store failed payment card information
Stripe Privacy Policy: For detailed information about how Stripe processes your payment data, please review Stripe's Privacy Policy at https://stripe.com/privacy For EU customers, you can also review Stripe Payments Europe Limited's privacy notice at https://stripe.com/en-pl/privacy
Stripe Contact Information (EU): For EU/EEA customers with questions about how Stripe processes your payment data, you can contact Stripe Payments Europe Limited at privacy@stripe.com or through their Data Protection Officer. For general inquiries, visit https://support.stripe.com
Payment Data Retention: We retain payment transaction records (transaction IDs, amounts, dates) as required by Polish tax and accounting laws (typically 5-7 years). Stripe retains payment data in accordance with their own retention policies and legal obligations
Refund Processing: If a refund is processed (subject to our Terms of Service), it will be handled through Stripe and processed back to your original payment method
Your Rights Regarding Payment Data: You have the right to access, rectify, or request deletion of payment-related personal data we hold, subject to legal retention requirements. For payment data held by Stripe, you may exercise your rights by contacting Stripe directly or through us.
We only share personal data with third parties when necessary to provide our services, comply with legal obligations, or with your explicit consent. All third-party processors are bound by data protection agreements.
5. How We Use Your Personal Data
We use your personal data for the following purposes:
Service Delivery: Processing Auto-Submit Service, Platform Submissions, and Advertising Services
Communication: Responding to inquiries, sending service updates, and marketing communications (with consent)
Website Improvement: Analyzing usage patterns to improve user experience and website functionality
Security: Protecting against fraud, unauthorized access, and maintaining system security
Legal Compliance: Meeting tax obligations, legal requirements, and regulatory compliance
Business Operations: Managing directory database, processing payments, and maintaining service quality
6. Data Retention
We retain personal data only as long as necessary for the purposes outlined in this policy:
Contact Data: Until you withdraw consent or request deletion
Payment Data: Transaction records (transaction IDs, amounts, dates, billing information) are retained as required by Polish tax and accounting laws (typically 5-7 years). Payment card details are not stored by us and are processed directly by Stripe in accordance with their retention policies and PCI-DSS requirements
Analytics Data: Anonymized data retained for statistical analysis
Communication Records: 3 years for customer service quality and legal purposes
Security Logs: 1 year for security monitoring and incident response
7. Your Rights Under GDPR and Polish Law
As a data subject, you have the following rights:
Right of Access (Art. 15 GDPR): Request information about your personal data we process
Right of Rectification (Art. 16 GDPR): Request correction of inaccurate or incomplete data
Right of Erasure (Art. 17 GDPR): Request deletion of your personal data ("right to be forgotten")
Right to Restrict Processing (Art. 18 GDPR): Request limitation of data processing
Right to Data Portability (Art. 20 GDPR): Request transfer of your data to another service
Right to Object (Art. 21 GDPR): Object to processing based on legitimate interests
Right to Object to Automated Decision-Making (Art. 22 GDPR): Object to automated processing, including automated fraud detection used in payment processing. Note that objecting to automated fraud detection may affect your ability to complete payment transactions
Right to Withdraw Consent: Withdraw consent for processing at any time
Right to File a Complaint: Lodge a complaint with the Polish Data Protection Authority (UODO - Urząd Ochrony Danych Osobowych) at https://uodo.gov.pl or with your local data protection authority in your EU member state
To exercise these rights, contact us at hello@launchdirectories.com. We will respond within 30 days as required by law.
8. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place:
Adequacy Decisions: Transfers to countries with adequate data protection levels
Standard Contractual Clauses: EU-approved contracts for data protection
Certification Schemes: Providers certified under privacy frameworks
Binding Corporate Rules: For multinational service providers
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
Encryption: Data encrypted in transit and at rest
Access Controls: Strict access controls and authentication
Regular Updates: Security patches and system updates
Monitoring: Continuous monitoring for security threats
Incident Response: Procedures for data breach response
Staff Training: Regular training on data protection best practices
10. Data Breach Notification
In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will:
Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
Inform affected individuals without undue delay if there is a high risk to their rights and freedoms
Provide clear information about the nature of the breach and steps being taken to address it
Implement immediate measures to contain the breach and prevent further unauthorized access
11. Age Requirements and Children's Privacy
Age Requirements: Our services have different age requirements:
Paid Services (Auto-Submit, Advertising): You must be at least 18 years old to use these services
Free Services (Platform Submissions, Directory Database): You must be at least 13 years old with parental consent
We do not knowingly collect personal data from children under 13. If we become aware that we have collected personal data from a child under 13 without verification of parental consent, we will take steps to delete that information.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us at hello@launchdirectories.com.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:
Update the "Last Updated" date at the top of this policy
Notify users of significant changes through email or prominent website notice
Provide a clear summary of changes made
Give users reasonable time to review changes before they take effect
13. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: hello@launchdirectories.com
Website: https://launchdirectories.com
Response Time: We aim to respond to all privacy-related inquiries within 30 days