Back to homepage

Legal documents

Linkolino Privacy Policy

Version 3 Published: 2026-04-28

Linkolino Privacy Policy Version 3.0, MVP document for legal review before production publication. 1. Data controller The controller of data processed for accounts, platform operation, security, Linkolino billing, contact and service development is Datalog Marek Sybilak, ul. Bohaterów Monte Cassino 44, 94-236 Łódź, Poland, NIP: PL7261016185, REGON: 100248984. Contact for personal data protection matters and exercising data subject rights is handled electronically at contact@linkolino.com. The controller has not appointed a data protection officer. In some processes, the merchant may be the controller of its store customers' data and Linkolino may act as processor or technical tool provider. The specific role depends on integration configuration, data scope and the agreement with the merchant. 2. Scope of this policy This policy describes data processing in the Linkolino platform, including account, merchant, affiliate, agency, program, click, conversion, integration, billing, document, log and communication data. 3. Data categories Linkolino may process: - account data: email, role, settings, language, token hashes and login data, - profile data: company name, tax ID, address, website, contact data, - affiliate data: display name, settlement data, tax data, bank account number, individual or company type, - agency and team data: name, authorised persons, roles, permissions, - program data: name, description, rates, rules, status, commission and settlement settings, - tracking data: visitor_id, click_id, link_id, program_id, affiliate_id, sub_id, IP, user agent, referer, timestamp, cookies and URL parameters, - conversion data: order_id, order value, currency, gross/net amounts, discounts, delivery, taxes, payment status, order status, commission amount, customer_id_hash, - billing data: affiliate commissions, Linkolino commissions, merchant and campaign rates, settlements, statuses, corrections and exports, - document and acceptance data: document version, acceptance date, IP and user agent if collected, - technical, security, audit and error handling logs, - support correspondence content. 4. Store customer data Linkolino should receive only data needed for attribution, validation, anti-fraud and settlements. Pseudonymous identifiers are preferred, e.g. order_id, visitor_id, click_id and customer_id_hash. The merchant should not provide Linkolino with names, delivery addresses, phone numbers, customer emails or other personal data unless necessary and supported by an appropriate legal basis and agreement. 5. Purposes of processing Data is processed to: - maintain accounts and authentication, - provide platform services, - create and manage affiliate programs, - record clicks, conversions and attribution, - calculate and report commissions, - maintain Linkolino and agency billing records, - handle external settlements and commission statuses, - operate API, webhook, script and plugin integrations, - ensure security, anti-fraud and audit, - handle complaints, support and communication, - establish or defend claims, - fulfil legal, tax or accounting obligations if applicable, - develop the product and analyse platform operation. 6. Legal bases The legal bases may include: - performance of a contract or steps before entering into a contract, - controller's legal obligation, - legitimate interest, e.g. security, anti-fraud, claims, reporting and service improvement, - consent if required, e.g. for some cookies, marketing or communication, - processing on behalf of a merchant if Linkolino processes data as processor. 7. Cookies and tracking identifiers The platform may use cookies, local storage, visitor_id, click_id and similar identifiers for login, session memory, click attribution, conversion attribution, anti-fraud and statistics. The merchant is responsible for properly informing its store customers about affiliate tracking and obtaining consent if required by law or the adopted integration configuration. Integration modes may include: - merchant_consent_required - the merchant collects consent in the store before tracking starts, - server_side_required - tracking is based mainly on server-side events, - custom - individual configuration agreed with the merchant. 8. Data recipients Data may be disclosed to: - hosting, infrastructure, email, monitoring and technical tool providers, - merchants, affiliates and agencies to the extent necessary to operate the program, - payment or accounting providers if a given mode is enabled, - legal, tax or accounting advisers, - public authorities if required by law. 9. Transfers outside the EEA Personal data processed by Linkolino is not transferred outside the European Economic Area. If such transfer is to occur in the future, the Privacy Policy will be updated and the transfer may take place only on the basis of appropriate legal mechanisms under the GDPR. 10. Retention period Account data is stored for the period of platform use and then for the period necessary to handle claims, audit and legal obligations. Tracking data and conversions are stored for the period necessary for attribution, validation, anti-fraud, settlements and disputes. Billing data, settlements and documents may be stored for the period required by tax or accounting law or for the limitation period of claims. Technical logs are stored for a period adequate for security and diagnostics. 11. Data subject rights The data subject may have the rights to: - access data, - rectify data, - erase data, - restrict processing, - data portability, - object to processing, - withdraw consent if processing is based on consent, - lodge a complaint with the President of the Personal Data Protection Office in Poland. The scope of exercising rights may depend on Linkolino's role in a given process. If Linkolino acts as processor for the merchant, some tasks may require cooperation with the merchant as controller. 12. Automated operations The platform may automatically attribute clicks to conversions, calculate commissions, assign technical statuses, detect duplicates or mark events for review. As a rule, these operations serve program records and operation. Disputed decisions, rejections or blocks should allow review by an authorised person. 13. Security Linkolino applies technical and organisational measures appropriate to the risk, including access control, hashing of selected data, logs, permission restrictions and audit mechanisms. The user should protect account access and not disclose login data to unauthorised persons. 14. Merchant obligations The merchant is responsible for: - informing store customers about affiliate tracking, - its own privacy and cookies policy in the store, - legal compliance of the integration, - minimising data sent to Linkolino, - correct CMP configuration if required, - having a legal basis for data sent by API, webhook or plugin. 15. Policy changes This policy may be changed due to changes in law, technology, platform features, providers, data scope or settlement model. The current version is published in the service. Material changes may require notifying users or renewed acceptance of documents.