Politique de confidentialité

Dernière mise à jour : mars 2026

1. Data Controller

The data controller responsible for your personal data is:

  • Tomasz Dudek (DiscPass)
  • Address: ul. Malwy 2, 05-502 Bogatki, Poland
  • NIP (Polish Tax ID): 1231515408
  • Email: [email protected]

2. Data We Collect

When you use DiscPass, we collect the following types of information:

  • Account information: Name, email address, and profile photo (from your sign-in provider or uploaded directly).
  • Profile data: Location (optional, blurred for other users), gender, skill level, and bio.
  • Listing data: Disc details, photos, pricing, and condition information you provide.
  • Usage data: Offers, messages, ratings, and interactions with the marketplace.

3. How We Use Your Data

We use your data to:

  • Provide and operate the DiscPass marketplace
  • Facilitate trades and offers between users
  • Send notifications about offers, messages, and wishlist matches
  • Display location-based search results (using blurred coordinates)
  • Process premium subscriptions and promoted listings
  • Improve the Service and prevent abuse

4. Legal Basis for Processing (GDPR Art. 6)

We process your personal data based on the following legal grounds:

  • Contract performance (Art. 6(1)(b)): Account creation, marketplace operations, facilitating trades and offers, processing payments.
  • Consent (Art. 6(1)(a)): Non-essential cookies, personalized advertising (Google AdSense), newsletter subscription. You may withdraw consent at any time.
  • Legitimate interest (Art. 6(1)(f)): Service improvement, fraud prevention, platform security, and abuse detection.

5. Cookies & Advertising

DiscPass uses essential cookies for authentication and session management. We use Google AdSense to display ads to non-premium users. AdSense may use cookies and similar technologies to serve personalized ads based on your browsing activity.

You can manage your cookie preferences through the consent banner displayed when you first visit the site. Premium subscribers do not see ads.

6. Third-Party Services

We share data with the following third-party services:

  • Stripe: Payment processing for premium subscriptions and promoted listings. Stripe receives your email and payment details. See Stripe's Privacy Policy.
  • Resend: Email delivery for magic link sign-in and notifications. Resend receives your email address. See Resend's Privacy Policy.
  • Google AdSense: Advertising for non-premium users. See Google's Privacy Policy.
  • Authentication providers: Google, Facebook, and Discord for social sign-in. Only basic profile information (name, email, photo) is shared.

7. International Data Transfers

Some of our third-party service providers (Stripe, Resend, Google) are based in the United States. When your data is transferred outside the European Economic Area, it is protected by appropriate safeguards such as the EU-U.S. Data Privacy Framework or Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Your Rights (GDPR)

If you are in the European Economic Area, you have the following rights under GDPR:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Update or correct your personal data through your profile settings.
  • Erasure: Request deletion of your account and associated data.
  • Portability: Request your data in a machine-readable format.
  • Objection: Object to processing of your data for certain purposes.
  • Consent withdrawal: Withdraw consent for non-essential cookies and advertising at any time.

To exercise any of these rights, contact us at [email protected]. You also have the right to lodge a complaint with your local data protection supervisory authority (e.g. UODO in Poland, or the relevant authority in your country).

9. Location Privacy

If you provide your location, it is used to enable distance-based marketplace search. Your exact coordinates are never shared with other users. We apply a deterministic blur (~5 km offset) to your location before displaying it on other users' screens.

10. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days. Some data (such as ratings and anonymized transaction records) may be retained for platform integrity.

11. Security

We implement reasonable security measures to protect your data, including encrypted connections (HTTPS), secure session management, and restricted database access. However, no system is perfectly secure.

12. Children

DiscPass is not intended for users under 16 years of age. We do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact

For privacy-related questions or to exercise your rights, please contact us at [email protected].

Nous utilisons des cookies pour afficher des publicités pertinentes et améliorer votre expérience. Vous pouvez accepter ou refuser les cookies non essentiels.