Privacy Policy of the Libriya Platform

This Privacy Policy sets out the rules for processing personal data of users of the Libriya platform, available at: libriya.app

1. Data Controller

The Data Controller ("Controller") is Marcin Sachs, conducting unregistered business activity, providing access to the Libriya platform ("Platform").

2. Contact with the Controller

For matters concerning personal data, you may contact us by e-mail: support@libriya.app.

3. Purposes and Legal Bases for Processing

3.1. Conclusion and performance of the agreement for access to the Platform

If you are a natural person (including a sole trader), we process your data in order to conclude and perform the agreement enabling the use of the Platform, including the creation of an "Organisation account".

The legal basis for processing personal data for this purpose is the necessity to conclude or perform a contract, i.e. Art. 6(1)(b) GDPR.

3.2. Personal data of our clients' staff members

If you represent a client or are their employee, we process your data in order to perform the agreement concluded with that client.

The legal basis for processing personal data for this purpose is the necessity to pursue our legitimate interests consisting in performing the agreement concluded with the client (Art. 6(1)(f) GDPR).

3.3. Creating and maintaining a user account

We process data in order to create and operate a user account.

The legal basis for processing personal data for this purpose is our legitimate interest consisting in offering services related to account management, i.e. Art. 6(1)(f) GDPR.

3.4. Complaints, establishing, pursuing and defending against claims

Data may be processed for the purpose of handling complaints and establishing, pursuing or defending against claims.

The legal basis for processing personal data for this purpose is our legitimate interest consisting in establishing, pursuing and defending against claims, i.e. Art. 6(1)(f) GDPR.

4. Sources of Personal Data

We collect personal data directly from the user or from the client who granted the user access to the Platform (e.g. an employer).

5. Scope of Personal Data Processed

We process in particular:

  • organisation name,
  • first and last name,
  • username and password,
  • e-mail address,
  • preferred interface language,
  • library name,
  • loan history, notes and remarks about books,
  • information about liked books and recommendations,
  • profile picture – if the user uploads one.

6. Data Retention Periods

We may store your personal data for the following periods:

  • user and organisation data is stored for the duration of the account, and then for 7 days after its deletion, subject to the point below. At any time, a user account may be deleted on the Platform — either directly by the user or by the Organisation through which the user has access to the Platform.
  • data used for the purpose of pursuing claims is stored until the limitation period expires or until the proceedings are finally concluded.

7. Recipients of Data

Data may be transferred to entities providing services necessary for the operation of the Platform, in particular hosting and IT services.

8. Data Transfers

Personal data is not transferred outside the European Economic Area or to international organisations.

9. Rights of the Data Subject

You have the right to:

  • access your data,
  • rectify, erase or restrict processing,
  • data portability,
  • object to processing,
  • lodge a complaint with the President of the Personal Data Protection Office (UODO).

10. Automated Decision-Making

We may use profiling, however we do not make fully automated decisions within the meaning of Art. 22 GDPR.

11. Obligation to Provide Data

Providing data is not mandatory, however failure to do so may prevent the conclusion of the agreement or the use of the Platform.