Privacy Policy

effective as of 1 September 2025

GIGLIKE spółka z ograniczoną odpowiedzialnością, with its registered office at ul. Tomasza Zana 11a, 20-601 Lublin, Poland, entered into the Register of Entrepreneurs maintained by the District Court Lublin-Wschód in Świdnik, 6th Commercial Division of the National Court Register under KRS number: 0000825479, NIP: 5213888437, REGON: 385410350 (“GIGLIKE”), owner of the website www.giglike.com together with all subpages and subdomains (the “Service” or “Services”), provides a platform (online service) through which its users gain access to various types of services supporting the conduct of business activities and to benefits for individuals.

In order to ensure lawful, fair, and transparent processing of personal data while using the Services, GIGLIKE has adopted this Privacy Policy, which sets out: the purposes and scope of personal data processing, the methods of their protection, the legal bases for processing, and the rights of data subjects.

I. Definitions of Terms Used in the Privacy Policy

Personal Data – any information relating to an identifiable User, i.e. a natural person who can be directly or indirectly identified, in particular by reference to an identifier such as a name and surname, identification number, location data, online identifier, or to one or more specific factors determining the physical, genetic, mental, economic, cultural, or social identity of that natural person;

GIGers – Users registered in the Service to whom a Package has been made available, being natural persons with full legal capacity, using the GIGLIKE Services;

Clients – any entities cooperating with GIGLIKE, its contractors, purchasing Packages and designating GIGers, being entrepreneurs within the meaning of applicable law;

Account – an electronic service created and provided by GIGLIKE to the User within the Service, under a unique name (login) and protected by a password, constituting a User’s exclusive access space within the ICT system provided by GIGLIKE, as well as a collection of resources in which the User’s data and information regarding their activities within the Services are stored; Accounts created for GIGers and Clients constitute separate services;

Package – a set of End Services to which access is granted to a GIGer;

Partners – any entities cooperating with GIGLIKE, its contractors, which provide End Services to GIGers, being entrepreneurs within the meaning of applicable law;

Profile – a collection of information concerning a User, of a personal and behavioral nature, gathered by GIGLIKE and determined on the basis of the analysis of such information in the process of Profiling;

Profiling – any form of automated processing of personal data consisting of the use of data collected by the personal data controller to assess certain personal factors of a natural person, in particular to analyze or predict aspects relating to data gathered within the Profile, or to infer characteristics and personal factors of Users other than those collected by the personal data controller;

Terms of Service – the regulations governing the provision of Electronic Services through the Service, available at: www.giglike.com/regulamin;

Registration – the procedure of creating an Account;

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);

Electronic Services – a set of services provided by GIGLIKE, in particular services delivered electronically, as well as direct marketing services;

GIGLIKE Services – services intended for GIGers consisting in providing access to the Service, which, among other things, through the End Services of various Partners and business tools, support the conduct of business activities and enable individuals to use benefits;

End Services – any services, regardless of their number, nature, content, or degree of complexity, provided by Partners to GIGers within the Packages;

Service Providers – any entities cooperating with GIGLIKE, its contractors, which provide GIGLIKE with their services supporting the operation of GIGLIKE (e.g. tool and solution providers);

Settings – an Account function enabling a User of the Electronic Services to manage such services accordingly, including the ability to independently modify their scope and to select preferences regarding the scope and purposes of the processing of their personal data;

User – a registered or non-registered User;

Non-registered User – a natural person who uses Electronic Services that do not require an Account, e.g. browsing the Service, including also a registered User who uses the Service without logging into their Account;

Registered User – a GIGer or Client (Client’s representative) who has completed Registration, holds an Account, and uses the Electronic Services.

II. Who is the controller of my personal data?

Your personal data provided during Registration are processed by GIGLIKE as the controller of Users’ personal data and are necessary for the performance of the agreement on the provision of Electronic Services concluded with GIGLIKE, which includes maintaining the Account, providing access to the Services with all their functionalities, and enabling access to the End Services included in the Package.

Your personal data provided during Registration, subject to the granting of appropriate consents, may also be used by GIGLIKE for marketing purposes, in which case GIGLIKE shall also act as the controller of such data.

Your personal data provided when activating a Package from the Account are transferred by GIGLIKE to the relevant Partners whose End Services are included in the Package. Such personal data are processed by the Partners as controllers of GIGers’ personal data. These data are necessary for the provision of End Services to GIGers under the Packages. Your personal data provided when activating a Package, subject to the granting of appropriate consents, may also be used by the Partners for marketing purposes.

Data for which the Partners act as controllers may be entrusted to GIGLIKE for processing under the rules set out in Article 28 of the GDPR, on the basis of an agreement concluded between GIGLIKE and the Partner or another legal instrument within the meaning of Article 28(3) of the GDPR. In this respect, GIGLIKE shall act solely on the documented instructions of the Partner, in the form of the provisions of the agreement and instructions given by the Partner, and solely for the purpose of performing the agreement concluded with the Partner. GIGLIKE shall make every effort to inform the data subjects of the fact that their data have been entrusted to GIGLIKE for processing by a Partner and of the scope of such entrustment.

If you have any questions regarding data processing in respect of which GIGLIKE acts as the controller, and regarding Users’ rights, GIGLIKE may be contacted as follows:

  • by e-mail at: [email protected]

  • in writing at: ul. Tomasza Zana 11a, 20-601 Lublin, Poland

At the same time, GIGLIKE informs you that, with regard to any personal data for which the Partners are the controllers and to any processing operations carried out by them, the appropriate entities to contact regarding questions about data processing and the exercise of Users’ rights are the respective Partners. However, taking into account the provisions of Article 28(3)(e) and (f) of the GDPR, GIGLIKE supports the Partners in responding to Users’ requests.

Legal basis: information obligation under Article 13(1)(a) and Article 14(1)(a) and (2)(f) of the GDPR.

III. How and from whom does GIGLIKE obtain data?

Personal data are obtained by GIGLIKE:

  • directly from the data subjects (as a personal data controller)
    in the case of Registration, Package activation, or when consent has been given to receive commercial information from us;

  • from Clients (as a personal data controller)
    in the case of Clients submitting lists of GIGers entitled to use GIGLIKE Services in a given month;

  • from Partners (as a processor, for the purpose of processing on behalf of Partners and solely within the scope defined by them)
    in the case of complaints submitted by GIGers or other matters related to the handling of GIGer requests.

In the cases referred to in point (b) above, GIGLIKE takes the necessary steps to fulfill the information obligation under Article 14 of the GDPR towards the persons whose data have been obtained from third parties, by sending an e-mail message with the relevant information to the Users or third parties.

Remember!
GIGLIKE has no ability to verify the authorization to handle data or the existence of appropriate consents for their use when such data are provided by entities other than the data subjects themselves, other than through the declaration of a User (including a Client or Partner). Therefore, if you believe that your data have been unlawfully used by someone, please inform us.

If you so request, we will delete your personal data from all databases imported or created within the Services and inform the relevant User (including the Client or Partner) of your request and of their obligation to remove the data from other databases they manage – however, we have no influence over the actual fulfillment of that obligation by them.

IV. Scope and purposes of Users’ personal data processing

Users’ personal data are obtained in connection with GIGLIKE’s business activities and are processed by GIGLIKE in compliance with the principles set out in the GDPR and solely for the purpose of providing access to the functionalities of the Services and delivering Electronic Services and GIGLIKE Services, including enabling GIGers to access End Services.

Since GIGLIKE provides various services to Users, including GIGers, Users’ personal data are processed for different purposes, to different extents, and on different legal bases specified in the GDPR. To ensure transparency of information, we have grouped them according to the purposes of processing.

Remember!
The purposes described below apply to every situation in which GIGLIKE gains access to personal data. If the achievement of certain purposes does not require GIGLIKE to process personal data, this is carried out without disclosing them, or the disclosed data do not constitute personal data or are not subject to protection. GIGLIKE applies the principle of data minimization and does not undertake any activities leading to the processing of personal data (i) where this is not necessary, or (ii) beyond what is required for the specific Purpose.

Purpose 1: Provision of Electronic Services not requiring the creation of an Account. Use of the Service, browsing the Service content

Types of services:
GIGLIKE processes Users’ personal data as a data controller in order to enable Users to use the Service and browse its content.

Scope of data:
For this purpose, GIGLIKE processes, as a data controller, Users’ personal data concerning their activity within the Service, including data recorded and stored through cookies, namely: data regarding the Service subpages viewed, as well as data relating to the User’s device session and operating system, browser, IP address, location, and unique ID.

Purpose 2: Use of Electronic Services requiring the creation of an Account. Account creation, use of the Account

Types of services:
GIGLIKE processes Users’ personal data as a data controller in order to enable Users to use Electronic Services, in particular to manage their Account and Settings, modify data stored in the Profile, activate Packages, access the marketplace of Packages and End Services, place orders for them, and access their transaction history.

Scope of data:
For this purpose, GIGLIKE processes the personal data of Registered Users provided during Registration or provided by a Client in a list, as well as data entered within the Account, namely: full name, e-mail address, tax identification number (NIP), company name, company address and phone number, residential address, correspondence address, personal identification number (PESEL), statistical number (REGON), date of birth, and nationality.

For this purpose, GIGLIKE also processes the personal data of Registered Users, as a data controller, concerning their activity in the Service, i.e. the data indicated in Purpose 1.

Legal basis:
Necessity for the performance of the agreement on the provision of Electronic Services concluded with the User through the Service (Article 6(1)(b) GDPR), as well as the legitimate interests of GIGLIKE (Article 6(1)(f) GDPR), consisting in ensuring the security of the Service and continuously improving the quality of the Electronic Services.

Important note:
This Purpose, as well as the above legal basis, entitles GIGLIKE to send Users technical communications related to the Electronic Services and to the agreement on the provision of Electronic Services concluded with GIGLIKE, both as a result of actions taken by Users within the Service and in the event of such a need arising on the part of GIGLIKE (e.g. technical interruptions in the functioning of the Service, amendments to the Terms of Service, or changes to the functionalities of the Service).

Purpose 3: Use of End Services, provision of GIGLIKE Services

Types of services:
GIGLIKE processes Users’ personal data as a data controller by transferring them to Partners whose End Services are included in the Package activated by the GIGer, in order to enable Users to use the End Services.

Scope of data:
For this purpose, GIGLIKE processes (transfers) Users’ personal data indicated in Purpose 2 (excluding the data specified in Purpose 1).

Legal basis:
Consent of the data subject (Article 6(1)(a) GDPR), necessity for the performance of (i) the agreement on the provision of Electronic Services to the User concluded through the Service, and (ii) the agreement on the provision of GIGLIKE Services concluded with the Client (Article 6(1)(b) GDPR), as well as the legitimate interests of GIGLIKE (Article 6(1)(f) GDPR), consisting in the proper provision of End Services and GIGLIKE Services.

Important note:
With respect to any personal data processing carried out by Partners after they establish contact with GIGers who have activated a Package, the appropriate entities to contact regarding questions about data processing and the exercise of Users’ rights are the respective Partners.

GIGLIKE is not responsible for the lawfulness, scope, or purpose of such processing, as it has no control over the scope and purposes of processing carried out by the Partners.

Purpose 4: Statistics on the use of individual functions and parts of the Service and facilitating the use of the Service

Scope of data:
For these purposes, personal data are processed by GIGLIKE as a data controller and relate to Users’ activity within the Service, such as: data on visited pages and subpages of the Service and the amount of time spent on each of them, as well as data concerning search history, IP address, location, device ID, and data relating to Users’ browser, session, and operating system.

Legal basis:
The legitimate interest of GIGLIKE (Article 6(1)(f) GDPR), consisting in improving the functionality of the Service and facilitating access to its features.

Important note:
If you use the Service as a registered User, GIGLIKE will combine such collected data with other data gathered in your Profile.

Purpose 5: Orders, settlements, accounting and legal obligations. Establishment, pursuit, and enforcement of claims.

Types of services:
GIGLIKE services (making Packages available) are paid services for Clients. GIGers also have the option to purchase access to End Services and Packages independently, using their own funds. In this context, GIGLIKE processes personal data of GIGers, Clients, and their representatives necessary to fulfill accounting and reporting obligations, as well as to comply with archiving obligations.

Scope of data:
For this purpose, GIGLIKE may process personal data as a data controller, including data necessary for the accounting conducted by GIGLIKE, such as: name, surname, email address, tax identification number (NIP), bank account number or payment instrument, address, data relating to End Services or Packages paid for, any registration and accounting data necessary to issue an invoice, as well as any other data provided by the User during payment, and data necessary to obtain payment, in particular data stored in the Profile and orders placed.

Legal basis:

  • Necessity for the performance of a contract for the provision of GIGLIKE Services electronically to the Client or GIGer (Article 6(1)(b) GDPR),

  • Necessity to comply with a legal obligation imposed on GIGLIKE as a data controller (Article 6(1)(c) GDPR),

  • Legitimate interest of the data controller (Article 6(1)(f) GDPR), consisting in establishing, pursuing, and enforcing claims as well as defending against claims in proceedings before courts and other public authorities.

Important note:
Even if a GIGer or Client (or their representative) deletes all personal data from the Service, a copy of the data necessary to carry out the activities described above, as well as data constituting part of GIGLIKE’s accounting records, will remain in our database due to the legal obligation to archive accounting documentation mentioned above and our legal interest in obtaining payment. GIGLIKE makes every effort to ensure that such data is anonymized or pseudonymized to the widest possible extent.

Purpose 6: Handling complaints and requests, responding to inquiries

Scope of data:
For this purpose, GIGLIKE processes personal data provided by the User and collected in the Profile, in particular name, surname, e-mail address, and phone number, as well as data relating to the use of Electronic Services or GIGLIKE Services (and indirectly also End Services), which are the subject of the complaint, request, or inquiry, and data provided for the use of Electronic Services or GIGLIKE Services (and indirectly also End Services), as well as data contained in documents attached to the complaint, request, or inquiry.

Legal basis:
The legitimate interest of GIGLIKE (Article 6(1)(f) GDPR), consisting in improving the functioning of Electronic Services or GIGLIKE Services and in building positive relationships with Users.

Purpose 7: Satisfaction surveys

Scope of data:
For this purpose, GIGLIKE processes personal data provided by the User and collected in the Profile, namely name, surname, and e-mail address, as well as data relating to the use of Electronic Services, GIGLIKE Services, or End Services, information about completed transactions (orders), and responses to questions prepared by GIGLIKE, included in surveys and forms used to assess satisfaction, suggest new functionalities, etc.

Legal basis:
The legitimate interest of GIGLIKE (Article 6(1)(f) GDPR), consisting in improving the functioning of Electronic Services and GIGLIKE Services and conducting periodic evaluations of Users’ satisfaction.

Purpose 8: Marketing and remarketing

Types of services:
If the User has given the appropriate consent, GIGLIKE processes Users’ personal data for the purpose of direct marketing of its own services or products, e.g., to encourage Users to use the Service in case of inactivity, to use other Electronic Services or GIGLIKE Services, or to inform them about new features and promotions offered by GIGLIKE.

If the User has given the appropriate consent, Partners process Users’ personal data for the purpose of direct marketing of End Services or other services or products of their own, which may vary in nature.

Scope of data:
For this purpose, GIGLIKE or the Partner, as applicable, processes personal data provided within the Account and collected in the Profile, in particular during Registration or Package activation, namely: name, surname, e-mail address, phone number (in cases where consent has been given to use electronic communications devices for direct marketing via electronic means), as well as data concerning the User’s activity within the Service, recorded and stored via cookies, including browsing history of Service subpages, transaction history (orders), clicks within the Service, login and registration dates, and data on the viewing and use of specific GIGLIKE or Electronic Services within the Service.

Remarketing:
To reach Users with marketing messages from GIGLIKE or Partners outside the Services (including Partner websites), GIGLIKE and Partners may use external service providers. These services involve displaying marketing messages from GIGLIKE or Partners, including commercial information, on websites other than the Service. For this purpose, Partners or GIGLIKE may install, for example, appropriate code, text files, or pixels from external providers (e.g., Google, Facebook) to collect information about activity within the Service. This information concerns Users’ activity within the Service, in particular the history of visited Service subpages.

Legal basis:
The legitimate interests of GIGLIKE and Partners (Article 6(1)(f) GDPR), consisting in direct marketing of their own services or products, and, where applicable, the User’s consent (Article 6(1)(a) GDPR).

Important note:
With respect to any personal data processing by Partners, given the consent provided via the Service (or external Partner websites), the appropriate entities to contact regarding questions about data processing and the exercise of Users’ rights are the respective Partners.

GIGLIKE is not responsible for the lawfulness, scope, or purpose of such processing, as it has no control over the scope and purposes of processing carried out by the Partners.

V. Cookies

To facilitate the use of the Service, GIGLIKE may, via the Service, install text files on the User’s end device, known as cookies, which serve to store information for identifying the User or remembering the history of actions taken by the User within the Service.

Providing data covered by cookies is voluntary. A User expresses this consent through the appropriate settings of the web browser used to access the Service.

The purposes for which GIGLIKE uses cookies do not require identification of the data subject. Therefore, GIGLIKE is not obliged to obtain or process additional information to identify the data subject solely for the purpose of complying with the GDPR.

Accordingly, GIGLIKE informs Users of this in this Privacy Policy. In such cases, the rights described in Section X do not apply, unless the data subject provides additional information allowing their identification in order to exercise their GDPR rights.

Legal basis: Article 11 GDPR.

Types of cookies
Based on their lifecycle, cookies are divided into:

  • Session cookies – deleted when the web browser is closed,

  • Persistent cookies – deleted after a predetermined period, regardless of browser closure.

Based on the domain from which they originate, cookies are divided into:

  • First-party cookies – set by the servers of our Service,

  • Third-party cookies – set by servers of websites other than our Service.

Purposes of using cookies

Optimization of Service use (necessary and analytical cookies)
GIGLIKE uses first-party cookies to ensure convenience for the User when using the Service, including remembering the User’s login from a specific device, avoiding repeated login procedures, and limiting the number of notifications displayed (regarding updates to the privacy policy and the use of cookies). Cookies are also used to check the security of the IT system and to remember User preferences.

Statistics on page and subpage views (analytical cookies)
GIGLIKE uses third-party cookies (e.g., Google Analytics, Google Analytics 360) to count visits to the Service, their duration, and to determine which functions or parts of the Service are most frequently used or visited. Information collected in this way allows GIGLIKE to analyze Service performance and determine directions for developing new functions and services.

Tracking activity within the Service (analytical cookies)
GIGLIKE uses first-party cookies to identify the User for the purpose of analyzing activity within the Service, determining which actions the User has taken on the Service pages, particularly which subpages were viewed and where the User spent the most time. Information collected in this way allows GIGLIKE to assess whether the content delivered to the User via the Service is clear and whether any changes to the layout are needed.

Opting out of cookies
Users can specify the conditions for storing or accessing cookies via their web browser settings or service configuration. Information on how to reject new cookies, delete existing cookies, request notification when a new cookie is stored, or block cookies can be found in the “Help” section (or similar) of the browser menu.

For further information on how to opt out of cookies and delete all cookies created by GIGLIKE, Users are encouraged to contact GIGLIKE using one of the methods described in this Privacy Policy.

VI. Mandatory provision of personal data and consequences of not providing it

Providing all personal data is a condition for using Electronic Services or End Services. Failure to provide this data will result in the User being unable to use the Electronic Services or End Services. Aside from data marked as mandatory, providing other personal data is voluntary.

Note:
GIGLIKE collects only the personal data it considers necessary for the proper provision of services. GIGLIKE has no control over the scope of personal data collected separately by Partners, particularly through external Partner websites. However, if you believe that a Partner collects or requires personal data that is not necessary for the provision of End Services and thus violates the principle of data minimization under the GDPR, please inform us.

With respect to personal data collected automatically, providing such data is also voluntary. This consent is expressed by the User visiting and using the Service in combination with the appropriate browser settings used to access the Service.

VII. Automated decision-making and Profiling

GIGLIKE makes all reasonable efforts to tailor its own service offerings and any marketing messages directed to Users according to their interests and preferences. For this purpose, it carries out automated processing of personal data, which, however, does not constitute Profiling. GIGLIKE may, however, use the results of Profiling performed by third parties (e.g., Google, Facebook) when directing marketing and remarketing messages to Users.

GIGLIKE emphasizes that targeting and personalizing its marketing communications and other commercial information solely based on collected behavioral data (related to Users’ behavior and activity within the Service, in particular the history of visited subpages) or information provided directly by Users, provided it does not involve inferring other personal characteristics or factors based on data collected in the Profile, does not constitute Profiling.

These actions and decision-making processes constitute automated processing of personal data but do not constitute Profiling, as they occur when a specific action or inaction by the User within the Service triggers the display of a specific message—identical for all Users who acted similarly. Such a message is not directed to the User based on assumptions made automatically by GIGLIKE, but in connection with specific information provided by the User.

Automated processing of personal data and decision-making does not pose a significant risk to Users’ rights and freedoms, does not produce significant legal effects for them, and is not excessively burdensome. Consequently, there are no grounds preventing GIGLIKE’s legitimate interests from taking precedence. Therefore, such processing is not subject to the prohibition under Article 22(1) GDPR, and consent of the data subject is not required. Accordingly, GIGLIKE is not required to implement protective measures for the rights, freedoms, and legitimate interests of the data subject, including the right to obtain human intervention by the data controller, to express one’s own viewpoint, or to challenge an automated decision.

The only consequence of automated processing of Users’ personal data will be the variation of messages directed to them, depending on their activities within the Services.

VIII. Processing of children’s personal data

To use the Services, a User must be at least 18 years old. GIGLIKE does not intend to knowingly collect personal data from individuals under the age of 18 without the consent of their parent or guardian.

IX. Recipients of data

Personal data of Users, where Partners act as data controllers, may be shared by them with entities other than GIGLIKE. GIGLIKE has no control over this; for detailed information, Users should contact the respective Partners directly.

Personal data of Users, where GIGLIKE acts as the data controller, may be shared with other entities. Depending on the circumstances, these entities may either act under GIGLIKE’s instructions (processors) or independently determine the purposes and methods of processing (controllers). GIGLIKE shares personal data with the following categories of recipients:

Affiliated entities
Personal data may be shared with entities affiliated with GIGLIKE, provided there is a legal basis for such sharing. These entities apply the same data protection measures, principles, and purposes as GIGLIKE and act as controllers in relation to the shared data. Location: Poland.

Partners
Personal data of GIGers who have consented when activating a Package are shared with Partners to provide End Services. Partners act as controllers regarding these data. The list of Partners providing End Services is available at: www.giglike.com/partner.

Service providers
Data may be shared with entities providing services supporting GIGLIKE’s operations, e.g., providers of marketing tools, accounting, or legal advisory services.

Processors
GIGLIKE uses entities that process personal data exclusively on its behalf, such as providers of hosting, cloud storage, marketing systems (newsletters, emails), traffic analysis, or marketing campaign effectiveness. Current processors include:

  1. Amazon Web Services EMEA SARL, Luxembourg

  2. OVH Sp. z o.o., Poland

  3. Mailgun Technologies, USA

  4. Twilio Inc., USA

  5. Stripe Inc., USA

Controllers
GIGLIKE also works with entities that independently determine the purposes and methods of personal data use, mainly for remarketing campaigns and statistical research. Current controllers include:

  • Facebook Ireland Limited

  • Google Ireland Limited

  • mBank SA

  • Luxmed Sp. z o.o.

  • Gymsteer Sp. z o.o.

  • Autenti Sp. z o.o.

  • Carsmile SA

  • Cash Director SA

  • Stripe (electronic payment operator)

Location
Service providers are mainly located in Poland and the EEA. Some may be outside the EEA; in such cases, GIGLIKE ensures high data protection standards through standard contractual clauses or obtains user consent.

Authorized personnel
GIGLIKE grants access to personal data only to authorized personnel managing its operations.

Public authorities
Personal data may be disclosed to competent public authorities, such as prosecution offices, police, or the Data Protection Authority (President of the Personal Data Protection Office).

X. Data retention periods

Registered Users without an activated Package
Personal data are stored by GIGLIKE for the duration of the user’s account to provide Services and for marketing purposes. After account deletion, the data are anonymized.

Registered Users with an activated Package
Data are stored for the duration of the account and, if End Services were used, for the duration of the service and until the applicable statute of limitations expires. Data are not anonymized immediately after account deletion but only after these periods. Accounting records are retained or anonymized no earlier than 5 years after the end of the financial year in which payment occurred or was due.

GIGers in Client-provided Lists

  • Unregistered GIGers: data are stored until the Client removes them from the list.

  • Registered GIGers: retention follows the rules above for registered users.

Unregistered Users
Data are stored according to the validity of cookies on their device. If they used Electronic Services, data are retained until the statute of limitations for claims arising from those services expires.

GIGers processed on behalf of Partners
Data are deleted or anonymized upon termination of the processing agreement, upon Partner’s request, or after 3 years from the end of the claims limitation period.

Client representatives
Data are retained for the duration of cooperation with GIGLIKE, for service provision and marketing purposes. After account deletion, data are anonymized after the statute of limitations expires, but no later than 3 years after cooperation ends. Accounting records follow the 5-year retention rule.

Partner representatives
Data are retained for the duration of cooperation for End Services. After account deletion, data are anonymized after the statute of limitations expires, but no later than 3 years after cooperation ends. Accounting records follow the 5-year retention rule.

Important
For data where Partners act as controllers, retention periods and processing rules are determined by the respective Partners. GIGLIKE is not responsible for the legal compliance or minimization of retention periods applied by Partners.

XI. Rights of Data Subjects

GIGLIKE, as a data controller, ensures that Users can exercise the following rights by contacting GIGLIKE as described in Section II. Some rights may also be exercised directly by registered Users via their Account Settings.

For data processed by GIGLIKE solely as a processor on behalf of a Partner, or for which the Partner remains the controller, GIGLIKE will promptly forward the User’s request to the relevant Partner. If the Partner does not respond within 30 days, GIGLIKE will either stop processing the data according to the request or make the necessary adjustments, except where processing is required by law.

1. Right to withdraw consent
Users can withdraw any consent given during Registration, Package activation, or use of Services at any time. Withdrawal of consent takes effect immediately but does not affect the lawfulness of processing carried out prior to withdrawal.

  • Legal basis: Art. 7(3) GDPR

2. Right to object
Users may object at any time to the processing of their personal data based on the controller’s legitimate interest, including automated processing.
Users also have the right to object to the use of their data for direct marketing.
If the controller cannot demonstrate a legal basis overriding the User’s interests or for establishing, exercising, or defending legal claims, the data will be deleted.

  • Legal basis: Art. 21 GDPR

3. Right to erasure (“right to be forgotten”)
Users can request deletion of all or part of their personal data. Requests for deletion of mandatory data will be treated as account deletion or service withdrawal.
This right applies if:

  • Data are no longer necessary for the purposes collected;

  • Consent is withdrawn and no other legal basis exists;

  • The User objects and no overriding legitimate interest exists;

  • Data were unlawfully processed;

  • Deletion is required by law.

Some data may be retained for legal claims or complaints handling, including name, email, registration data, and transaction history.

  • Legal basis: Art. 17 GDPR

4. Right to restriction of processing
Users may request restriction of processing if:

  • The accuracy of data is contested;

  • Processing is unlawful and deletion is opposed;

  • The controller no longer needs the data but the User requires them for legal claims;

  • The User has objected to processing while overriding legitimate interests are being assessed.

  • Legal basis: Art. 18 GDPR

5. Right of access
Users can obtain confirmation whether their personal data are being processed, and if so, access to:

  • Their personal data;

  • Purposes of processing, categories of data, recipients, storage periods, rights, source of data, automated decision-making including profiling, and safeguards for international data transfers;

  • A copy of their data.

  • Legal basis: Art. 15 GDPR

6. Right to rectification
Users can correct or complete their personal data via Account Settings.
For data not accessible through the Account, Users can request rectification or completion from the controller.

  • Legal basis: Art. 16 GDPR

7. Right to data portability
Users may receive their personal data in a commonly used, machine-readable format (*.csv or *.xls) and transfer it to another controller.
They can also request direct transfer by GIGLIKE to another controller if technically feasible.

  • Legal basis: Art. 20 GDPR

 

XII. Response Time

If a data subject exercises any of the rights described in Section XI and submits a request to the data controller, the controller shall respond positively or negatively without undue delay, but no later than one month from the date of receipt of the request.

If the request is submitted to a data processor, the processor shall promptly forward the request to the data controller, no later than one week after receipt, and immediately inform the data subject that the request has been forwarded. The one-month response period begins from the date the request is received by the data controller.

In cases where the request is complex or when multiple requests are submitted, making it impossible to meet the one-month deadline, the data controller may extend the response period by an additional two months, provided that the data subject is informed of the reasons for the delay.

XIII. Complaints and Requests

GIGLIKE encourages users to ask questions and submit requests regarding the processing of their personal data and the exercise of their rights.

Every individual has the right to lodge a complaint with the supervisory authority for personal data protection (PUODO) if they believe that their right to personal data protection or any other rights granted under the GDPR have been violated by GIGLIKE or a Partner.

However, GIGLIKE is not responsible for the security or lawfulness of personal data processing for which Partners are the data controllers, especially when processing occurs outside the Service.

XIV. Personal Data Security

GIGLIKE makes every effort to ensure the security of personal data processed within the Service, including by using encrypted data transmission (SSL) when using Electronic Services. This protects authentication data and significantly reduces the risk of unauthorized access to accounts by systems or individuals.

XV. Changes to the Privacy Policy

GIGLIKE may amend or update this Privacy Policy as needed. Users will be informed of any changes or updates by posting relevant information on the Service’s homepage or via email sent to the users.

The giglike.com website uses cookies to use analytical, advertising and social networking tools. You can delete cookies at any time from your browser. Settings that prevent the installation of cookies may result in the lack of access to the full functionality of this website. For more information, see Privacy Policy .

Accept