Summary of Key Points
What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us — primarily your email address, geolocation data (with your explicit consent), and photos you upload.
Do we process any sensitive personal information? We do not intentionally collect sensitive information. Photographs you upload may incidentally contain such data — you are responsible for the content of photographs you upload.
Do we collect any information from third parties? No.
How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.
How do we keep your information safe? We have appropriate organizational and technical security measures in place. However, no electronic transmission over the internet can be guaranteed to be 100% secure.
What are your rights? Depending on where you are located, you may have rights to access, correct, delete, or restrict the processing of your personal information. Contact us at info@handoverboat.com to exercise any of these rights.
Table of Contents
- What information do we collect?
- How do we process your information?
- What legal bases do we rely on?
- When and with whom do we share personal information?
- Do we use cookies and tracking technologies?
- How do we handle your social logins?
- Is your information transferred internationally?
- How long do we keep your information?
- How do we keep your information safe?
- How do we handle data breaches?
- Do we collect information from minors?
- What are your privacy rights?
- Controls for Do-Not-Track features
- Do United States residents have specific privacy rights?
- Do we make updates to this notice?
- How can you contact us about this notice?
- How can you review, update, or delete the data we collect from you?
What Information Do We Collect?
Personal information you disclose to us
We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, or otherwise when you contact us. The personal information we collect may include:
- Email addresses
- Geolocation data (with your explicit consent only)
- Photos uploaded by users
Sensitive Information. We do not intentionally collect or process sensitive personal information. However, photographs uploaded by users may incidentally contain information that some jurisdictions classify as sensitive (for example, images of faces, religious symbols, or health-related items). Users are instructed not to upload photographs whose primary purpose is to capture sensitive personal data. We do not perform biometric processing, facial recognition, or automated identification.
Photographs and User-Generated Content. A core feature of HandoverBoat is the ability for users to upload photographs documenting the condition of a yacht. You are solely responsible for ensuring that you have a valid legal basis to take and upload each photograph, including any photographs that incidentally capture third parties. Where photographs contain images of identifiable third parties, you act as an independent data controller with respect to those individuals and are responsible for providing them with any required notices and obtaining any required consents.
Payment Data. All payment data is handled and stored by Stripe. You may find their privacy notice at https://stripe.com/privacy.
Information automatically collected
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, and information about how and when you use our Services.
The information we collect includes:
- Log and Usage Data. Service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services.
- Device Data. Information about your computer, phone, tablet, or other device you use to access the Services.
- Location Data. We may collect location data from your device, only with your permission. You can opt out by refusing access or disabling your Location setting.
Google API
Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use Requirements.
How Do We Process Your Information?
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
- To facilitate account creation and authentication and otherwise manage user accounts.
- To deliver and facilitate delivery of services to the user, including generating and delivering your Premium Report.
- To respond to user inquiries/offer support to users.
- To send administrative information to you, such as details about our products and services and changes to our terms and policies.
- To fulfill and manage your orders.
- To protect our Services — fraud monitoring and prevention.
- To identify usage trends and improve the Services.
What Legal Bases Do We Rely On?
The GDPR requires us to explain the valid legal bases we rely on in order to process your personal information. We may rely on the following legal bases:
- Consent. We may process your information if you have given us permission to use your personal information for a specific purpose. You can withdraw your consent at any time.
- Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you.
- Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your fundamental rights and freedoms.
- Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations.
When and With Whom Do We Share Your Personal Information?
We may share your data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf. We have data processing agreements in place with our third parties in accordance with Article 28 GDPR. The third parties we may share personal information with are as follows:
| Purpose | Service Provider |
|---|---|
| Invoice and Billing | Stripe, Inc. (USA) |
| User Account Registration and Authentication | Google LLC — Google Sign-In (USA) |
| Email Delivery | Resend, Inc. (USA) |
| Error Monitoring | Functional Software, Inc. — Sentry (USA) |
| Analytics | Google LLC — Google Analytics (USA) |
| Cloud Hosting and Application Infrastructure | Vercel Inc. (USA) |
| Database and File/Photograph Storage | To be determined (current candidate: Supabase Inc., USA) |
We also may need to share your personal information in the following situations:
- Business Transfers. We may share or transfer your information in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
Do We Use Cookies and Other Tracking Technologies?
We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.
We also permit third parties and service providers to use online tracking technologies on our Services for analytics purposes. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.
Google Analytics
We may share your information with Google Analytics to track and analyze the use of the Services. To opt out of being tracked by Google Analytics, visit https://tools.google.com/dlpage/gaoptout.
How Do We Handle Your Social Logins?
Our Services offer you the ability to register and log in using your Google account. When you sign in via Google, we receive certain profile information about you from Google — typically your name and email address. We will use this information only for the purposes that are described in this Privacy Policy or that are otherwise made clear to you. We do not access your Google contacts, calendars, Drive, or any other Google services data.
Is Your Information Transferred Internationally?
Our servers are located in the United States. Please be aware that your information may be transferred to, stored by, and processed by us in our facilities and in the facilities of the third parties with whom we may share your personal information, including facilities in the United States and other countries.
We have implemented measures to protect your personal information, including by using the European Commission's Standard Contractual Clauses (Article 46(2)(c) GDPR) for transfers of personal information between us and our third-party providers located outside the European Economic Area. Our Data Processing Agreements that include Standard Contractual Clauses are available upon request at info@handoverboat.com.
How Long Do We Keep Your Information?
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law. The following retention periods apply:
| Category of data | Retention period | Legal basis |
|---|---|---|
| Account data (email, profile, authentication identifiers) | 12 months after account termination | Legitimate interest; dispute handling |
| Photographs and inspection records | 12 months after account termination | Performance of contract |
| Geolocation data | 12 months | Service operation; legitimate interest |
| Billing and invoicing data | 5 years from end of financial year | Article 74 of the Polish Accounting Act |
| VAT-related documents | 5 years from end of calendar year | Polish Tax Ordinance |
| Data to establish, exercise, or defend legal claims | 6 years | Article 118 of the Polish Civil Code |
| Marketing consents and related records | Until consent is withdrawn, plus a reasonable period | Consent |
| Server logs and security telemetry | Up to 12 months | Legitimate interest (security) |
How Do We Keep Your Information Safe?
We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security. We strongly recommend that you download and store your Premium Report PDF locally immediately after purchase.
How Do We Handle Data Breaches?
We maintain internal procedures for detecting, reporting, and investigating personal data breaches. In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will notify the competent supervisory authority — the Polish data protection authority (Urząd Ochrony Danych Osobowych, "UODO") — without undue delay and, where feasible, not later than 72 hours after becoming aware of the breach, in accordance with Article 33 GDPR.
Where the breach is likely to result in a high risk to the rights and freedoms of affected individuals, we will also communicate the breach to those individuals without undue delay, in accordance with Article 34 GDPR.
If you believe that your personal information has been compromised, please contact us immediately at info@handoverboat.com.
Do We Collect Information From Minors?
We do not knowingly collect, solicit data from, or market to children under 16 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 years of age. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.
What Are Your Privacy Rights?
In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right to:
- Request access and obtain a copy of your personal information
- Request rectification or erasure
- Restrict the processing of your personal information
- If applicable, to data portability
- Not to be subject to automated decision-making
Automated decision-making and profiling. We do not engage in automated decision-making, including profiling, that produces legal effects concerning you or significantly affects you.
If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you have the right to complain to your Member State data protection authority. In Poland, the supervisory authority is the Prezes Urzędu Ochrony Danych Osobowych (UODO), www.uodo.gov.pl.
Withdrawing your consent
If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time by contacting us at info@handoverboat.com. Please note that withdrawing your consent will not affect the lawfulness of the processing before its withdrawal.
Account Information
If you would at any time like to review or change the information in your account or terminate your account, you can contact us using the contact information provided below. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases, subject to applicable retention obligations.
Controls for Do-Not-Track Features
Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.
Do United States Residents Have Specific Privacy Rights?
If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have the right to request details about the personal information we maintain about you, correct inaccuracies, get a copy of, or delete your personal information.
No sale; no sharing for cross-context behavioral advertising. We do not sell personal information as defined under the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA) or under other applicable US state privacy laws. We do not share personal information for cross-context behavioral advertising.
To exercise these rights, you can contact us by emailing us at info@handoverboat.com.
Do We Make Updates to This Notice?
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.
How Can You Contact Us About This Notice?
If you have questions or comments about this notice, you may email us at info@handoverboat.com or contact us by post at:
ULADZISLAU DZIARKACH SYSTEMS Sole Proprietorship
NIP: 5842868641REGON: 541782788
ul. Obrońców Wybrzeża 17, lok. 902
80-398 Gdańsk
Pomorskie Voivodeship
Poland
Email: info@handoverboat.com
How Can You Review, Update, or Delete the Data We Collect From You?
You have the right to request access to the personal information we collect from you, details about how we have processed it, correct any inaccuracies, or delete your personal information. To request to review, update, or delete your personal information, please contact us by email at info@handoverboat.com. We will respond to your request within thirty (30) days as required by Article 12(3) of the GDPR.