Privacy Policy – Retiva.io
Last updated: 2026-02-28
This Privacy Policy explains how we process personal data of users of the website available at retiva.io and related voucher sales pages (the “Service”), including:
- visitors of the Service,
- people purchasing vouchers offered by venues using Retiva.io (“Buyers”),
- representatives of venues (e.g., restaurants) using the merchant panel (“B2B Customers”),
- venue staff who verify/redeem vouchers.
1. Data Controller
The controller of personal data is:
MS Quality Maria Szruba
ul. Gen. Kazimierza Pułaskiego 38/11, 40-276 Katowice, Poland
VAT ID (NIP): 6462759343, REGON: 243418180
E-mail: info@retiva.io
(“Controller”, “we”, “us”, “Retiva.io”).
2. Contact for privacy matters
For any questions regarding personal data, please contact us at: info@retiva.io.
3. What data we process
3.1. Data of visitors
We may process: IP address, device/browser identifiers, technical logs, usage data (pages visited, time spent), cookies and similar technologies.
3.2. Data of Buyers (voucher purchasers)
We process: e-mail address, first name (if provided), payment confirmation data (we do not store card numbers — payments are handled by our payment processor), voucher code, purchase date and amount, IP address.
3.3. Data of B2B Customers (venue representatives)
We process: name, surname, e-mail address, phone number (if provided), company/venue name, VAT ID (NIP), address, login credentials (password stored as a hash), transaction and payout data.
3.4. Data of venue staff (voucher redeemers)
We process: device identifier / IP address used for redemption, voucher codes validated, timestamp of redemption.
4. Purposes and legal bases
| Purpose | Legal basis |
|---|---|
| Providing the Service (voucher purchase, delivery, redemption) | Art. 6(1)(b) GDPR – performance of a contract |
| Sending the voucher by e-mail | Art. 6(1)(b) GDPR – performance of a contract |
| Managing B2B accounts | Art. 6(1)(b) GDPR – performance of a contract |
| Compliance with legal obligations (accounting, tax) | Art. 6(1)(c) GDPR – legal obligation |
| Fraud prevention and security | Art. 6(1)(f) GDPR – legitimate interest |
| Analytics and service improvement | Art. 6(1)(f) GDPR – legitimate interest |
| Marketing communications (if consent given) | Art. 6(1)(a) GDPR – consent |
5. Data retention
- Buyer transaction data: 5 years from the end of the tax year (accounting purposes).
- B2B Customer data: for the duration of the contract + 5 years for accounting purposes.
- Visitor logs: up to 12 months.
- Marketing consents: until withdrawn.
6. Recipients of data
Your data may be shared with:
- Payment processors (e.g., Stripe) – to process payments.
- E-mail delivery providers – to send vouchers and transactional e-mails.
- Hosting / infrastructure providers – servers hosting the Service.
- Accounting / legal advisors – when required by law.
We do not sell your personal data.
7. International transfers
If any of our service providers are located outside the EEA, we ensure appropriate safeguards (e.g. Standard Contractual Clauses or adequacy decisions).
8. Your rights
You have the right to:
- access your data,
- correct inaccurate data,
- delete your data (“right to be forgotten”) – where legally permitted,
- restrict processing,
- data portability,
- object to processing based on legitimate interest,
- withdraw consent at any time (does not affect prior processing),
- lodge a complaint with the Polish supervisory authority: UODO (uodo.gov.pl).
To exercise your rights, contact: info@retiva.io.
9. Cookies
We use cookies and similar technologies. See our Cookie Policy for details.
10. Changes to this Policy
We may update this Privacy Policy. The updated version will be published on this page with a new “Last updated” date.
11. Contact
MS Quality Maria Szruba
ul. Gen. Kazimierza Pułaskiego 38/11, 40-276 Katowice, Poland
E-mail: info@retiva.io
