Оператор персональных данных
Оператором ваших персональных данных на propercheck.pl является:
- ZORDON INTELLIGENCE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ
- KRS: 0001190915
- NIP: 7252358503
- REGON: 542545843
- Phone: 576 895 831
- kontakt@propercheck.pl
- По вопросам защиты данных: kontakt@propercheck.pl
What Data We Process and for What Purpose
User account data
We process your email address, password hash, role, and account verification date. Legal basis: Art. 6(1)(b) GDPR (necessity for the performance of a contract for electronic services). Account data is stored until the account is deleted.
Payment and credit data
We process credit transaction history, amounts, Stripe session and payment identifiers, and data required for invoicing. Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(c) GDPR (tax obligation). Accounting data is retained for 10 years from the end of the fiscal year.
Email verification data
We process email addresses submitted for verification (single, bulk, or via API), verification results (status, score, MX/SMTP technical metadata), bulk job identifiers, and timestamps. Legal basis: Art. 6(1)(b) GDPR (provision of the verification service). Verification history is retained by default for 90 days, after which it may be removed by automated retention procedures.
CSV files submitted for bulk verification
We process CSV/XLSX files uploaded by the user and generated result files. Legal basis: Art. 6(1)(b) GDPR. Upload and bulk result files are retained as long as necessary to complete the job and allow download, typically up to 30 days, unless deleted earlier by the user.
API keys and webhooks
We process API key names, secret hashes, API usage logs (endpoint, timestamp, key identifier), and outbound webhook configuration (URL, secret hash). Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR (security and abuse prevention).
Technical data and security logs
We collect IP addresses, User-Agent headers, event timestamps, and session identifier hashes. Legal basis: Art. 6(1)(f) GDPR (system security and abuse detection). Security logs are retained for 24 months.
Marketing data and newsletter
We process your email address and communication preferences solely on the basis of your consent (Art. 6(1)(a) GDPR and Art. 10 of the Act on the Provision of Electronic Services). You may withdraw consent at any time.
Third-party email addresses you submit for verification
When you verify third-party email addresses, you are generally the controller (or joint controller) of those addresses, and Email Verifier acts as a processor on your instructions — to the extent necessary to perform verification. You must have a lawful basis before submitting lists (e.g. B2B legitimate interest, consent, or contractual relationship). Do not use the Service to verify lists obtained unlawfully.
Processors (data recipients)
Your data and technical Service data may be entrusted to the following processors. We conclude data processing agreements (Art. 28 GDPR) where required:
- Stripe Payments Europe, Ltd. (Ireland / USA) — payments; transfer outside the EEA based on Standard Contractual Clauses (SCC)
- Resend Inc. (USA) — transactional email (account verification, password reset); transfer based on SCC
- Hosting / IT infrastructure provider (server in the EEA) — application, databases, backups
- Google LLC (USA) — Google Analytics 4 only after analytics cookie consent; transfer based on SCC
- Accounting office / tax advisor — bookkeeping and settlements
- Law firms — disputes or supervisory proceedings only
- Public authorities — as required by law
Transfers outside the European Economic Area
Some processors process data in third countries (in particular the USA). Transfers occur only with appropriate safeguards under GDPR Chapter V:
- EU Standard Contractual Clauses (SCC) — including Stripe, Resend, Google
- Information on the transfer mechanism and a copy of SCC — on request
- Analytics (GA4) is activated only after analytics cookie consent in the cookie banner
Data retention schedule
We retain data only as long as necessary for the purposes described in this policy (Art. 5(1)(e) GDPR):
- User account data — until account deletion
- Credit transactions and invoice data — 10 years from the end of the fiscal year
- Accounting records — 5 years (Polish Accounting Act)
- Email verification history — default 90 days (system retention)
- Bulk files (upload/result) — up to 30 days after job completion, unless deleted earlier
- Security and audit logs — 24 months
- Cookie preferences — up to 14 months from consent or change
- Consent records — 2 years from withdrawal
- User data export file (self-service) — 7 days from generation
Your Rights (Art. 15–22 GDPR)
You have the following rights. Account holders may exercise them in the user panel or by contacting the controller:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR) — including account deletion
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR) — account data export
- Right to object (Art. 21 GDPR) — to processing based on legitimate interest or marketing
- Right to withdraw consent at any time
Exercising your rights and response times
We respond without undue delay, within 30 days of receipt (extendable by 60 days in complex cases — Art. 12(3) GDPR):
- Panel /konto/ustawienia — data export, marketing and cookie consents, account deletion
- GDPR email — address in the controller section, subject “GDPR”
- Account deletion: email confirmation link; account data deleted after verification, subject to tax obligations
- Account data export: generated in the panel; download link valid 7 days
Data protection contact
For GDPR matters and data subject requests, contact us by email (address in the controller section) with subject “GDPR”. We respond without undue delay, usually within 30 days.
Data Protection Officer (DPO)
The controller has not appointed a Data Protection Officer as it is not required for the scope and nature of processing. For data protection matters, contact the controller at the email address in the “Personal Data Controller” section.
Right to Lodge a Complaint
You have the right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warsaw, Poland, tel. +48 22 531 03 00, email: kancelaria@uodo.gov.pl.
Cookies
Our Service uses cookies for essential functionality (session, security), analytics (optional, with consent), and marketing (optional, with consent). Detailed information is available in the Cookie Policy.
Document Versioning
This privacy policy is versioned. We notify you of material changes 14 days in advance via email and a notice in the user panel.
- Version: 2026-06-11-v1
- Publication date: 11 June 2026
- Last updated: 11 June 2026