Privacy Policy of the MAPEN App

Thank you for using the MAPEN app. This Privacy Policy explains how we collect, use, and protect your personal data while using the mobile application and the Organizer Panel available via our website. For the purposes of this Privacy Policy, the following definitions apply: Administrator – MAPEN LIMITED LIABILITY COMPANY, headquartered at Strumykowa 19A/29, 03-138, Warsaw, e-mail address: contact@mapenapp.com, responsible for the processing of personal data in connection with the use of the Application and Organizer Panel. Application – the MAPEN mobile application, allowing Users to browse events, create and join groups (“packs”), communicate, and perform other community activities. User – a natural person using the Application as an event participant, seeking events, or pursuing social contacts. Organizer – an entity with an account in the Organizer Panel that creates and promotes events. Organizer Panel – part of the online service available to registered Organizers, enabling the management of events and promotional packages. Privacy Policy – this document defining the rules for processing personal data by the Administrator.

1. Basic Information
   This Privacy Policy explains how we process the personal data of Users and Organizers using the MAPEN mobile app and the Organizer Panel available on the website. The Privacy Policy fulfills the information obligation under Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR). The controller of personal data is: MAPEN LIMITED LIABILITY COMPANY, headquartered at Strumykowa 19A/29, 03-138, Warsaw, e-mail address: contact@mapenapp.com. No Data Protection Officer has been appointed.

2. Types of Data Processed
   Application Users: identification data: e-mail address, phone number, nickname, first name, last name, age, gender; profile information: profile picture, city; activity information: created packs (groups of users for joint participation in events), joining existing packs, marking events as “favorites,” attendance at events, number of anonymous ratings received after joint participation in events (visible on the profile; ratings are anonymous for users but identifiable by the administrator, processed only to ensure the proper functioning of the rating system, analysis of activity, and prevention of abuse), friends list (connected users), history of interactions with other users (e.g. invitations, reports), usage data (e.g. login times, clicks, browsed events). Login data (application account, login via Google, Apple, Facebook). In the case of logging in via external providers such as Google, Apple, or Facebook, data processing is carried out on the basis of the provider’s agreement (account creation and login), and the provider may act as an independent data controller. The content of messages exchanged between users in the application is stored on the server for a maximum of 12 months from the date each message is sent, solely to allow users to browse chat history and for handling regulation violation reports. The Administrator does not analyze message content automatically or manually unless a violation report requires it. Messages are accessible only to the conversation participants and, in exceptional cases, to authorized staff of the Administrator (e.g. moderators) upon receiving such a report. The Administrator does not take responsibility for content shared by users in private messages, particularly if such messages contain special category data provided voluntarily. Users are asked not to share sensitive personal data, such as information about health, sexual orientation, religious beliefs, or political views, in private messages. The Administrator does not intentionally process such data and bears no responsibility for their voluntary disclosure by users within message content. Organizers (Web Panel): identification and operational data of the organizer: e-mail address, NIP (tax identification number), company name, registered office address (street, postal code, city), additional contact data (e.g. a secondary e-mail address), website address, payment history, invoicing data, information on selected promotional packages, details of the added events (such as name, date, time, location, description), as well as event-related statistical data, including the number of registered users and other activity indicators.

3. Purpose and Legal Basis of Processing
   Personal data of Users collected by the application is processed under: Article 6(1)(b) GDPR – to enable registration and logging into the application, account management, event browsing, creating and joining groups, registering for events and receiving related notifications, using community features (e.g. rating other users after events), sending and receiving private messages, handling reports and complaints, and using other logged-in features. User data may also be processed under Article 6(1)(a) GDPR – in connection with publishing profile data (such as picture, age, description), personalizing app content, and in cases where the User voluntarily discloses other personal data, including through private messages – such disclosure is considered explicit consent to process such data. Organizer data is processed under: Article 6(1)(b) GDPR – to register and manage organizer accounts, allow adding events, enable communication with users, use Organizer Panel tools, and receive technical, organizational, and promotional information; Article 6(1)(c) GDPR – to issue invoices, maintain accounting books, and comply with tax documentation obligations. Data of Users and Organizers may also be processed under Article 6(1)(f) GDPR – the legitimate interests of the Administrator, including ensuring security, proving regulatory compliance, statistical analysis, developing the application, and protecting against claims.

4. Communication and Friends
   The application enables users to search for other users by nickname or full name, add friends (upon mutual acceptance), conduct private chats (text messages, pictures, and links), and invite both friends and non-friends to events within packs.

5. Packs and User Activity
   The application allows shared participation in events within packs. The host (pack creator) may decide on the number of slots, accept or reject join requests, set whether the pack is visible only to friends or all users, and set automatic filling of unused slots. Rejection information is not shared with other users and is not used for analysis or profiling.

6. Payments and Event Promotion
   Event promotion by Organizers is handled through the web panel. Payments are one-time and processed by the external payment operator STRIPE. The Administrator does not process card or payment instrument data, but transaction history is stored (date, amount, purpose, transaction status, payment ID) to handle promotions, accounting, and complaints.

7. Cookies and Analytics
   The website mapenapp.com, including the Organizer web panel, uses cookies saved on the user’s device to ensure proper website functioning and to adjust it to user preferences. Types of cookies: necessary cookies – for core website and panel functions (e.g. login sessions, language settings) – always active, legal basis: Article 6(1)(f) GDPR (legitimate interests of the Administrator); analytical cookies – used to analyze website/panel traffic and optimize operation, processed only upon user consent (Article 6(1)(a) GDPR) via consent management tools (e.g. cookie banners). Users may change cookie settings in their browser or consent tools at any time, though limiting cookies may affect certain functionalities.

8. Data Retention Period
   After account deletion, user data may be stored for up to 12 months solely for security, complaint handling, and defense of legal claims, as well as compliance with legal obligations. Upon account deletion, all consents for marketing purposes are withdrawn, and the user’s data is no longer processed for promotional or advertising purposes. Organizer transaction history and accounting documentation (such as invoice data and transaction identifiers) are stored for 5 years from the end of the financial year in which they were issued – in line with applicable tax law. Technical data, such as private message content and logs (IP addresses, device information), are retained for a maximum of 12 months.

9. Data Sharing
   User data may be shared only to the extent necessary for the proper functioning of the app and website. Data may be entrusted to: hosting and server maintenance providers, accounting offices handling Organizer settlements, providers of analytical tools (e.g. Google Analytics) under relevant data processing agreements and GDPR compliance, IT team members responsible for development, maintenance, and security of the app. Organizers gain access to aggregated, anonymized statistical data (e.g. numbers of registered users, age ranges, attendance), which does not allow identification of individuals. User data is generally not transferred outside the EEA, except when using login services of external providers (Google, Apple, Facebook), whose privacy policies may include such transfers.

10. Your Rights
    You have the right to: access your personal data, rectify, erase, or restrict processing; transfer data to another controller; withdraw consent at any time (without retroactive effect); object to the processing of your data. Granting consent is required to use the application. Withdrawing consent results in the inability to continue using the application and leads to blocking account access. When processing is based on legitimate interests, you may object on grounds relating to your particular situation. We will cease processing your data unless we demonstrate overriding legitimate grounds or the data is necessary for pursuing or defending claims. You also have the right to file a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warszawa, Poland) if you believe your data is processed unlawfully.

11. Changes to the Policy
    We reserve the right to amend this Privacy Policy. Any changes will be published in the application and/or on the website. Continued use of the application after changes means acceptance of the new version.

For any questions about personal data protection, please contact: contact@mapenapp.com.