MAPEN App Privacy Policy
Thank you for using the MAPEN application. This Privacy Policy explains how we collect, use, and protect your personal data when using the mobile application and the Organizer Panel available via our website. For the purpose of this Privacy Policy, the following definitions apply:
Administrator – MAPEN SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, based at Strumykowa 19A/29, 03-138 Warsaw, email: contact@mapenapp.com, responsible for processing personal data in connection with the use of the App and Organizer Panel.
Application – the MAPEN mobile application that allows Users to browse events, create and join groups (packs), communicate, and engage in other community activities.
User – a natural person using the App as an event participant, searching for events or social interactions.
Organizer – an entity with an account in the Organizer Panel who creates and promotes events.
Organizer Panel – part of the website available to registered Organizers, allowing them to manage events and promotional packages.
Privacy Policy – this document defining the rules for processing personal data by the Administrator.
1. Basic Information
This Privacy Policy explains how we process the personal data of Users and Organizers using the MAPEN mobile app and the Organizer Panel via the website. The Policy fulfills the information obligation under Regulation (EU) 2016/679 (GDPR). The personal data controller is MAPEN SP. Z O.O., Strumykowa 19A/29, 03-138 Warsaw, email: contact@mapenapp.com. No Data Protection Officer has been appointed.
2. Types of Data Processed
Users of the app:
Identification data: email address, phone number, nickname, first and last name, age, gender
Profile information: profile photo, city
Activity information: created “packs”, joining existing packs, favorited events, attendance data, number of anonymous ratings after attending events (visible on profile; anonymous to users but identifiable by the admin for moderation and analysis purposes), friends list, interaction history (e.g. invites, reports), app usage data (e.g. login time, clicks, viewed events)
Login data (account login, or via Google, Apple, Facebook). If logging in via third-party providers, those may act as separate data controllers
Message content exchanged between users is stored for up to 12 months solely to allow viewing conversation history and reviewing regulation violations. The Administrator does not read message content unless a report is filed. Messages are accessible only to the conversation parties and, in exceptional cases, authorized staff. Users are advised not to include sensitive personal data (e.g. health, sexual orientation, religion, political views). The Administrator does not intentionally process such data.
Organizers (Web Panel):
Identification and operational data: email address, tax ID (NIP), entity name, business address, additional contact info, website URL, payment history, invoice data, selected promotional packages, event category info, event details (title, date, time, location, description), statistical data (e.g. sign-up counts, user activity).
3. Purpose and Legal Basis of Processing
User data is processed under:
Art. 6(1)(b) GDPR (performance of contract), for registration, login, account handling, browsing events, creating/joining packs, signing up for events, notifications, rating other users, private messaging, complaint handling, and use of other logged-in features
Art. 6(1)(a) GDPR (consent), for profile publication (e.g. photo, age), content personalization, or voluntary data shared in messages
Organizer data is processed under:
Art. 6(1)(b) GDPR (contract performance) – for registration, event creation, communication, and access to the organizer tools and notifications
Art. 6(1)(c) GDPR (legal obligation), e.g. invoicing and bookkeeping
In addition, data may be processed under Art. 6(1)(f) GDPR (legitimate interest) for security, statistics, service development, complaint handling, and legal claims. In justified cases, private message content may be shared with law enforcement.
4. Communication and Friends
The app enables users to:
Search other users by nickname or name, add them to friends list (mutual acceptance required)
Exchange private messages (text, links, photos)
Invite users (friends and others) to events using the “pack” system
5. Packs and User Activity
Users can join events via packs. The pack creator (host) can:
Set the number of slots
Accept or reject join requests
Decide if the pack is visible to friends only or all users, and whether unused slots are auto-filled
Join requests and rejections are processed temporarily and not shared or used for analytics.
6. Payments and Event Promotion
Event promotion by Organizers is managed in the web panel. Payments are one-time and handled by Stripe. The Administrator does not process payment card data. Only transaction history (date, amount, purpose, status, payment ID) is stored for accounting and dispute resolution.
7. Cookies and Analytics
The mapenapp.com website and Organizer Panel use cookies stored on users’ devices for proper operation and customization.
Necessary cookies: essential for site functionality (login session, language). Legal basis: Art. 6(1)(f) GDPR
Analytical cookies: used for traffic analysis and optimization, only with user consent (Art. 6(1)(a) GDPR)
Users can manage cookies in their browser or via consent tools. Disabling cookies may affect some features.
8. Data Retention
After account deletion, user data may be stored for up to 12 months for security, complaints, legal claims, and compliance. Marketing consents are automatically revoked.
Organizer transaction and invoice data is kept for 5 years from the end of the fiscal year in which it was issued, per tax law.
Technical data (messages, logs) is kept for up to 12 months.
9. Data Sharing
User data may be shared only with third parties necessary to operate the app/website, including:
Hosting and server providers
Accounting firms
Analytics tools (e.g. Google Analytics) under data agreements and GDPR
IT staff ensuring development, maintenance, and security
Organizers receive only aggregated, anonymized stats. Personal data is not transferred outside the EEA except via external login providers (Google, Apple, Facebook), which may transfer data under their own policies.
10. Your Rights
You have the right to:
Access, correct, delete, or restrict processing of your data
Transfer your data to another controller
Withdraw consent at any time (this does not affect prior lawful processing)
Object to processing based on legitimate interest – unless we demonstrate compelling legal grounds or need the data for claims
Consent is required to use the app. Withdrawal results in blocked access. You can file a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).
11. Changes to the Policy
We may update this Privacy Policy. Changes will be published in the app and/or on the website. Continued use means acceptance of the new version.
If you have questions about data protection, contact: contact@mapenapp.com
