Privacy Policy

Privacy Policy – “Kto Będzie” / “Who is Down”

Last updated: 26 February 2026

§1. Data Controller

The Data Controller within the meaning of the GDPR is:

ML-Design Miłosz Leśniewski 
ul. Bułgarska 59/68 
60-320 Poznań, Poland 
VAT ID: PL7781436321

§2. Categories of Personal Data Processed

When using the application and website, the following categories of data may be processed:

1. Data provided by the user:

  • First name / username / nickname (optionally surname)

  • Email address

  • Event-related data created by the user

  • Purchase information (excluding payment details)

2. Technical data:

  • Device ID

  • Operating system type

  • Application version

  • IP address

  • Diagnostic and analytical data

3. Approximate location data (GeoIP):

  • Approximate geographic coordinates

  • Country

  • City

§3. Purpose of Data Processing

Personal data is processed for the following purposes:

  • Providing application services (creating and managing events),

  • Provision and management of the user account and system communications,

  • Processing in-app purchases,

  • Communication related to the service,

  • Displaying nearby events,

  • Ensuring system security,

  • Analytics and improving application performance.

§4. Automatic Geolocation (GeoIP)

To display nearby sports events, the website uses automatic approximate location detection based on the user's IP address.

For this purpose:

  • The user’s IP address is processed by the application server and transmitted to ipgeolocation.io via Supabase (Edge Functions).

  • The processed data includes approximate geographic coordinates, country, and city.

  • The geolocation result is stored in the browser’s localStorage for 24 hours to reduce repeated requests.

  • The geolocation is approximate and does not use GPS.

  • The user may manually select a city, which overrides automatic detection.

Legal basis:

Article 6(1)(f) GDPR – legitimate interest of the controller consisting in providing a better user experience by displaying relevant local events.

§5. Maps and Third-Party Services

Event detail pages use map services provided by Mapbox (Mapbox Inc., USA).

Loading the map may result in the user’s IP address being transmitted to Mapbox servers.

  • Mapbox telemetry has been disabled.

  • Mapbox acts as an independent data controller in accordance with its own privacy policy.

§6. Legal Bases for Processing

Personal data is processed based on:

  • Article 6(1)(b) GDPR – processing necessary for the performance of a contract (providing application services and purchases),

  • Article 6(1)(f) GDPR – legitimate interest (analytics, security, geolocation, service improvement),

  • Article 6(1)(a) GDPR – user consent (if applicable, e.g., marketing communication).

§7. Data Sharing

User data is not sold or shared for commercial purposes.

Data may be shared with:

  • Payment providers:

    • Apple Inc. (Apple In-App Purchases)

    • Google LLC (Google Play Billing)

  • Analytics service providers,

  • Infrastructure providers (e.g., Supabase),

  • Geolocation service providers (ipgeolocation.io),

  • Map service providers (Mapbox),

  • Public authorities, where required by law.

Where data is transferred outside the European Economic Area (EEA), appropriate safeguards such as Standard Contractual Clauses (SCCs) are applied.

§8. Data Retention

Personal data is stored:

  • For the duration of the user account,

  • As required by applicable law (e.g., accounting obligations),

  • For a maximum of 5 years after termination of services if required by law.

Technical and analytical data may be stored for shorter periods in accordance with the data minimization principle.

§9. Cookies and Similar Technologies

The website may use:

  • Cookies,

  • localStorage,

  • Similar browser storage technologies.

Purposes include:

  • Ensuring proper functionality of the service,

  • Remembering selected location preferences,

  • Analytics and performance improvements.

Users may manage cookies via browser settings. Disabling certain technologies may limit functionality.

§10. Payments

In-app purchases are processed via Apple and Google in-app purchase systems.

  • Payment details are not processed or stored by the Data Controller.

  • The Controller receives only purchase status information.

  • Purchase information is used solely to provide the service.

§11. User Rights

Under GDPR, users have the right to:

  • Access their personal data,

  • Rectify inaccurate data,

  • Erase personal data (“right to be forgotten”),

  • Restrict processing,

  • Data portability (where technically feasible),

  • Object to processing based on legitimate interest,

  • Withdraw consent (where processing is based on consent),

  • Lodge a complaint with a supervisory authority (in Poland: the President of the Personal Data Protection Office – PUODO).

§12. Changes to this Privacy Policy

The Controller reserves the right to amend this Privacy Policy.

Users will be informed of material changes within the application or via email.

§13. Reference to Terms of Service

Detailed rules for using the application are set out in the Terms of Service available within the application and at ktobedzie.pl/en/terms-of-service