Back to homepage

Legal documents

Linkolino Data Processing Agreement

Version 3 Published: 2026-04-28

Linkolino Data Processing Agreement Version 3.0, MVP document for legal review before production publication. 1. Purpose of this document This document describes the basic rules for data processing on behalf of a merchant in the merchant - Linkolino relationship if, in a given integration, Linkolino processes personal data on behalf of the merchant. The document requires legal review before production use. 2. Parties The processor is Datalog Marek Sybilak, ul. Bohaterów Monte Cassino 44, 94-236 Łódź, Poland, NIP: PL7261016185, REGON: 100248984, operator of the Linkolino platform. The controller may be the merchant if it determines the purposes and means of processing data of its store customers in connection with the affiliate program. 3. Scope of entrusted data The data scope should be minimal and include only data needed for attribution, validation, anti-fraud and settlements, in particular: - order_id, - click_id, - visitor_id, - program_id, - affiliate_id, - customer_id_hash if needed, - gross/net amounts, currency, discounts, taxes and delivery costs, - payment status and order status, - timestamp, IP, user agent, referer and technical event data. The merchant should not provide Linkolino with names, delivery addresses, phone numbers, customer emails or other personal data unless necessary and separately agreed. 4. Purpose and duration of processing Data is processed to: - attribute a click to a conversion, - calculate commission, - validate and handle returns, - detect abuse, - maintain settlement records, - handle disputes, complaints and audit. Processing lasts for the period of platform use and for the period needed for settlements, security, audit, claims handling or legal obligations. 5. Linkolino obligations Linkolino undertakes to: - process data only to the extent needed to provide the service and according to documented merchant instructions, - apply appropriate technical and organisational measures, - restrict data access to authorised persons, - support the merchant in exercising data subject rights to the extent possible for a processor, - report personal data breaches to the extent and within time limits required by law, - maintain basic records of operations if required. 6. Merchant obligations The merchant undertakes to: - have a legal basis for data processing, - inform store customers about affiliate tracking and data recipients, - ensure correct cookie/CMP consent configuration if required, - provide only necessary data, - not provide special category data, - correctly implement the script, API, webhook or plugin. 7. Sub-processing Linkolino may use hosting, infrastructure, email, monitoring, security and technical tool providers if necessary to provide the service. Data is not transferred outside the European Economic Area unless the Privacy Policy is updated and appropriate legal mechanisms are applied. 8. Security Security measures may include access control, hashing or pseudonymisation of selected identifiers, audit logs, permission restrictions, transmission encryption, error monitoring and backups. 9. End of cooperation After cooperation ends, Linkolino may delete, anonymise or continue storing data to the extent necessary for settlements, security, audit, claims handling or legal obligations. 10. Priority of arrangements If the parties enter into a separate data processing agreement or individual commercial agreement, its provisions may clarify or replace this document to the extent compliant with law.