Privacy policy

PRIVACY POLICY OF THE BATNER APPLICATION

Version: 1.3 (GDPR Compliant)

Effective Date: March 1, 2026

1. Who We Are (Data Controller)

The data controller responsible for your personal data is the operator of the Batner application and platform:

• Name: Bc. Tomáš Vass

• Registered Office: J. Božana 3135, 738 01 Frýdek-Místek, Czech Republic

• Company ID (IČO): 88656403

• Contact Email: info@batner.com

We take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and other applicable data protection laws.

2. What Personal Data We Collect and Why

To ensure the safe and proper functioning of the Batner marketplace, we process the following data:

A. Account Creation and Communication (Basic Registration)

• What we collect: Phone number, email address, username, password (encrypted).

• Why (Purpose): To create and manage your user account, send technical and security notifications, and enable the in-app chat function.

• Legal Basis: Performance of a contract (Providing the service according to the Terms & Conditions).

B. Payment Processing (Stripe Connect)

• What we collect: First name, last name, billing address, transaction history. (Note: We do not see or store your credit card numbers or detailed banking information. This data is processed exclusively by our payment partner, Stripe).

• Why (Purpose): To facilitate the "Buy Now" feature, process payments, resolve disputes, and fulfill tax/reporting obligations.

• Legal Basis: Performance of a contract and compliance with legal obligations (Accounting, DAC7 Directive).

C. User Content and Advertisements

• What we collect: Photographs, videos, advertisement text, audio recordings, and location data (if you voluntarily share it to arrange an in-person meeting).

• Why (Purpose): To display your listings on the marketplace and for the marketing promotion of the Batner platform.

• Legal Basis: Legitimate interest (Operation of the marketplace and marketing).

D. Technical Data and Analytics

• What we collect: IP address, device type, operating system, and in-app activity logs (e.g., clicks and navigation).

• Why (Purpose): To ensure network security, prevent fraud (spam, bots), and troubleshoot application errors.

• Legal Basis: Legitimate interest (Security and stability of the application).

3. Who We Share Your Data With (Data Recipients)

We do not sell your personal data to any third parties for their marketing purposes. We only share data with verified partners necessary for the operation of the application:

1. Stripe Payments Europe, Ltd. (Ireland) / Stripe, Inc. (USA): Our payment gateway and identity verification provider (Stripe Identity). We share data with Stripe to process payments and prevent money laundering (AML compliance).

2. Cloud Service Providers (Hosting): We use secure servers to host our platform. For users of our European domains, data is hosted exclusively on servers within the European Union. For users accessing the platform via the .com and .ca domains, data is hosted on servers located in the United States of America (USA).

3. Law Enforcement and State Authorities: In the event of a lawful request (e.g., fraud investigation), we are legally obliged to provide your data to law enforcement agencies or tax authorities (e.g., income reporting under the DAC7 Directive).

4. Other Users: When a transaction is initiated, we share the necessary contact details with the other party (e.g., username in the chat) so the trade can be completed.

4. International Data Transfers (Outside the EU)

We take steps to ensure your data remains secure. While data for European users is primarily stored within the European Economic Area (EEA), the use of our .com/.ca domains or certain third-party services (like Stripe) may require data to be transferred to the United States. Any such transfer outside the EEA is conducted exclusively on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission or the EU-US Data Privacy Framework, which guarantee a European level of data protection.

5. Data Retention Period

We retain your data only for as long as strictly necessary:

• Active Account: We keep your data for as long as your account remains active.

• Account Deletion: Upon account deletion, we remove most of your personal data. However, we retain transaction history, chat logs, and basic identification data for up to 10 years to comply with legal obligations (accounting, tax laws) and to protect against legal claims (dispute resolution, fraud prevention).

6. Your Rights Under the GDPR

As a user, you have comprehensive rights regarding your personal data:

• Right of Access: You can request a copy of all personal data we hold about you.

• Right to Rectification: If your data is inaccurate, you can correct it in the app or ask us to do so.

• Right to Erasure (Right to be Forgotten): You can request the deletion of your account and data. We will comply unless a legal obligation prevents us from doing so (e.g., an ongoing transaction or investigation).

• Right to Data Portability: You can obtain your data in a machine-readable format.

• Right to Object: You can object to data processing based on our legitimate interest.

To exercise any of these rights, please contact us at: [Insert your email].

7. Right to Lodge a Complaint

If you believe that we are handling your data unlawfully, you have the right to lodge a complaint with your local data protection authority. In the Czech Republic, this is the Office for Personal Data Protection (ÚOOÚ), located at Pplk. Sochora 27, 170 00 Prague 7 (www.uoou.cz).

8. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy. We will notify you of any significant changes via an in-app notification or by email.