As WIPERAPP sp. z o.o., we respect your privacy and are aware that by entrusting us with information about yourself, you place your trust in us. Therefore, we wish to provide you with key information regarding what happens to the personal data we process.

In this Policy, we describe how and when we collect your personal data, what we use it for, to whom we disclose it, how long we retain it, and what rights you have in this context.

1. WHO WE ARE AND WHOSE DATA WE PROCESS
The Controller of the personal data of persons using our platform available at www.wiperapp.com (the “

WIPERAPP spółka z ograniczoną odpowiedzialnością [limited liability company] with its registered office in Wrocław, at the address: ul. Kominiarska 42b, 51-180 Wrocław, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Wrocław-Fabryczna in Wrocław, VI Commercial Division of the National Court Register, under KRS number: 0000998099; NIP [Tax ID]: 8952106773; REGON [Statistical ID]: 365941748; share capital of PLN 5,000.00 (hereinafter referred to as the “Company“, “we“, “our“, “us“).

Please direct any inquiries, requests, or complaints regarding the processing of personal data to the e-mail address: gdpr@wiperapp.com or in writing to our address, i.e., WIPERAPP sp. z o.o., ul. Kominiarska 42b, 51-180 Wrocław, with the annotation “GDPR“.

2. WHEN AND HOW WE OBTAIN YOUR DATA

We obtain your personal data directly from you when:

• you use the Platform;
• you contact us via e-mail, telephone, contact form, or other communication channels available within the Platform.

We obtain your personal data from third parties when:

• we receive your contact details from the enterprise under whose employment or cooperation you use the Platform.

3. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING

We process personal data for the following purposes:

• ensuring the proper technical functioning of the Platform, which constitutes our legitimate interest (Art. 6(1)(f) GDPR);
• enabling us to defend against potential claims or to pursue potential claims (Art. 6(1)(f) GDPR);
• performance of the agreement under which we make the Platform available to our clients (Art. 6(1)(f) GDPR).

4. CATEGORIES OF PERSONAL DATA

In the course of your use of the Platform, we process the following personal data:

• IP address, data saved in cookies, first name and surname (if provided during the user account registration process), e-mail address, contact details provided by you, and other information and data you provide to us during contact or while using the Platform.

5. DATA RETENTION PERIOD

We retain the obtained personal data for the following periods:

• information regarding your IP address is retained for the duration of its archiving in the server logs where the Platform is hosted, i.e., for 14 days from the moment of ending the use of the Platform within a given session;
• your first name, surname, and e-mail address provided during user account registration are retained until the user account is deactivated;
• information contained in cookies is retained in accordance with the retention periods specified in the table located in the COOKIES section of the Policy;
• additionally, personal data necessary for us to defend against or pursue claims is retained for as long as required by the statute of limitations for claims as specified by law.

6. TO WHOM WE MAY DISCLOSE YOUR PERSONAL DATA

Below is a list of entities to whom we may disclose your personal data:

• providers of IT services, systems, and support that we use to operate the Platform and analyze statistics;
• legal advisors and consultants serving the Company to the extent that disclosure of data is necessary to utilize their services;
• e-mail service operators;
• postal operators and couriers;
• providers of IT services and systems that we use for e-mail communication and the Platform;
• entities providing accounting and bookkeeping services to the Company;
• our clients – your employer or principal, within the scope of work for whom or cooperation with whom you gain access to the Platform;
• our partners who mediate in delivering the Platform to your employer or principal, within the scope of work for whom or cooperation with whom you gain access to the Platform.

Since we use the services of Google Operations Ireland Limited, your personal data may be transferred by these entities outside the European Economic Area (EEA) on the basis of Standard Contractual Clauses (Art. 46(2)(c) GDPR).

Any questions regarding the transfer of data outside the EEA should be directed directly to these entities. More information can be found here: Google Data Transfer Policy.

7. YOUR RIGHTS

In connection with the processing of your personal data by us, you have the following rights:

• the right to request access to your personal data;
• the right to rectification, erasure, or restriction of the processing of your personal data;
• to the extent that personal data is processed by automated means for the performance of a contract (Art. 6(1)(b) GDPR): the right to data portability;
• to the extent that personal data is processed for the purposes of the legitimate interests pursued by the Controller (Art. 6(1)(f) GDPR): the right to object to the processing of personal data;
• to the extent that personal data is processed on the basis of consent (Art. 6(1)(a) GDPR): the right to withdraw the consent granted at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
• the right to lodge a complaint with a supervisory authority, i.e., the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych) in Warsaw.

If you wish to exercise your rights, please contact us via e-mail at gdpr@wiperapp.com or at our postal address: WIPERAPP sp. z o.o., ul. Kominiarska 42b, 51-180 Wrocław.

8. AUTOMATED DECISION-MAKING

We do not use any information provided by you for the purposes of automated decision-making.

9. ANALYTICAL AND MARKETING TOOLS

We and our business partners use various solutions and tools for analytical and marketing purposes. Detailed information in this regard can be found in the privacy policies of individual partners.

Basic information about these tools can be found HERE.

10. COOKIES

The Platform uses cookie technology (“Cookies“). Cookies are small packets of information saved on terminal equipment, usually containing the address of the service, the date of placement, the expiration date, a unique number, and additional information consistent with the purpose of the given file.

The cookies we use can be divided into the following categories:

• Necessary cookies: these are essential for the proper functioning of our Platform. Without these cookies, certain services and functions of the Platform may not operate correctly. They enable basic operations such as logging in, navigating the Platform, and accessing secure areas of the website.
• Performance cookies: these allow us to monitor and optimize the operation of our website using aggregated and anonymous data on service performance, such as page load times, function speed, and potential technical errors, thereby enabling us to improve the user experience.
• Marketing cookies: these are used to track user activity and allow for the customization of advertisements to individual preferences.

You can disable the saving of cookies directly on the device used to connect to our website, in accordance with the instructions of the browser manufacturer:

• Google Chrome
• Safari
• Mozilla Firefox

Information regarding the configuration and deletion of cookies in other web browsers can be found on the websites of their manufacturers.

The table available HERE describes in detail the cookies we use on our website.

11. CHANGES TO THE PRIVACY POLICY

The provisions of the Privacy Policy may be subject to improvements and changes, and the latest versions will be published on the Platform each time and will bear the date of the last update.

The Policy is effective from 07.02.2026.