Privacy Policy | Supersender by MAK Consulting

Effective Date: October 1, 2025

Company: MAK Consulting p.h.u. Michał Nowak

Registered Address: al. Wojciecha Korfantego 113/3, 40-156 Katowice, Poland

Warehouse Address: ul. Plebiscytowa 3, 41-100 Siemianowice Śląskie, Poland

NIP (Tax ID): 6343014789

EU VAT No.: PL6343014789

Email: info@supersender.eu

Phone: +48 791 350 527

Website: www.makconsulting.pl | www.supersender.eu

1. Introduction

This Privacy Policy explains how MAK Consulting p.h.u. Michał Nowak ("MAK Consulting", "Supersender", "we", "us", or "our") collects, uses, stores, and protects personal data in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and other applicable privacy laws.

By using the Supersender website or mobile/web application, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The controller responsible for processing your personal data is:

MAK Consulting p.h.u. Michał Nowak al. Wojciecha Korfantego 113/3 40-156 Katowice, Poland Email: info@supersender.eu

For all matters related to data protection, you may contact us at the above email address.

3. Scope of the Policy

This policy applies to:

visitors of our websites,
registered users of the Supersender app,
business customers, suppliers, and partners of MAK Consulting,
and any individual who communicates with us through email, phone, or other means.

4. Types of Data We Collect

We may collect and process the following categories of personal data:

A. Data you provide directly

Name and surname
Company name and registration number
Address (business or private)
Country
Email address and phone number
Tax identification number (if applicable)
Payment information (bank account or Revolut reference, not full card details)
Delivery and billing addresses
Communication records (emails, chat messages, or support requests)

B. Data collected automatically

IP address, browser type, and operating system
Device identifiers (for mobile app users)
Log data (login dates, access times, activity within the app)
Cookies and tracking technologies (see section 10)

C. Data received from third parties

Supplier information related to your deliveries
Freight partners, when you use Supersender's transport services
Payment processors confirming completed transactions

5. Purpose and Legal Basis of Processing

We process your personal data for the following purposes, based on the lawful bases under Article 6 of the GDPR:

Purpose of Processing	Legal Basis	Details
Account creation and management	Contract performance (Art. 6(1)(b))	To register your account and manage your access to the Supersender platform.
Order processing, warehousing, and logistics	Contract performance (Art. 6(1)(b))	To handle your deliveries, storage, shipments, and related documentation.
Payments and billing	Legal obligation & Contract performance	To issue invoices, confirm payments, and meet accounting standards.
Customer support	Legitimate interest (Art. 6(1)(f))	To respond to inquiries, resolve issues, and provide service continuity.
Marketing communication	Consent (Art. 6(1)(a))	To send optional newsletters or promotional updates (only if you opt in).
Legal and compliance purposes	Legal obligation	To comply with tax, transport, and regulatory obligations.
Security and fraud prevention	Legitimate interest	To protect Supersender systems and prevent unauthorized access.

6. Data Retention

We keep personal data only for as long as necessary for the purposes outlined above or as required by law.

Typical retention periods:

Account information: active plus 3 years after closure
Transaction data and invoices: 5 years (as required by Polish accounting law)
Communication logs: 2 years
Marketing data: until consent is withdrawn

After expiration of the retention period, data is permanently deleted or anonymized.

7. Data Sharing and Disclosure

We may share limited data with trusted third parties, strictly under confidentiality and data processing agreements:

Transport and logistics partners — for organizing pickups or deliveries.
Payment processors — e.g., Revolut or other licensed payment providers.
IT and hosting providers — for maintaining and securing our servers and databases (e.g., Supabase, Google Cloud).
Accounting and legal advisors — to ensure compliance with tax and legal obligations.
Authorities and law enforcement — only when legally required.

We never sell, rent, or trade personal data with third parties for commercial purposes.

8. International Data Transfers

Your data is processed primarily within the European Economic Area (EEA).

In cases where data is transferred outside the EEA (e.g., through cloud service providers), we ensure adequate protection through:

EU Standard Contractual Clauses (SCCs), or
other legally recognized safeguards ensuring GDPR compliance.

9. Data Security

We apply strong organizational and technical measures to protect your personal data, including:

encrypted data transmission (HTTPS / SSL),
password hashing and multi-factor authentication for staff,
restricted access based on user roles,
secure data backups and redundancy,
regular audits and internal data protection training.

Despite all measures, no system can be 100% secure.

In case of a data breach, we will notify affected users and the supervisory authority within 72 hours, as required by law.

10. Cookies and Tracking

The Supersender website and app use cookies and similar technologies to improve performance, analyze traffic, and remember your preferences.

Types of cookies:

Essential cookies — required for system functionality.
Analytics cookies — to measure performance and usage (e.g., Google Analytics).
Functional cookies — for language, region, and login preferences.
Marketing cookies — only with explicit consent.

You can manage or disable cookies in your browser settings.

Our [Cookie Policy] (to be linked) provides detailed information.

11. Your Rights under GDPR

You have the following rights regarding your personal data:

Right to access – to request a copy of your data.
Right to rectification – to correct inaccuracies.
Right to erasure ("Right to be forgotten") – under certain conditions.
Right to restrict processing – if accuracy or legality is contested.
Right to data portability – to receive your data in a structured format.
Right to object – to processing based on legitimate interest or direct marketing.
Right to withdraw consent – at any time, without affecting past processing.

To exercise your rights, contact: privacy@supersender.eu

We respond within 30 days, as required by GDPR.

If you are not satisfied with our response, you can lodge a complaint with the Polish Data Protection Authority (UODO) or your local EU data protection authority.

12. Children's Data

Our services are not directed at children under 16 years of age.

We do not knowingly collect or process children's personal data.

13. Third-Party Links

Our website may contain links to third-party websites.

We are not responsible for their content or privacy practices.

We recommend reviewing their privacy policies separately.

14. Automated Decision-Making

Supersender does not use personal data for automated decision-making or profiling that produces legal or significant effects for users.

15. Updates to This Policy

We may update this Privacy Policy from time to time.

The "Effective Date" will always reflect the latest revision.

Substantial changes will be communicated by email or through the Supersender dashboard.

16. Contact Information

For privacy-related questions, requests, or concerns:

Data Protection Officer (DPO) MAK Consulting p.h.u. Michał Nowak al. Wojciecha Korfantego 113/3 40-156 Katowice, Poland Email: privacy@supersender.eu

17. Governing Law

This Privacy Policy is governed by the laws of Poland and interpreted in accordance with the EU General Data Protection Regulation (GDPR). Any disputes arising under this Policy shall fall under the jurisdiction of the courts in Katowice, Poland.