Privacy Policy


dated: 11.05.2020

The content of the Privacy Policy

Thank you for visiting the website at (hereinafter referred to as the “Website”) run by apipay sp. Z o.o. with headquarters in Warsaw, ul. Białostocka 22 lok. H11, 03-741 Warsaw.

We make every effort to ensure that the use of the Website is comfortable and safe for you. This document (“Privacy Policy”) explains the rules that we follow when using cookies on our Website, we describe the rules on which the data of Website visitors and recipients of services available through the Website are processed, and we also indicate methods of deleting user accounts.

Part I of the Privacy Policy applies to all visitors to the Website (“Guests”).

Part II of the Privacy Policy applies to users, i.e. entities that have registered on the Website and have their individual account (“Users”) or Guests who have provided their data for contact purposes.

Part III of the Privacy Policy applies only to the deletion of individual accounts of registered users.

Part IV of the Privacy Policy concerns general issues related to the Privacy Policy, you will also find contact details there if you have any questions or comments.


1. What are cookies?
Cookies, in Polish, the so-called Cookies are IT data, in particular small text files, which are saved on the end device (e.g. computer, tablet, smartphone) of the website user while using this website and then stored there.

2. What does the Website use cookies for?
apipay uses cookies for the following purposes:
• Identifying Users as logged in to the Website and showing that they are logged in;
• Maintaining the User’s session (after logging in), thanks to which he does not have to re-enter his login and password on every subpage of the Website;
• Optimizing the use of the Website by Guests and Users;
• Creating anonymous statistics that help to understand how the Visitors and Users use the website, which allows improving its structure and content.

Cookies used by the Website are safe for the computers and devices of Users or Guests, in particular, with their help it is not possible for viruses and other unwanted or malicious software to enter the device.

3. What cookies does the Website use?
The Website uses various types of cookies, which are:
• Permanent cookies are cookies whose storage period on the end device lasts for the time specified in the parameters of a given file or until the cookies are deleted by the User or the Guest.
• Temporary cookies are cookies that are deleted at the end of the so-called session, i.e. logging out of the website, leaving the website or closing the web browser that displays the website.
• Own cookies are cookies placed on the website by the Website.
• External cookies are cookies placed on the website by external entities, eg for keeping anonymous statistics by Google Analytics.

4. How to change your web browser settings regarding cookies?
Detailed information on changing cookie settings and their self-removal in the most popular web browsers is available in the help section of the web browser and on the following websites (for details, please click on the links below):
Chrome browser
Firefox browser
Internet Explorer browser
Opera browser
Disabling the use of cookies may cause difficulties in using some services on the Website, in particular those requiring logging in. However, disabling the option of accepting cookies does not make it impossible to read or view the content posted on the website.

Failure to change the cookie settings means that they will be stored on the guest’s and user’s end device, and thus we will store information on the guest’s and user’s end device and access this information.

5. Google Technologies
To monitor information about Visitors or Users, we use Google Analytics tools that record user behavior on the website. To the extent that we use Google Analytics, we act as joint data controllers of Google Ireland Limited with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. More information on the use of Google Analytics tools can be found at:

In order to give Visitors and Users who use our websites more options to choose how their data collected through Google Analytics tools is used, Google has developed a browser add-on to block Google Analytics. The add-on communicates with the Google Analytics JavaScript (ga.js) protocol to convey information that data about website visits should not be sent to Google Analytics. The browser add-on to block Google Analytics does not block data transmission to the website itself or other web analytics services.

6. System logs
Regardless of cookies, the Website automatically saves on its servers information that is transmitted to us by web browsers each time you visit. This information is saved in the form of logs containing:
• time of arrival of the inquiry,
• time of sending the answer,
• name of the client’s station – identification performed by the HTTP protocol,
• information about errors that occurred during the implementation of the HTTP transaction,
• URL address of the page previously visited by the User / Merchant – if the Website was accessed via a link,
• information about the Guest / User browser,
• information about the IP address.

This information is used in particular for the purpose of managing the Website, identifying problems with the operation of servers and solving them a, as well as to analyze possible security breaches and for statistical purposes.
This information is not combined with the data of the Website users.


1. Scope of collected data
The website is intended only for entrepreneurs, therefore the collected data includes a range of information on entities that are Users, both legal persons, entities without legal personality and natural persons. These data may include data of both persons conducting individual activity and data of persons representing other entities. The data collected on the Website is therefore personal data.

When processing personal data, we apply applicable law, including the General Data Protection Regulation (GDPR) and the highest security standards.

We process data that:
• you provided us with an individual User’s account on the Website upon registration, consenting to their processing. Providing data is completely voluntary, but at the same time it may be necessary to gain access to certain services or functions of the Website and, at a later stage, to services provided on the apipay Platform.
• you provided us by completing the form necessary to conclude an agreement with a settlement agent (hereinafter referred to as the “Settlement Agent” – a bank or other financial organization designated by apipay, with the status of a settlement agent within the meaning of the Act on Payment Services, with which the User concluded a separate agreement via apipay, e.g. for the provision of services enabling the execution of payment transactions made with the use of instruments, such as payment instruments as defined in Article 2 (10) of the Payment Services Act, including a payment card as defined in Article 2 (15a) of the Payment Services Act), also by consenting to their processing. Providing these data is also completely voluntary, but at the same time it may be necessary to gain access to certain services of the Settlement Agent on behalf of which apipay acts as the Agent.
• You provided us by filling in the contact form or by contacting us directly at the provided contact address.

The above categories of data have a slightly different status, as they are collected for various purposes, clearly indicated when entering data on the Website.

In addition, our website collects personal data automatically, in the form of system logs and using cookies. More information on data processing can be found in Part I of the Privacy Policy.

2. Administrator
The administrator of your personal data processed as part of the Website is apipay sp. Z o. O., Based in Warsaw (03-741 Warsaw), ul. Białostocka 22 lok. H11, entered into the register of entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, XIII Commercial Division of the National Court Register under the number KRS 0000800904.

3. Purposes and grounds for data processing
Your data will only be processed for one or more of the following purposes:
• conclusion and implementation of contracts for the provision of electronic services provided by apipay, on the terms described in the Regulations of the Service (Article 6 (1) (b) of the GDPR);
• providing data to the Settlement Agent for the purpose of concluding and implementing contracts for the provision of electronic services provided by the Settlement Agent, on the terms described in a separate contract – with prior and separate consent (Article 6 (1) (a) of the GDPR);
• sending messages containing commercial information – with prior and separate consent (Article 6 (1) (f) and (a) of the GDPR);
• service personnel, thanks to which we will be able to, for example, send notifications and replies to complaints, inform about changes in price lists and service regulations, or technical breaks (Article 6 (1) (f) of the GDPR);
• providing data to our Partners, the current list of Partners is available on in order to present an offer – with prior and separate consent (Article 6 (1) (a) of the GDPR);
• marketing of the data controller’s products and – also with prior and separate consent – products of other entities (Article 6 (1) (a) of the GDPR);
• answering questions from Guests and Users (Article 6 (1) (f) of the GDPR);
• verification of the data provided to the Settlement Agent and in order to prepare profiled commercial offers of apipay sp. Z o.o. (Article 6 (1) (f) of the GDPR) and – with the prior consent – of entities with whom apipay sp.z o.o cooperates (Article 6 (1) (a) of the GDPR);
• fulfillment of legal obligations incumbent on apipay, e.g. in connection with financial and tax documentation (Article 6 (1) (c) of the GDPR);
• conducting settlements with Partners as well as establishing, pursuing and protecting claims resulting from the contract that binds us or services rendered (Article 6 (1) (f) of the GDPR);
• ensuring the security of the Website and the services provided to you (Article 6 (1) (f) of the GDPR);
• optimizing the operation of the Website and conducting statistical analyzes (Article 6 (1) (f) of the GDPR);
• archiving data confirming the provision of a service or correspondence (Article 6 (1) (f) of the GDPR);
• ustalenia, dochodzenia lub ochrony roszczeń (art. 6 ust. 1 lit. f RODO).
• establishing, investigating or protecting claims (Article 6 (1) (f) of the GDPR).

4. Expected period for which the data will be stored
Your data will be stored for the duration of the contract or the period necessary to provide the services you have ordered. After this period, the data will be stored for the period necessary to fulfill the obligations arising from the provisions of law incumbent on apipay and to establish, pursue or protect claims.In the case of processing personal data on the basis of consent, the data will be processed until its with-drawal, which may occur at any time, without affecting the compliance of the processing which was carried out until the consent is withdrawn.In the case of data processed in connection with communication with you, the data will be processed within 3 years from the date of the last correspondence, unless the law provides for a longer period of data storage.

5. Rights of the data subject
After providing your personal data, you can submit to apipay sp.z o.o. request (regarding personal data) for:
1) rectification (correction) of data;
2) deletion of data processed unreasonably or placed on our websites;
3) restriction of processing (suspension of data opera-tions or non-deletion of data – according to the submit-ted application);
4) access to data (information about the data pro-cessed by us and a copy of the data);
5) transfer of data to another data controller or to you (to the extent specified in Article 20 of the GDPR).

Regardless of the rights listed above, you can use at any time:
• the right to object to the processing of your data(including profiling) for the purposes of direct marketing. After accepting the request in this matter, we are obliged to stop processing data for this purpose. In special situations, you may at any time object to the processing of your personal data (including profiling) by us, if the basis for the use of data is our legitimate interest or public interest. In such a situation, after considering your request, we will no longer be able to process the personal data covered by the objection on this basis, unless we demonstrate that there are:
• valid legitimate grounds for data processing, which are considered by law to override your interests, rights and freedoms, or grounds for establishing, investigating or defending claims.
• the possibility of withdrawing the consent given to us (this will not affect the lawfulness of the use of your data before the withdrawal of such consent).

You can exercise these rights by submitting an application by contacting the Personal Data Inspector at To be sure that you are entitled to submit an application, we may ask for additional information that allows us to authenticate you.

The scope of each of these rights and the situa-tions in which they can be exercised result from legal provisions. Which rights you can exercise will depend, for example, on the legal basis for our use of your data and the purpose for which they are processed.In addition, you have the right to lodge a complaint with the President of the Personal Data Protection Office if you believe that the processing of your personal data violates the law.

6. Recipients of data
The data provided by you at the stage of completing the form intended for the Acquirer is made available – with your express consent – to the Acquirer in order to include this data in the Settlement Agent’s collections in order to conclude and perform the contract between the User and such Settlement Agent.We do not share the processed data with any third parties, except for entities providing services to us on the basis of separate contracts, to which we have entrusted the processing of personal data in accordance with the law.The Administrator may be obliged to transfer the collected Users’ data to state administration authorities, law enforcement authorities and judicial authorities at their express request and only in the cases specified by law.

7. Security measures
Your data is protected against disclosure to unauthorized persons, acquisition by an unauthorized person, processing contrary to the provisions of the law and change, loss, damage or destruction. Personal data is processed taking into account the principles of accountability, adequacy and reliability.

8.Transferring your personal data outside the European Economic Area (EEA)
We currently do not plan to transfer your data outside the EEA (including the European Union, Norway, Liechtenstein and Iceland).


Due to the fact that at least some of the services provided by apipay to Users are provided electronically, the User Account is an important element necessary for the implementation of the concluded Agreement binding apipay and such User. As a result, the removal of an individual User Account who has registered on the Website may only take place in the event of prior termination of the Agreement.

In the event of termination of the Agreement, the User Account is not automatically deleted, although some data collected on this Account may be deleted. In order to completely delete the Account after the expiry of the Agreement, you can:
• Send the application by registered mail to the Administrator’s address; or
• Send the application to the following address:


1. Other websites

The Website also includes links to websites from third parties. These websites may use cookies or offer services that require the provision of personal data.

Please note that the rules set out in this Privacy Policy apply only to our Website, and we are not responsible for the actions of third parties. If you use other websites, you should read their privacy policies separately.

2. Changes to the Privacy Policy
We reserve the right to make changes to the rules contained in this Privacy Policy if the need arises or the obligation to make such changes is caused by further development, technological progress or changes in applicable law. In this case, the information about the introduction of changes and the new text of the Policy will be immediately available on the Website.

3. Contact with the Administrator
If you have any questions regarding the processing of your data, the content of this Privacy Policy or the issues raised in it, please contact us: apipay sp.z o.o., ul. Białostocka 22 lok. H11, 03-741 Warsaw or at

© 2024 APIPAY