Privacy Policy of the MAPEN App
Thank you for using the MAPEN app. This Privacy Policy explains how we collect, use, and protect your personal data while using the mobile application and the Organizer Panel available via our website.
For the purposes of this Privacy Policy, the following definitions apply:
Administrator – MAPEN Sp. z o.o., headquartered at Strumykowa 19A/29, 03-138, Warsaw, e-mail address: contact@mapenapp.com, responsible for the processing of personal data in connection with the use of the Application and Organizer Panel.
Application –the MAPEN mobile application, allowing Users to browse events, create and join groups (“crews”), communicate, and perform other community activities.
User – a person using the Application to participate in events, discover events, or meet new people.
Organizer – an entity with an account in the Organizer Panel that creates and promotes events.
Organizer Panel –part of the online service available to registered Organizers, enabling the management and editing of events and access to statistical data.
Privacy Policy – his document defining the rules for processing personal data by the Administrator.
1. Basic Information
This Privacy Policy explains how we process the personal data of Users and Organizers using the MAPEN mobile app and the Organizer Panel available on the website. The Privacy Policy fulfills the information obligation under Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR). The controller of personal data is: MAPEN Sp. z o.o., headquartered at Strumykowa 19A/29, 03-138, Warsaw, e-mail address: contact@mapenapp.com. No Data Protection Officer has been appointed.
2. Types of Data Processed
Application Users:
– Identification data: e-mail address, phone number, nickname, first name, last name, age, gender;
– Profile information: profile picture, city;
Activity information:
–created crews (groups of users for joint participation in events),
– joining existing crews,
– marking events as “favorites”,
– attendance at events, number of anonymous ratings received after joint participation in events (visible on the profile; ratings are anonymous to users but identifiable by the Administrator, processed only to ensure the proper functioning of the rating system, analyze activity, and prevent abuse), ● friends list (connected users),
– history of interactions with other users (e.g. invitations, reports),
– usage data (e.g. login times, clicks, browsed events).
Login data (application account, login via Google, Facebook). In the case of logging in via external personal data providers, such as Google or Facebook, processing is carried out on the basis of an agreement (account creation and login), and the provider may be a separate data controller. The content of messages sent between users in the application is stored on the server for a maximum of 12 months from the date each message is sent, solely for the purpose of enabling users to view their conversation history and to handle reports of violations of the Terms and Conditions. The Administrator does not analyze the content of messages automatically or manually, unless a report of a violation requires it. Messages may be accessible only to the parties to the conversation and, in exceptional cases, to authorized employees of the Administrator (e.g. moderators) after receiving a report. The Administrator shall not be responsible for content shared by users in private messages, in particular if it contains special categories of personal data disclosed voluntarily. Users are requested not to share special categories of data in messages, such as information concerning health, sexual orientation, religious beliefs, or political views. The Administrator does not intentionally process such data and shall not be responsible for their voluntary disclosure by users in the content of messages.
Organizers (Web Panel):
The organizer’s identification and operational data include the email address, name of the organizer, and a description of the activity carried out. In addition, if provided, data such as the tax identification number (NIP), registered office address (street, postal code, city), links to social media profiles (e.g. Facebook, Instagram), website address, and other contact details may also be processed. Information relating to added events is also processed, including their name, date, time, location, and description, as well as aggregated statistical data related to user activity.
3. Purpose and Legal Basis for Processing
The User’s personal data collected by the application is processed on the basis of Article 6(1)(b) of the GDPR in order to enable registration and login to the application, creating and managing a user account, browsing events, creating and joining groups, registering for events and receiving notifications, using social features, sending and receiving private messages, handling reports and complaints, and using other functionalities of the application. The User’s personal data may also be processed on the basis of Article 6(1)(a) of the GDPR in connection with the publication of data in the user profile, personalization of the application content, as well as in the case of voluntary disclosure by the User of other personal data, including in the content of private messages. The Organizer’s personal data is processed on the basis of Article 6(1)(b) of the GDPR for the purpose of registering and operating an account in the Organizer Panel, adding and editing events, using the panel functionalities, and receiving technical and organizational information related to the functioning of the platform. The Organizer’s personal data may also be processed on the basis of Article 6(1)(f) of the GDPR in connection with ensuring system security, application development, conducting statistical analyses, and establishing, pursuing, or defending claims.
The MAPEN application is intended exclusively for persons who have reached the age of 18. The Administrator does not knowingly process the personal data of persons under the age of 18. If the Administrator becomes aware that an account has been created by a person under the age of 18, the Administrator may delete such account and the data related to it in accordance with the rules set out in the Terms and Conditions.
4. Communication and Friends
The application enables users to use social features, including:
– searching for other users by pseudonym (nickname) or first and last name and adding them to the friends list (upon mutual acceptance),
– conducting private communication in the form of text messages, including the possibility of sending links and photos,
– inviting other users – both friends and persons outside the contact list – to participate together in events within so-called crews.
5. Packs and User Activity
The application enables users to participate together in events within so-called crews. A user who creates a crew (the so-called host) has the ability to manage its settings, including: determining the number of available places (slots), accepting or rejecting requests to join from other users, deciding whether the crew will be
available only to friends or also to other users, and whether unused slots may be automatically filled.
Data concerning users’ requests to join crews, including decisions on acceptance or rejection, may be temporarily processed in the system in order to support the functionalities of the application. Information about rejection is not shared with other users and is not used for analytical or profiling purposes.
6. Cookies and Analytics
The website mapenapp.com, including the web panel intended for Organizers, uses cookies, i.e. data stored on the user’s end device, used to ensure the proper functioning of the website and to adapt it to the user’s preferences. The following categories of cookies are used as part of the operation of the service: Necessary cookies – enable the proper functioning of the website and the Organizer Panel, in particular remembering the login session and selected settings, such as the interface language. These cookies are always active and do not require the user’s consent. The legal basis for their processing is Article 6(1)(f) of the GDPR – the legitimate interest of the Administrator consisting in ensuring the functionality and security of the service.
Analytical cookies – used to analyze traffic on the website and the web panel and to optimize the operation of the service. These types of cookies are used only on the basis of the user’s consent (Article 6(1)(a) of the GDPR), expressed through a consent management mechanism, e.g. a cookie banner.
The user may change cookie settings at any time in their browser or via available consent management tools. Restricting the use of cookies may affect certain functions of the website or the Organizer Panel.
7. Data Retention Period
If a User’s account is deleted in the mobile application, the account is deactivated and may be restored within 30 days by logging back into the application. If an Organizer’s account is deleted in the Organizer Panel, the account is deactivated and may be restored within 30 days by logging back into the Organizer Panel. After the indicated period, the account is permanently deleted. After permanent deletion of the account, the personal data of the User or Organizer may be stored for a maximum of 12 months solely for purposes related to ensuring security, handling reports of violations, pursuing or defending claims, and fulfilling the Administrator’s legal obligations.
8. Data sharing
Users’ personal data may be shared with third parties only to the extent necessary for purposes related to the functioning of the application and the website. The recipients of the data may include the following categories of entities:
– entities providing hosting services and IT infrastructure maintenance,
– providers of technical, programming, and maintenance services responsible for the development, maintenance, and security of the application and the Organizer Panel,
– providers of external login services (e.g. Google, Facebook),
– providers of analytical tools,
– accounting offices, persons authorized by the Administrator responsible for content moderation and handling user reports,
– public authorities, if the obligation to disclose data arises from legal provisions.
Event organizers have access to aggregated and anonymized statistical data concerning users (e.g. number of registered users, age ranges, attendance), which does not allow the identification of specific individuals. As a rule, users’ personal data is not transferred outside the European Economic Area (EEA), except in cases where login functions provided by external providers (e.g. Google, Facebook) are used, whose privacy policies may provide for such transfer.
9. Your Rights
You have the right to:
– access your personal data, rectification or erasure of your personal data, or restriction of its processing,
– data portability to another controller,
– withdraw your consent to data processing at any time (withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal),
– object to the processing of personal data.
Personal data is processed primarily for the purpose of performing the contract for the use of the Application and the Organizer Panel, fulfilling the legal obligations of the Administrator, and ensuring the security and proper functioning of the Application and the Organizer Panel. Consent is required only for the processing of data not necessary for the provision of these services, in particular with regard to cookies or additional functionalities. Withdrawal of such consent may limit access only to the functions to which the consent relates. In the case of data processing based on the Administrator’s legitimate interest, you have the right to object on grounds relating to your particular situation. In such a case, we will cease processing your data for these purposes unless we demonstrate
compelling legitimate grounds for the processing or the data is necessary for the establishment, exercise, or defense of legal claims. You also have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO) (ul. Stawki 2, 00-193 Warsaw) if you believe that your personal data is being processed in violation of applicable laws.
10. Policy Changes
We reserve the right to change this Privacy Policy. Changes will be published in the application and/or on the website. Continued use of the application after such changes means acceptance of the new version.
Contact regarding personal data: contact@mapenapp.com
