Welcome at the registration

Terms of use of an online platform of corporate benefits  

1.       Scope of the binding scope

 

1.1.    The present terms of use (hereinafter referred to as “Terms of use”) apply to the online presentation platform of offers addressed to the employee (hereinafter referred to as the "Platform"). 

1.2.     The Terms of use constitutes a regulation within the meaning of Article 8 of Act of 18^th July, 2002 on  the electronic services (consolidated text: Journal of Laws of 2024, item 1513, as amended). 

1.3.     The offers shown on the Platform are exclusively designed for users who order the offers, the voucher, discount codes, discounts etc as consumers within the meaning of Article 22¹ of the Act of 23^rd April, 1964 civil code (consolidated text Journal of Laws of 2025, item 1071, as amended) (hereinafter referred to as “Civil code”). Using the offers for commercial purposes is prohibited. This shall include but not be limited to commercially purchasing and/or commercially selling goods and services which is strictly prohibited. 

1.4.     Corporate Benefits Poland spółka z ograniczoną odpowiedzialnością, with its registered office in Warsaw, address: ul. Inflancka 4, 00-189 Warsaw,  entered into the register of entrepreneurs of the National Court Register, kept by the District Court for the capital city of Warsaw in Warsaw, XII^th Economic Division of the National Court Register under KRS number: 0001134196, REGON number: 540002558, Tax Identification number: 5253022023, email address: info@cb-pl.com, telephone number: +48 22 257 53 90, with the share capital in the amount of PLN 500,000.00 (hereinafter referred to as "Corporate Benefits Poland" or “Company”) is the operator of the Platform. 

1.5.   The present Terms of Use are the only one, which shall apply. Conflicting or deviating terms and conditions of the terms of use will not be accepted unless Corporate Benefits Poland has given its prior written consent.

2.       Technical requirements

 

2.1.  Use of the Platform requires from the User meeting certain technical requirements indicated below: 

2.1.1.  active connection of the device (desktop computer, laptop, mobile device such as tablet, mobile phone such as smartphone) to the Internet, support of theTLS               1.2 protocol or later under the HTTPS protocol; 

2.1.2.  Internet speed should not be less than 1Mbps; 

2.1.3.  an up-to-date, correctly configured and installed web browser that supports the HTML5 markup language and Cascading Style Sheets (CSS3), technology, not older than 2 years, such as: Firefox, Safari, Microsoft Edge; 

2.1.4.   a web browser that supports JavaScript (and ECMAScript) and has cookies enabled. 

2.2.      In the case of a desktop computer and laptop, these devices shall meet additional technical requirements such as: 

2.2.1.   accepted operating systems: Windows 7 SP1, macOS 10.13 (High Sierra), Linux 64-bit with X11; 

2.2.2.   processor: Intel Pentium4 (with SSE2), AMD Athlon 64 or comparable processor; 

2.2.3.   minimum RAM memory: 1 GB (2 GB recommended for 64-bit systems); 

2.2.4.   300 MB of free space required for browser startup and cache; 

2.2.5.   display resolution: 1024 x 768 pixels. 

2.3.      In the case of mobile devices, additional technical requirements should be met, such as: 

2.3.1.   for the Android operating system: version 5.0 (Lollipop) or latest version required; 

2.3.2.   for the iOS operating system: version 12 or latest version required; 

2.3.3.   minimum ARMv7 processor (32-bit); 

2.3.4.   minimum RAM memory: 512MB (recommended – 1GB); 

2.3.5.   100 MB of free bulk storage for applications and cache; 

2.3.6.   display resolution: 480 x 800 pixels, at least 4-inch screen diagonal. 

2.4.      Users while using the Platform via a public internet connection may be exposed to threats related to unauthorized individuals attempting to intercept their Platform access data and/or personal data for future unauthorized use or modification. The Company’s liability shall be excluded in the event of the occurrence of any of the aforementioned circumstances. Users should take appropriate precautions when using the internet to prevent or minimize the risk of potential threats. For this purpose, Corporate Benefits Poland recommends installing antivirus software and a program that protects the personal data of users connected to the internet. 

3.       Content of the Platform and Role of the company corporate benefits Poland 

3.1.   On the Platform, various third  parties companies (hereinafter referred to as "Vendor" or “Vendors”) present goods and services, offers, voucher codes, discount codes, benefits, etc. (hereinafter referred to as “Offers”), which can be purchased or redeemed outside the Platform on the Vendors' websites. Those offers are aimed for employees of companies or members of associations or clubs (hereinafter referred to as “User” or "Users"). Corporate Benefits Poland is only running the Platform for the presentation of goods and services by the Vendors. The Company is not  a seller any of the presented goods and services. 

3.2.   Based on the information given to Corporate Benefits Poland, the Vendors are companies within the meaning of the Article 14 of the Civil Code and Article 4 of the legal act from 3^rd March, 2018 (consolidated text Journal of Laws of 2024, item 236, as amended) (hereinafter referred to as „Business Law”). They can be identified by the logos displayed. Furthermore, every website of the Vendor accessible via the Platform provides of a legal note including appropriate information about the Vendor. The intellectual property rights to the Vendor’s content displayed on the Platform remain with the respective Vendor. 

3.3.  Contracts for the purchase of goods or other services (hereinafter referred to as “Contract” or “Contracts”) are concluded outside the Platform between the User and the Vendors. 

3.4.  All Vendors are solely responsible for the content and presentation of the advertised goods and services on the Platform. Each Vendor also decides at his own discretion whether to limit the time and/or quantity of his discounts, goods and services. Corporate Benefits Poland does not verify published by the Vendors content on the Platform. Hence, Corporate Benefits Poland cannot be held liable for the correctness of the information published by the Vendors or their ability to provide services. Errors and changes may occur and are reserved. 

4.       Registration, conclusion of contract, storage of the contract text and contract language 

 

4.1.  For using the Platform, the User needs to sign up and create an account  by the User. The Platform is provided free of charge to the user acting as a consumer. 

4.2.  Registration can only take place with a permanently used e-mail address. Using a so-called "thrash mail address", which is only temporarily valid, is expressly prohibited. Such addresses are given to other persons after the User is being "thrown away" from the Platform, which could allow unauthorized persons to gain access to the User' account. The Company’s liability shall be excluded in the event of the occurrence of any of the aforementioned circumstances. 

4.3.  After the User has submitted the online registration form, Corporate Benefits Poland will send the User an email with an activation code sent to the email address provided within the registration process. This message constitutes an offer of Corporate Benefits Poland to the User to conclude a contract via the Platform on the basis of the present Terms of use (hereinafter referred to as „Contract of use”). The acceptance of Corporate Benefits Poland’s offer, Terms of use as well as privacy policy regarding the processing of personal data by the User and thus the conclusion of the Contract of use takes place by entering the activation code on the Platform. The conclusion of the Contract of use is confirmed by the User registration form. 

4.4.   The Contract of use, i.e. the User's registration form, is stored by Corporate Benefits Poland. The Contract of use will be sent to the User electronically to the e-mail address provided during registration process immediately after completing the registration process. The User can overlook the data stored on the Platform in their user account via the menu item "My data”. In addition, the User can access, print, download or save the Terms of Use at any time via the "Terms of Use" link provided on the Platform, but only in the current version. Older versions are not available on the Platform. 

4.5.   The Contract of use is concluded for an indefinite period of time. 

4.6.   The Contract of use may be concluded in Polish or English. 

4.7.   In order to use the Platform, Users must be over 18 years old or provide the consent of their parents or guardians. 

5.       Access and use of the Platform. consequences for breach of these Terms of Use. Penalty

 5.1.  The offers on the Platform are designed exclusively for employees of companies that have been provided with a Platform of Corporate Benefits Poland. Users who do not meet these requirements are not permitted to use the Platform. If the use of the Offers takes place without the aforementioned conditions being met, Corporate Benefits Poland may take the sanctions specified in sections 5.4. and 7.2. of the present Terms of Use against the Users concerned (contractual penalty, damages, termination, blocking). 

5.2.  The offers are exclusively designed for Users who use the offers or the voucher or discount codes, discounts etc. as consumers within the meaning of Article 22¹ of the Civil code. The use of the offers or the voucher or discount codes for commercial purposes, including but not limited to the commercial purchase, commercial offering or commercial resale of goods purchased at a discount, is prohibited. Corporate Benefits Poland outlines that violations of these provisions may lead to claims for damages, including but not limited to claims of the Vendors against the Users.  

5.3.   Proof of entitlement to use the Platform in accordance with Section 5.1. is done by entering an e-mail address under the respective company domain or by entering Offers that has been provided to the company, to which the Platform has been made available (hereinafter referred to as “company” or companies”) for confidential disclosure exclusively to its employees. Corporate Benefits Poland reserves the right to report unauthorized use by unauthorized persons or public disclosure by Users. 

5.4.  In the event of a culpable violation of the provisions in: 

•  Section 1.3. (use of the Platform and its offerings for commercial purposes); 
• Section. 5.1. (use of the Platform without being an employee of a company to which Corporate Benefits Poland made available the Platform); 
• Section 5.2. sentence 2 (commercial purchase, commercial offering or commercial resale of goods purchased at a discount) or 
• Section 5.3., sentence 2 (public disclosure of access codes);

of the present Terms of Use is obliged to pay Corporate Benefits Poland a contractual penalty in the amount of EUR 500.00 (say: five hundred euro 0/00) for each identified case of violation. 

Corporate Benefits Poland  expressly reserves the right to assert further claims for damages as well as supplementary claims. These can significantly exceed the amount of the above-mentioned lump sum. In case of repeat finding an infringement, the contractual penalty amounts EUR 2,000.00 (say: two thousand euro 0/00). The contractual penalty will be offset against further claims for damages by Corporate Benefits Poland. 

5.5.  The User is obliged to notify Corporate Benefits Poland immediately if  they leave the company assigned to the Platform as an employee. Upon leaving the company, the User's entitlement to access and use the Platform also expires. 

5.6.  Users cannot not pass on their access data to other persons. The Users have to keep their access data confidential. In the event of the User notices third parties becoming aware of their access data, they are obliged to change they access data immediately. Furthermore, the User is also obliged to notify Corporate Benefits Poland electronically to the email address: support@cb-pl.com immediately if there are indications that they account has been misused by third parties. 

5.7.   When using the Platform the User is obligated to comply with the provisions of generally applicable law in the territory of the Republic of Poland, including the provisions of the Terms of Use. The User is prohibited from posting, transmitting, or disseminating content prohibited by generally applicable law, including, in particular, content that is criminal, offensive, misleading, or likely to cause harm Corporate Benefits Poland, Vendors, other Users or third parties.  

5.8.   Corporate Benefits Poland reserves the right to indemnify the User in the event of violations of the provisions of this Section 5. from further use of the Platform. 

6.       Confidentiality of Offers. Contractual penalty for passing on Offers 

6.1.   The offers and commercial conditions of Vendors available on the Platform are based on corporate customer and corporate conditions, which the respective Vendors only grant to authorized users of the Platform. The Offers and commercial conditions may therefore only be made available to the authorized group of users of the Platform. 

6.2.   The Offers and commercial conditions are strictly confidential and may not be communicated to third parties. They represent a trade secret of Corporate Benefits Poland. The User is expressly prohibited from passing on voucher or discount codes obtained through the Platform to third parties. In particular, the publication of such coupon or discount codes on the Internet or the sale of such coupon or discount codes offline or online is prohibited. This prohibition includes the public communication and dissemination by the User of screenshots of the coupon or discount codes of Corporate Benefits Poland. 

6.3.   In the event of a violation of the provisions of Section 6.2. (Prohibition of public communication and distribution of voucher or discount codes), the User is obliged to pay Corporate Benefits Poland a contractual penalty in the amount of EUR 500.00 (say: five hundred euro 0/00) for each identified case of violation. Corporate Benefits Poland  expressly reserves the right to assert further claims for damages as well as supplementary claims. These can significantly exceed the amount of the above-mentioned lump sum. In case of repeat finding an infringement, the contractual penalty amounts EUR 2,000.00 (say: two thousand euro 0/00). The contractual penalty will be offset against further claims for damages by Corporate Benefits Poland. 

6.4.  Corporate Benefits Poland reserves the right to indemnify the User in the event of violations of the provisions of this Section 6. from further use of the Platform. 

6.5.  Corporate Benefits Poland points out that any claims arising from violations of the present section will be pursued or legally prosecuted in accordance with the provisions of the Unfair Competition Suppression Act of 16th April, 1993 (consolidated text: Journal of Laws of 2022, item 1233, as amended). 

7.       Termination of the Contract of use, Discontinuation, Restriction or Modification of the Offer and Deletion of the User Account 

7.1.    The User may terminate the Contract of use at any time without giving reasons by deleting their user account via the menu item "Delete Access" in their User profile or terminate the Contract of use by notifying Corporate Benefits Poland in in writing (electronically by e-mail address: support@cb-pl.com, fax or traditional letter) without notice period. 

7.2.    Corporate Benefits Poland is entitled to terminate the Contract of use at any time by notifying the User in writing with a notice period of two working days and to block the User's access to the Platform upon effective termination. 

7.3.    In the event of violations of Section 1.3., 5.1., 5.2., 5.3. or 6.2. of the present Terms of Use the internet Platform, Corporate Benefits Poland is entitled to block or restrict the User's user account with immediate effect without notice and to terminate the Contract of use. The possibility of pursuing further claims by Corporate Benefits Poland shall remain unaffected  by the above. 

7.4.    The above options for terminating the Contract of use do not affect the right of either party to terminate the Contract of use.  

7.5.    Upon termination or expiration, the Contract of use, User's account and their access to the Platform will be deleted. 

8.       Withdrawal the Contract of use 

8.1.        The User is entitled to withdraw from the Contract of use within 14 days of its conclusion without giving any reason. 

8.2.        The User may exercise the right to withdraw from the Contract of use within 14 days of concluding the Contract of use. The declaration of withdrawal from the Contract of use shall be made in writing and send by traditional mail, fax, or ellectronically by email to the following address: support@cb-pl.com Draft of  withdrawal form of Contract use is attached as Appendix 1 to the Terms of use. 

8.3.        Pursuant to Article 38 of the Act of 30th May, 2014 (i.e. Journal of Laws of 2024, item 1796, as amended) on consumer rights, the right to withdraw from a contract concluded away from business premises or at a distance does not apply to the consumer in relation to contracts: 

8.3.1.     for the provision of services for which the consumer is obliged to pay the price, if the entrepreneur has fully performed the service with the express and prior consent of the consumer, who was informed before the commencement of the performance that after the entrepreneur has performed the service, he will lose the right to withdraw from the contract, and has acknowledged this; 

8.3.2.     in which the price or remuneration depends on fluctuations in the financial market over which the entrepreneur has no control and which may occur before the expiry of the withdrawal period; 

8.3.3.     in which the subject of the provision is a non-prefabricated good, manufactured according to the consumer's specifications or intended to meet his individual needs; 

8.3.4.     where the subject of the service is goods that spoil quickly or have a short shelf life; 

8.3.5.     in which the subject of the service is goods delivered in a sealed package which cannot be returned after opening the package for health protection or hygiene reasons if the package was opened after delivery; 

8.3.6.     where the subject of the performance are goods which, due to their nature, are inseparably connected with other goods after delivery; 

8.3.7.     where the subject of the service are alcoholic beverages, the price of which was agreed upon at the conclusion of the sales contract, the delivery of which can only take place after 30 days and the value of which depends on market fluctuations over which the entrepreneur has no control; 

8.3.8.     in which the consumer has expressly requested that the entrepreneur come to him for urgent repair or maintenance; if the entrepreneur provides additional services other than those requested by the consumer, or supplies goods other than spare parts necessary for repair or maintenance, the consumer has the right to withdraw from the contract in respect of additional services or goods; 

8.3.9.     where the object of the performance are audio or visual recordings or computer programs delivered in a sealed package, if the package was opened after delivery; 

8.3.10.   for the supply of newspapers, periodicals or magazines, with the exception of subscription agreements; 

8.3.11.   concluded through public auction; 

8.3.12.   or the provision of accommodation services other than for residential purposes, transport of goods, car rental, catering, services related to leisure, entertainment, sporting or cultural events, if the contract specifies the day or period of service provision; 

8.3.13.   for the supply of digital content not supplied on a tangible medium, for which the consumer is obliged to pay the price, if the entrepreneur commenced the performance with the express and prior consent of the consumer, who was informed before the commencement of the performance that after the entrepreneur has fulfilled the performance, the consumer will lose the right to withdraw from the contract, and the consumer has acknowledged this, and the entrepreneur has provided the consumer with the confirmation referred to in Article 15 paragraphs 1 and 2 or Article 21 paragraph 1 of the Consumer Rights Act; 

8.3.14.        for the provision of services for which the consumer is obliged to pay the price, in the case of which the consumer has expressly requested the trader to come to him for the purpose of carrying out repairs and the service has already been fully performed with the express and prior consent of the consumer. 

9.        Limitation of Liability 

9.1.        Corporate Benefits Poland is liable in the event of intent (including malice) and gross negligence in accordance with the applicable law. In the case of other types of negligence, the Company is only liable if a material contractual obligation is breached. Essential contractual obligations are to be understood as those obligations which are crucial for the performance of the Contract of use or the lack of fulfilment of which hinders the proper execution of the Contract of use at all and on the observance of which the User may regularly rely. 

9.2.        In the event of liability resulting from negligence other than gross negligence, the liability shall be limited to such damages as are foreseeable or typical at the time of conclusion of the Contract of use. Liability due to injury to life, limb or health remains unaffected just as liability regardless of fault in accordance with applicable law. 

9.3.        Insofar as the liability of Corporate Benefits Poland is excluded or limited, this also applies to the personal liability of the employees, legal representatives and vicarious agents of Corporate Benefits Poland. All limitations of liability also apply to all legal claims (including tortious) and contractual claims resulting from the use of the Platform or from the user relationship. 

10.   Complaints 

10.1.     Corporate Benefits Poland makes every effort to select trustworthy and reliable Vendors, with which she cooperates. However, Corporate Benefits Poland is not bear liable for the actions or omissions of the Vendors towards the User. 

10.2.     Corporate Benefits Poland is not liable for concluded contracts between Vendor and Use in no condition.  

10.3.     Any complaints and claims related to the improper performance of the contract concluded between the User and the Vendor should be directed directly to the Vendor as the entity liable for the performance of the contract between the parties. 

10.4.     The complaints procedure regarding the operation of the Platform is conducted electronically. Complaints can be submitted by email to the following address: support@cb-pl.com Corporate Benefits Poland is obliged to respond within 14 days from the date of receipt of the complaint. 

10.5.     If the complaint submitted by the User is deemed unfounded and the reason for the complaint has not been resolved, Corporate Benefits Poland will electronically inform the User in the form of a statement of: 

10.5.1.         an intention to submit a an application to commence proceedings for the out-of-court resolution of consumer disputes or consent to participate in such proceedings or 

10.5.2.         refusal to participate in proceedings for the out-of-court resolution of consumer disputes. 

11.    Final Provisions 

11.1.    The invalidity or ineffectiveness of individual provisions of the Terms of Use shall not affect the validity or effectiveness of the remaining provisions of the Terms of Use. 

11.2.    Corporate Benefits Poland is entitled to amend the present Terms of Use at any time in particular in the following cases: 

11.2.1.      when the legal provisions applicable to the content of the Terms of Use have changed; 

11.2.2.      when state authorities will impose certain obligations on the Company; 

11.2.3.      if it will be necessary due to the legal situation, new or changed services and/or a disproportion between performance and consideration; 

11.2.4.      if the Terms of use will be amended for the benefit of the User. Then the User will be informed about amendments provided to the Terms and conditions of use with the explicit reference to the possibility of terminating the Contract of use at any time. If the User will accept new Terms of use by confirming them at the next login, the amended Terms and conditions of use will become part of the Contract of use. Corporate Benefits Poland will draw the User's attention to this legal consequence. Refusal of consent shall be regarded as termination of the Contract of use by the User. 

11.2.5.      when it is necessary to improve the operation of the Platform, including the introduction of functional and technical changes; 

11.2.6.      when it is necessary to make editorial changes to the content of the Terms of Use.

11.3.    Amendments to the Terms of Use will enter into force on the date specified by Corporate Benefits Poland, but no later than 14 days from the date the User is notified of the amendments. In any case, Corporate Benefits Poland will inform the User of any amendments to the Terms of Use by publishing the amended text on the Platform and sending it to the email address provided by the User during registration process. 

11.4.   In the case of no acceptance of changes provided to the Terms of Use, the User may resign from access to the Platform by informing Corporate Benefits Poland thereof immediately or  by deleting their User account as provided for in Section 7.1 of the Terms of Use. 

11.5.    To the present Terms of use apply Polish legal provisions generally applicable law, with the UN Convention on Contracts for the International Sale of Goods shall be excluded, even if the User has their residence or registered office abroad. This choice of law applies to consumers but shall leave the protection afforded to consumers by those mandatory provisions, i.e. provisions of the country in which the consumer has his habitual residence, i.e. unaffected. 

11.6.   The present Terms of use enters into force as of 1.09.2025 

Last updated: 09.2025

---

Appendix No. 1 to the Terms of use

Declaration of withdrawal from Contract of use form template

I.      Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection regulations of Member States, as well as other data protection regulations, is:

corporate benefits Poland Sp. z.o.o.
z siedzibą w Warszawie

ul. Inflancka 4 
00-189 Warsaw 
Poland

tel.: +48 22 257 53 90
e-mail: info@cb-pl.com
website: https://www.corporate-benefits.pl

II.     Contact details of the data protection officer

Please note that the data protection officer indicated below at corporate benefits GmbH is responsible for the use of the https://getsix.benefitsatwork.pl portal. Information about the data protection officer Getsix can be found on the Company's website.

The data protection officer of corporate benefits GmbH can be contacted at:

TÜV Informationstechnik GmbH
Mr. Colin Simbach
Unternehmensgruppe TÜV NORD
IT Security, Business Security & Privacy

Langemarckstrasse 20
45141 Essen

Phone: 0201 - 8999-461
Fax: 0201 - 8999-666
Email: privacyguard@tuvit.de

III.   General Information on data processing

1. Scope of personal data processing

We collect and use personal data of our users only to the extent necessary to ensure the functioning of the website and our content and services. The collection and use of personal data of our users is generally only carried out with the user's consent. Exceptions to this are cases in which prior consent cannot be obtained for factual reasons and data processing is permitted by law.

2. Legal basis for the processing of personal data

To the extent that we obtain the consent of the data subject to the processing of personal data, the legal basis for the processing of personal data is Article 6(1)(a) of the GDPR.

In the case of processing personal data necessary for the performance of a contract to which the data subject is party, the legal basis is Article 6(1)(b) of the GDPR. This also applies to processing operations that are necessary for taking steps to enter into a contract.
To the extent that the processing of personal data is necessary for compliance with a legal obligation to which our Company is subject, the legal basis is Article 6(1)(c) of the GDPR.

If processing is necessary for the purposes of the legitimate interests pursued by our Company or a third party, and if the interests, fundamental rights and freedoms of the data subject are not overriding, the legal basis for processing is Article 6(1)(f) of the GDPR.

3. Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose for which it was stored no longer applies. Data may also be stored if this is provided for by European law in EU regulations, national law, statutes or other provisions to which the controller is subject.

The data will also be blocked or deleted after expiry of the storage period specified in the above-mentioned standards, unless there is a need for further storage of the data for the conclusion or fulfilment of the contract.

IV.   Website sharing and log creation

1. Description and scope of data processing

Each time you visit our website, our system automatically collects data and information from the computer system accessing it.
The following data is collected:

• Information about the type and version of the browser used
• The user's operating system
• The user's IP address
• The date and time of access
• The websites accessed by the user's system via our website.

This data is also stored in our system's log files. This data is not stored together with other personal data of the user.
When generating the voucher code, we store the following personal data for 1 year to protect against misuse (e.g. commercial resale):

• Voucher code
• Offer
• Company portal where the voucher code is offered
• First name
• Last name
• Email address
• Time of generation (date and time)
• User's IP address.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6(1)(f) of the GDPR.

3. Purposes of data processing

In order to deliver the website to your computer, it is necessary for our system to temporarily store your IP address. For this purpose, your IP address must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. The data is also used to optimise the website and ensure the security of our information systems. In this context, the data is not used for marketing purposes.

These purposes also constitute our legitimate interest in processing the data in accordance with Article 6(1)(f) of the GDPR.

4. Storage period

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the purpose of providing the website, this is the case after the end of the respective session.

Data may also be stored. In this case, the IP addresses of users are deleted or anonymised so that it is no longer possible to identify the individual user.
Log files relating to the generation of voucher codes are deleted after one year; they may be processed to prevent misuse of voucher codes.

5. Right to object and right to erasure

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Therefore, you have no right to object.

V.    Use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the web browser or on the user's computer via the web browser. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.
The following data is stored and transmitted in cookies:

• An identifier to identify the user

We also use the services and cookies of Webtrekk GmbH on our website to collect statistical data on usage and to improve our offering accordingly. The data from Webtrekk is used to display the ‘5 best offers from partners’ on the company platform. Webtrekk GmbH is TÜV Saarland certified for data protection in the area of website monitoring software.

Each time you visit our portal website, certain information provided by your browser during the registration process is collected and analysed for network control purposes. The data is collected by a pixel embedded on each page. The following data is collected:

• Request (name of the requested file)
• Browser type/version (e.g. Internet Explorer 6.0)
• Browser language (e.g. English)
• Operating system used (e.g. Windows XP)
• Internal resolution of the browser window
• Screen resolution
• JavaScript enabled
• Java enabled/disabled
• Cookies enabled/disabled
• Colour depth
• URL of the referring page (previously visited page)
• Shortened IP address for geographical recognition
• Access time
• Clicks

Webtrekk stores the IP address only in abbreviated (anonymous) form and uses it exclusively for session recognition, geolocation and defence against cyber attacks. The IP address is then immediately deleted, making the collected data anonymous.
Webtrekk uses the following cookies:

• Session cookies (for session recognition, lifetime: one session)

Further information can be found on the website of Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin, http://www.webtrekk.com.

b) Legal basis for data processing

The legal basis for the processing of personal data using cookies is Article 6(1)(f) of the GDPR.

c) Purpose of data processing

The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website cannot be offered without the use of cookies. For this purpose, it is necessary to recognise the browser even after a page change.

e) Storage duration, objection and deletion options

Cookies are stored on your computer and transmitted by your browser to our website. As a result, you have full control over the use of cookies. You can prevent the transmission of cookies or restrict your use of the website by changing the settings in your web browser. Cookies that have already been saved can be deleted at any time. You can also do this automatically. Disabling cookies on our website may result in the availability of some features being restricted.

VI. Use of a Content Delivery Network (CDN) and Security Services (MyraSecurity)

1. Description, Purpose and Scope of Data Processing

For optimizing loading times (performance), increasing reliability and protecting our IT infrastructure against malicious attacks (e.g. so-called DDoS attacks) we have implemented a content delivery network (CDN).

For this purpose, we use the services of Myra Security GmbH, Landsberger Straße 187, 80687 Munich, Germany ("MyraSecurity").

A CDN is a network of regionally distributed servers that helps making available content from our website to you faster and more securely – including but not limited to static files, such as images, JavaScript and CSS files. From a technical point of view, MyraSecurity serves as a so-called reverse proxy. This means that the traffic between your device and our servers is routed through MyraSecurity's infrastructure for speeding up delivery and analyzing and defending against potential threats.

Within such process, technical protocol data (so-called access logs) are processed. These include, but shall not be limited to:

• Your IP address
• Date and time of access
• The requested content (e.g. URL) and
• Information about your browser and operating system (e.g. user-agent)

The processing of this data is technically required to ensure the stability, performance and security of our website.

2. Legal basis for data processing.

The legal basis for the use of MyraSecurity is our legitimate interest in providing our platform securely, quickly and reliably in accordance with Art. 6 (1) (f) GDPR.

 MyraSecurity acts for us solely as a technical service provider bound to our instructions. We have concluded a contract processing agreement with MyraSecurity in accordance with Art. 28 GDPR. This ensures that the data is processed only according to our instructions and not for MyraSecurity's own purposes. The data processing takes only place in data centres within the European Union (EU) or the European Economic Area (EEA). MyraSecurity does not use its own cookies for this service to analyze user behavior.

3. Duration of storage

The access logs containing your IP address are stored for a maximum period of 10 days to ensure stability and security and are automatically deleted or anonymized afterwards.

VII.   Newsletter

1. Description and scope of data processing

You can subscribe to free newsletters on our website. You can subscribe to the monthly newsletter when you register. You can also subscribe to the newsletter at any time in the ‘My data’ section. If you subscribe to the newsletter when you register, the following data will be transmitted to us:

• Salutation
• Title
• First name and surname
• Date of birth
• Company postcode
• Company email address
• Password
• Date and time of registration
• Membership of distribution list (company platform)

In addition to the monthly newsletter, you can also subscribe to a special newsletter, which is sent at irregular intervals after successful registration and login.
Your consent to data processing is obtained during the registration process and includes a reference to this privacy policy.
In connection with the processing of data for the purpose of sending newsletters, the data is transferred to Mapp Digital Germany GmbH, Dachauer Straße 63, 80335 Munich. The data is used exclusively for sending the newsletter.

For the purpose of sending the newsletter, we transfer a data package containing the following personal data to Mapp Digital:

• Email address
• Salutation
• Surname
• Mailing list membership (company platform and newsletter type)

2. Legal basis for data processing

The legal basis for data processing after the user has registered for the newsletter is Article 6(1)(a) of the GDPR, if the user has given their consent.

3. Purpose of data processing

The purpose of collecting the user's email address is to deliver the newsletter.
The collection of other personal data during the registration process serves to prevent misuse of the services or the email address used.

4. Storage period

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. The user's email address is therefore stored for as long as the newsletter subscription is active.

5. Right to object and erasure

The newsletter subscription can be cancelled by the user at any time. For this purpose, each newsletter contains a corresponding link to the ‘My data’ section of the employee. Here, the employee can unsubscribe from the newsletter.

The ‘My data’ section provides clear information about the subscription or cancellation of the monthly newsletter or special newsletter.

VIII.  Registration

1. Description and scope of data processing

On our website, we offer users the option of registering on our portal by providing personal data. The data is entered into a form, transmitted to us and stored. The data is not passed on to third parties. The following data is collected during the registration process:

• Salutation (mandatory field)
• Title (optional)
• First name and surname (mandatory field)
• Date of birth (optional)
• Postcode (optional)
• Email address (mandatory field)
• Date of birth (optional)
• Newsletter (optional)
• Date and time of registration

As part of the registration process, the user's consent to the processing of this data is obtained. We also store the following data:

• Language preferences for platforms with multiple languages
• Location (web browser, if the user has given their consent; the user can also specify the location manually)
• Registration expiry date
• Timestamp
• Registration code
• Registration for a monthly e-mail newsletter with timestamp
• Registration for a special newsletter with timestamp
• Acceptance of the terms of use and privacy policy
• Connected company platform
• Login with timestamp
• Use of iOS/Android app: yes/no
• Offers saved to watch list
• Coupon code generation
• Coupon storage
• Contact forms
• Callback form content
• User reviews of time-stamped offers

iOS and Android app:

• Access to location (automatic location detection / news - push notifications if a store from the watch list is nearby)
• Access to camera (QR code scanning)
• Receive push notifications - New offers: yes/no
• Receive push notifications - Expiring offers: yes/no
• Receive push notifications - Save from nearby watch list: yes/no

If this feature has been activated on the portal, the user can post classified ads. The following data can be entered to create an ad:

• Greeting and title
• First and last name
• Email address
• Telephone number
• Address

In order to ensure that only authorised users have access to the platform and that offers are used exclusively for individual private purposes, the administrator will process the digital fingerprint of the device or browser.

This is used to ensure compliance with the terms of use and to prevent unauthorised use and exploitation of your access data and the platform.
In addition, the fingerprint helps to prevent commercial use of offers, in particular the commercial purchase, commercial offering or commercial resale of goods or services purchased at a discount. The unauthorised transfer of access data or codes will be logged to prevent misuse by unauthorised persons. 

2. Legal basis for data processing

The processing of data collected during subscription takes place due to different legal grounds:

• The legal basis for the processing of the data that is essential for providing access to the Portal and user administration (first name, last name, email address), shall be Art. 6 para. 1 lit. b GDPR (performance of contract).
• The legal basis for the processing of the optional data (e.g. title, date of birth, postal code) shall be Art. 6 (1) (a) GDPR if the user has provided his consent
• The legal basis for collecting the salutation is Art. 6 (1) (f) GDPR (legitimate interest). The details of our legitimate interest and the balancing of interests carried out can be found under Section 3.
• The legal basis with respect to the fingerprinting for access control and abuse prevention is Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest).

3. Purpose of Data Processing Legitimate Interests

For making available certain content and services on our website the user needs to subscribe. With successful subscription, the user gains access to our platform for employee offers. [...] Collecting personal data within the subscription process serves to identify and address users, support requests, legal evidence, marketing and target group analyses and to display saved offers.

Justification of the legitimate interest in collecting the salutation (Art. 6 para. 1 lit. f GDPR):

The salutation is collected for safeguarding our legitimate interest in high-quality, addressee-oriented and professional communication. We consider appropriate communication in the context of support, system notifications, and general provision of information to be essential for ensuring the quality of service and maintain the relationship of trust with our users. In our opinion, your interests and fundamental rights do not outweigh our stated interest in the necessary balancing, as the use of a customary form of address ("Mr" or "Mrs") is a common and reasonably expected practice in business transactions. Our analysis has shown that our interest in a structured basis for professional communication outweighs the interest of the data subjects in these circumstances.

Justification of the legitimate interest for fingerprinting (Art. 6 para. 1 lit. f GDPR):

We process a fingerprint generated by your device or browser to safeguard our legitimate interests in ensuring platform integrity and preventing abuse. Our business model is based on granting exclusive benefits to authorized users only (employees of partner companies). This model is existentially endangered by the unauthorized disclosing of access data, automatically creating accounts and commercially using discounts.

Protecting your account only with username and password is not sufficient for this purpose, as access data can be easily shared. Fingerprinting is therefore necessary to detect and stop patterns of abuse and to ensure that the terms of use are respected. The affection of your rights is kept as low as possible: The fingerprint created is pseudonymous, is used exclusively for this security purpose, is not passed on to uninvolved third parties and is not used for advertising or tracking purposes beyond our platform. When balancing the interests, our compelling interest in protecting our service and the entire user community from fraud and abuse outweighs your interest in protecting this specific technical data, particularly with you as authorized user also having an interest in the exclusivity and security of the platform.

4. Storage period

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. This applies to data collected during the registration process if the registration on our website is cancelled or changed.

5. Right to object and erasure

You have the right to cancel your registration at any time. The user data stored may be changed at any time. In the ‘My data’ tab, you can delete your account at any time using the ‘Delete access’ option and make changes in this area.

IX.   Contact form and email contact

1. Description and scope of data processing

Our website contains a contact form that you can use to contact us electronically. If you use this option, the data you enter in the form will be sent to us and stored. This data is as follows:

• Salutation
• First name
• Your email address
• Subject of your message
• and the content of your message
• Browser version
• Operating system

The following data is also stored when you send a message:

• Your IP address
• Date and time of sending the email

Alternatively, you can contact us via the email address provided. In this case, the personal data you send with your email will be stored by the Company.

2. Legal basis for data processing

The legal basis for data processing is Article 6(1)(a) of the GDPR if you have given your consent.

The legal basis for the processing of data transmitted when sending an email is Article 6(1)(f) of the GDPR. If the email contact is for the purpose of concluding a contract, the additional legal basis for the processing is Article 6(1)(b) of the GDPR.

3. Purpose of data processing

We process personal data from the contact form solely for the purpose of responding to your enquiry. If you contact us by email, this also constitutes a legitimate interest in processing the data.

Other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information systems.

4. Storage period

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of personal data contained in the contact form and data sent by email, this is the case after the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified.

5. Right to object and erasure

You have the right to withdraw your consent to the processing of your personal data at any time. If you contact us by email, you can object to the storage of your personal data at any time. In this case, the conversation cannot be continued.
In this case, all personal data stored during your contact with us will be deleted.

X.   Disclosure of personal data to third parties

We use an external system provided by http://salesforce.com Germany GmbH (registered office: Munich, Munich District Court HRB, 158525, registered office: Erika-Mann-Straße 31-37 80636 Munich, Germany, managing directors: Joachim Wettermark, José Luiz Moura Neto) for the purpose of processing service requests sent by email or via forms on the service portal. The data is stored exclusively within the EU. We have concluded an order processing agreement with Salesforce and additional EU standard contractual clauses. Please also refer to Salesforce's data protection information: https://www.salesforce.com/eu/.

We store our portal data with our technical service provider mpex GmbH (hosting), Werner-Voß-Damm 62, 12101 Berlin.

In addition, data is transferred within the Group to corporate benefits IT solutions, Schiffbauerdamm 40, 10117 Berlin (formerly corporate benefits ventures GmbH) for the purpose of providing our services.

XI.    Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights vis-à-vis the controller:

1. Right to information

You may request confirmation from the controller as to whether your personal data is being processed by us.
If such processing has taken place, you may request the following information from the controller:
(1) the purposes of the processing of personal data;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom your personal data has been or will be disclosed;
(4) the planned period for which the personal data concerning the user will be stored or, if specific information on this is not possible, the criteria for determining the storage period;
(5) the existence of the right to rectify or erase personal data concerning the user, the right to restrict processing by the controller or the right to object to such processing;
(6) the existence of the right to lodge a complaint with a supervisory authority;
(7) any available information on the source of the data, if the personal data have not been collected from the data subject;
(8) the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

The user has the right to request information on whether their personal data is transferred to a third country or an international organisation. In this context, the user may request information on the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.

2. Right to rectification

You have the right to request that the controller rectify or complete your personal data if the personal data processed concerning you is inaccurate or incomplete. In such cases, the controller shall rectify the data without undue delay.

3. Right to restriction of processing

The user may request the restriction of the processing of their personal data in the following cases:
(1) if the accuracy of the personal data concerning the user is contested, for a period enabling the controller to verify the accuracy of the personal data;
(2) when the processing is unlawful and the user opposes the erasure of personal data and requests the restriction of their processing instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by the user for the establishment, exercise or defence of legal claims; or
(4) if the user has objected to the processing in accordance with Article 21(1) of the GDPR and it has not yet been determined whether the legitimate interests of the controller override those of the user.

If the processing of personal data concerning the user has been restricted, such data shall, with the exception of storage, only be processed with the user's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If processing restriction has been applied in accordance with the above conditions, the user will be informed by the controller before the restriction is lifted.

4. Right to erasure

a) Obligation to erase

You have the right to request that the controller erase your personal data without undue delay, and the controller has the obligation to erase personal data without undue delay if one of the following circumstances applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) The user has withdrawn the consent on which the processing was based in accordance with Article 6(1)(a) or Article 9(2)(a) of the GDPR and there is no other legal basis for the processing.
(3) The user objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing that override the interests, rights and freedoms of the data subject or the user objects to the processing pursuant to Article 21(2) of the GDPR.
(4) The personal data concerning the user has been processed unlawfully.
(5) The erasure of personal data concerning the user is necessary to comply with a legal obligation to which the controller is subject under Union law or the law of a Member State to which the controller is subject.
(6) The personal data concerning the user has been collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.

b) Information provided to third parties

If the controller has made the personal data concerning the user public and is obliged to erase it in accordance with Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers processing the personal data that the user, as the data subject, has requested the erasure of all links to, or the erasure of or the blocking of access to, such personal data.

c) Exceptions

The right to erasure does not apply if processing is necessary for:
(1) exercising the right to freedom of expression and information;
(2) compliance with a legal obligation requiring processing under Union law or the law of a Member State to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR, in so far as the right referred to in point (a) is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
(5) for the establishment, exercise or defence of legal claims.

5. Right to be informed about rectification, erasure or restriction of processing

If the user has exercised their right to rectification, erasure or restriction of processing against the controller, the controller shall notify all recipients to whom the user's personal data have been disclosed of the rectification or erasure of the data or the restriction of processing, unless this proves impossible or involves disproportionate effort.

The user has the right to be informed by the controller about these recipients.

6. Right to data portability

The user has the right to receive personal data concerning him or her, which he or she has provided to the controller, in a structured, commonly used and machine-readable format. The user also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(1) processing is based on consent pursuant to Article 6(1)(a) of the GDPR, Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR
and
(2) processing is carried out by automated means.

When exercising this right, you also have the right to have your personal data transferred directly from one controller to another, where technically feasible. This may not adversely affect the freedoms and rights of others.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data concerning the user unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the user or for the establishment, exercise or defence of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, including profiling to the extent that it is related to such direct marketing.

If you object to the processing of your data for direct marketing purposes, your personal data will no longer be processed for these purposes.
Notwithstanding Directive 2002/58/EC, you have the right to object to the use of information society services by means of automated processes using technical specifications.

8. Right to withdraw consent under data protection regulations

You have the right to withdraw your consent under data protection regulations at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This right does not apply if the profiling:
(1) is necessary for entering into or performing a contract between you and the controller;
(2) is authorised by Union law or the law of a Member State to which the controller is subject and which also lays down suitable measures to safeguard the user's rights and freedoms and legitimate interests; or
(3) is based on the user's explicit consent.

However, these decisions shall not be based solely on special categories of personal data referred to in Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures to safeguard the rights and freedoms and legitimate interests of the user have been taken.

In the cases referred to in paragraphs 1 and 3, the data controller shall implement appropriate measures to protect the rights and freedoms and legitimate interests of the user, including at least the right to obtain human intervention from the controller, to express his or her point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, the user has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, if he or she considers that the processing of personal data relating to him or her infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of judicial remedy in accordance with Article 78 of the GDPR.

In Poland, the competent authority is the President of the Personal Data Protection Office with its registered office in Warsaw, ul. Stawki 2, 00-193 Warsaw, hotline: 606 950 000, e-mail: kancelaria@uodo.gov.pl.

---

Last updated: 11.2025