Privacy Policy — PADO Mobile Application

Effective Date: April 6, 2026

1. Scope of Data Processed

The Controller processes personal data necessary to use the PADO App, including:

• account data (name, email address, phone number),
• profile data (photo, preferences),
• booking and payment information (payment processing is handled by Stripe; PADO does not store full card details such as card numbers),
• device and usage information (device type, operating system, identifiers),
• location data (only with the User's explicit prior consent).

2. Purposes of Processing

Personal data is processed for the following purposes:

• providing and maintaining the services available in the App,
• processing bookings and facilitating payments via third-party payment providers,
• contacting Users regarding support and technical matters,
• ensuring security and preventing abuse or fraudulent activity,
• statistical analysis and service improvement,
• complying with legal obligations applicable to the Controller.

3. Legal Basis (GDPR)

Data processing is carried out under the EU General Data Protection Regulation (GDPR) based on:

• Art. 6(1)(a) — consent (e.g., for location data and marketing communications),
• Art. 6(1)(b) — performance of a contract (providing App services and processing bookings),
• Art. 6(1)(c) — compliance with a legal obligation,
• Art. 6(1)(f) — legitimate interest of the Controller (security, analytics, fraud prevention, service communication).

4. Data Sharing

Data may be shared only with:

• technical, hosting, and infrastructure providers,
• payment service providers, including Stripe Inc. (see Section 4A below),
• authorities authorized under applicable law,
• entities involved in a potential merger, acquisition, or restructuring of the business.

The Controller does not sell personal data or transfer it outside the European Economic Area (EEA) without adequate safeguards in place.

4A. Stripe Payment Processing

Payments in the App are processed by Stripe Inc., a third-party payment provider. When a User makes a payment, relevant data (such as payment amount, transaction details, and device identifiers) is shared with Stripe for the purpose of completing the transaction.

Stripe processes data in accordance with its own Privacy Policy, available at https://stripe.com/privacy. PADO does not store full card numbers or sensitive payment credentials.

Users are encouraged to review Stripe's Privacy Policy before making a payment.

4B. Apple and Google

The PADO App is distributed via the Apple App Store and Google Play Store. Apple Inc. and Google LLC may collect certain technical and usage data in connection with App distribution and operation, in accordance with their own privacy policies. PADO is not responsible for data collected independently by Apple or Google.

Users are encouraged to review:

• Apple's Privacy Policy: https://www.apple.com/legal/privacy/
• Google's Privacy Policy: https://policies.google.com/privacy

5. Data Retention

Personal data is retained for as long as necessary to provide services and fulfill legal obligations, or for a maximum of 5 years after the User's last activity, whichever is sooner.

Payment transaction records may be retained for longer periods where required by applicable tax or accounting law.

Upon account deletion, personal data is removed or anonymized, except where retention is required by law.

6. User Rights

Under GDPR, Users have the right to:

• access their data,
• rectify or update inaccurate data,
• delete their data ("right to be forgotten"),
• restrict processing of their data,
• object to processing based on legitimate interest,
• transfer their data to another controller (data portability),
• withdraw consent at any time, without affecting the lawfulness of prior processing,
• lodge a complaint with the President of the Personal Data Protection Office (UODO) at https://uodo.gov.pl.

To exercise any of these rights, Users may contact the Controller at [email protected]. Requests will be responded to within 30 days.

7. Data Security

The Controller applies appropriate technical and organizational measures to protect personal data from unauthorized access, loss, or destruction. These include encryption in transit, access controls, and secure infrastructure.

However, no IT system can guarantee absolute security. In the event of a data breach that poses a risk to Users' rights and freedoms, the Controller will notify the relevant supervisory authority and affected Users in accordance with GDPR obligations.

8. Cookies and Tracking Technologies

The PADO App may use analytics and tracking technologies (such as Firebase or similar tools) to collect anonymized usage data for the purpose of improving the App. No advertising tracking is conducted without the User's explicit consent.

Users can manage app permissions (including location and notifications) through their device settings at any time.

9. Children's Privacy

PADO does not knowingly collect personal data from children. Minimum age requirements are set in the App's store listings on the Apple App Store and Google Play Store. If the Controller becomes aware that data has been collected from a child without appropriate consent, such data will be promptly deleted.

10. Changes to This Policy

This Policy may be updated due to legal, technical, or operational changes. Users will be notified of material changes via the App or by email. The current version is always available in the App and on the website.

Continued use of the App following notification of changes constitutes acceptance of the updated Policy.

11. Contact

For data protection matters, questions, or to exercise your rights, please contact the Controller at:

Email: [email protected]

7DESIGN Sp. z o.o., ul. Zygmunta Krasińskiego 15a-3, 50-449 Wrocław, Poland