Privacy policy

Last updated: 19.03.2025 11:00 CET


Privacy Policy – PROGUS

1. Data Controller and Collection of Personal Data

Progus sp. z o.o. (ul. Sklepowa 27, 97-500 Radomsko, Poland; hereinafter “PROGUS”) is responsible for processing personal data related to the use of our Services and website functionalities. We collect data provided by users as well as data automatically gathered during the use of our Services, in accordance with:

  • Regulation (EU) 2016/679 (GDPR)
  • The California Consumer Privacy Act (CCPA)
  • Nevada state regulations

2. Contact Information

All inquiries regarding this Privacy Policy or your data rights should be directed to:
privacy@progus.com

3. Purposes and Legal Grounds for Personal Data Processing

We may process your personal data for the following purposes:

A. Use of Services:
We process data to perform a contract (Art. 6(1)(b) GDPR), to comply with legal obligations (Art. 6(1)(c) GDPR), to protect our legitimate interests, and to pursue claims.
B. Contact (Chat/Email):
We process data to respond to inquiries and to enter into contracts (Art. 6(1)(f) GDPR).
C. Marketing and Newsletter:
We process data based on our legitimate interests; consent may be withdrawn by unsubscribing.
D. Social Media:
We process data for communication and marketing purposes (Art. 6(1)(f) GDPR) – your name (or pseudonym) and photo will be visible.
E. Job Applications:
We process recruitment data; providing such data is voluntary but often necessary.

4. Types of Data Processing

We may collect and process various forms of personal data based on the functionalities you utilize:

A. Services: If you access and use our Services, we will process your identification data, including your name, surname, country and email address.

We may also automatically collect information, including:

  • Usage and log information, encompassing data on your activity, log files, diagnostic, crash, website, and performance logs and reports.
  • Subscription informations.
  • Locations informations, such as location name, location address, latitude and longitude, location contact details: email, phone, fax.

B. Contacting Us: When contacting us via our contact form (chat) or email, we will process your identification data, such as your name and email address, along with any other data you provide.

C. Marketing and Newsletter: Your email address will be processed if you subscribe to our newsletter or consent to marketing of our services.

D. Social Media: When you interact with our social media profiles, we may process personal data posted on your profile and other data related to our use of social media functionality.

E. Job Applications: In the case of job applications, we may process your personal data in accordance with the Labour Code and other specific laws as required by legal provisions.

5. Right to Object

Users have the right, at any time, to object to the processing of their data based on legitimate interests or for marketing purposes. In such cases, we will cease processing unless overriding grounds exist (e.g., pursuing claims).

6. Data Retention

We retain data as follows:

  • For the duration of the account service, until the account is deleted by the user, or until the service (application) is uninstalled.
  • During the term of contracts and as required by legal obligations.
  • For the duration of pursuing claims.
  • Until an objection is raised or the legitimate interests expire.
  • As part of dispute resolution, marketing activities, social interactions, and the recruitment process (up to 48 months or until consent is withdrawn).
  • Technical logs: Retained for 8 days.

7. Data recipients

Data may be transferred to service providers supporting our activities, such as:

  • Web hosting providers (for websites and services)
  • Data storage entities
  • ICT service providers
  • Social media providers (e.g., Meta Platforms Ireland Limited, Twitter Inc., Google LLC)
  • IT companies, law firms, auditors, and other entities that are legally required to receive data.

We use third-party services, including Heroku (Salesforce), Amazon Web Services (AWS), and Cloudflare, to host, secure, and deliver our applications. These services may process personal data, such as IP addresses and location information, on our behalf. For more information about how these providers handle data, please refer to their respective privacy policies: Heroku Privacy PolicyAWS Privacy Policy, and Cloudflare Privacy Policy.

We use Gleap, a third-party customer support platform, to provide live chat functionality and assist you with your inquiries. When you use the chat feature, Gleap may process personal data, such as your name, email address, and the content of your messages. This data is processed in accordance with Gleap's privacy policy, which you can find here: Gleap Privacy Policy.

    8. Your Rights as a Data Subject

    Users have the right to:

    • Obtain information regarding data processing
    • Access their data
    • Rectify inaccurate or incomplete data
    • Request deletion of data (“right to be forgotten”), subject to exceptions
    • Restrict processing
    • Request data portability
    • Object to data processing (including for marketing purposes)
    • Withdraw consent (without affecting the lawfulness of previous processing)
    • Lodge a complaint with a data protection authority
    • Request explanation and human intervention in the case of automated decision-making
      We provide these services free of charge unless the requests are manifestly unfounded.

    9. Information on Data Transfers Outside of the EEA

    Although most data is processed within the EEA, some data may be transferred to the USA or other countries outside the EEA, in accordance with GDPR. In case of disputes, the courts in Radomsko shall have exclusive jurisdiction.

    10. Automated Decision-Making, Including Profiling

    In addition to cookie-based profiling, automated decisions (e.g., onboarding, personalized offers) may have legal effects. Should you disagree with such decisions, you may request explanations and human intervention.

    11. Security of Your Personal Data

    We implement measures to protect data against loss, destruction, unauthorized access, or disclosure; however, no method of transmission or storage guarantees 100% security. We act in accordance with EU and USA regulations.
    We ensure data security through encryption:

    • Data transmitted is encrypted using the SSL/TLS protocol.
    • Data stored in our database is encrypted using the AES-256 algorithm.

    We have also implemented Data Loss Prevention (DLP) strategies by:

    • Monitoring data flow,
    • Limiting access – only a minimal group of employees have access,
    • Logging – every access to personal data is recorded,
    • Conducting periodic employee training.

    To further ensure the security of data stored in our database, we regularly perform backups. These backups are securely stored and may be used to restore data in the event of a system failure. Backups are retained for a specified period, and only authorized personnel have access to them.

    12. Cookies

    We use cookies to:

    • Provide and secure our Services (web/desktop)
    • Enhance user experience, personalization, and FAQ analysis
    • Remember user preferences (e.g., language)
    • Distinguish mobile users from desktop users
    • Display advertisements, offers, and promotions
      We use essential, preference, statistical, marketing, and unclassified cookies. Blocking cookies may affect the functionality of the site. Removal instructions are available for popular browsers (Firefox, Opera, Internet Explorer, Chrome, Safari).

    13. Information and Notice for California Residents

    This section covers the collection, use, disclosure, and sale of personal data of California consumers in accordance with the CCPA and the California Privacy Rights Act. It relates to data from the previous calendar year and is updated annually.

    • “Do Not Track” signals are not considered.
    • We do not process sensitive personal data (SPI).
    • Data may be used for commercial purposes if consent is not withdrawn.
    • We do not sell data; the opt-out option (“DO NOT SELL OR SHARE MY PERSONAL INFORMATION”) can be activated.
      Users have the right to access, rectify, delete, and port their data. Please direct requests to:
      PROGUS, Sklepowa 27, Radomsko, Poland (Attn: CCPA Request).

      14. Nevada Residents

      Nevada law allows customers to "opt out" of the sale of certain personal information, known as "covered information." We do not sell covered information as defined in the law, and we have no plans to change this practice. If you wish to be notified if we change this practice, you can email us and provide your name, Nevada resident address, and email address. We will contact you if there are any changes, and you can complete your opt-out at that time. If your contact information changes, please contact us to update it. We may share your data for different purposes as explained in this Privacy Policy, which are separate from your opt-out request.

       15. Links to Other Sites

      Customers from Nevada may opt out of the sale of “covered data.” We do not sell such data and will inform you of any changes in our practices; if your contact information changes, please update it accordingly.

      16. Children’s Privacy

      The Service is not intended for individuals under 13 years of age. We do not knowingly collect data that could identify children; if such data is disclosed without parental consent, we will take steps to remove it.

      17. Changes to this Privacy Policy

      This Privacy Policy may be updated periodically. Changes will be communicated by publishing a new version on the website, with the last updated date clearly indicated at the beginning of the document.

      The above provisions apply to the progus.com website and to all services and applications offered by PROGUS SP. Z O.O.





      The following provisions apply exclusively to the specified services/applications.

      Progus Store Locator

      1. Purpose of Data Collection in the Application

      Progus Store Locator is an application for locating stores that enables the presentation of physical store locations on a map and their management. We use personal data collected from you and your customers to:

      • Provide and operate the Service and the Application
      • Communicate with you
      • Optimize or improve the Application
      • Provide you with information about our products or services

      Your personal data is not sold or shared with anyone unless required by law.

      2. Types of Personal Data Collected

      Personal data includes, but is not limited to, information such as first name, last name, country, website URL, and email address. We may also automatically collect information, including:

      • Usage Data and Logs: Details about your activity, log files, diagnostics, failure reports, and performance data related to the website.
      • Location Information:
        • Location name
        • Location address
        • Latitude and longitude of the location
        • Opening hours
        • Contact details (email, phone, fax)
        • Social media links
        • The location’s website URL
        • Tags, tag categories, and group names
        • Location photos
        • Translations of location data into other languages
        • Appearance data for map markers
        • Custom data fields created by the user
      • Customer Search Information on the Map: User coordinates or the searched address with its coordinates, and the name and address of the nearest location to the searched point.
      • Application Operation Data: History of location imports, connection data for file synchronization (e.g., Google Sheets), application settings, login sessions, and subscription data.

      Our application allows you to search for and view the locations of businesses on a map. When you enter an address, it is sent to third-party services (Google Maps API or TomTom) to retrieve geographic coordinates (latitude and longitude). These services may process the address data in accordance with their own privacy policies. We store the coordinates to display the locations on the map and improve the functionality of the application. For more information about how these providers handle data, please refer to their respective privacy policies: Google Privacy Policy and TomTom Privacy Policy.

      Payment Data:
      Depending on the platform you use, payment processing may be handled by different providers:

      • For users of the application outside of Shopify and WIX:
        • To process payments and manage subscriptions, we use an external payment provider—Paddle.
        • Payment data (including the credit card number and billing address) is processed by Paddle and is subject to their privacy policy.
        • Our application may retrieve and display some payment details (e.g., the last four digits of the card, billing address, and payment history) solely to enable users to manage their subscription plan.
        • We do not store full credit card data or any other payment information on our servers.
          Paddle Privacy Policy
      • For users of the application on Shopify:
        • All payment processing is handled directly by Shopify, with payment data processed according to Shopify’s privacy policy and payment terms.
          Shopify Privacy Poilcy
      • For users of the application on WIX:
        • All payment processing is conducted on the WIX side, with payment data processed by WIX according to their privacy policy.
          Wix Privacy Policy


      Progus COD

      1. Purpose of Data Collection in the Application

      Progus COD is an application for managing the visibility of the “Cash on Delivery” payment method for Shopify.

      We use personal data collected from you and your customers to:

      • Verifying the COD Order Limit:
        For users on the free plan, we count the number of orders placed using the Cash on Delivery (COD) payment method.

      • Automatic Management of Payment Methods:
        When the limit of 10 COD orders per month is exceeded, the application will automatically:

        • Disable the COD payment option in the store.

        • Notify the store administrator of the exceeded limit.

      • Real-Time Analysis:
        In real time, the following data are analyzed:

        • Order ID.

        • Selected payment method.

      By installing the Progus COD app, you consent to the access and processing of the aforementioned Shopify data in accordance with this policy.

      Your personal data is not sold or shared with anyone unless required by law.

      2. Types of Personal Data Collected

      When you access and use our Services, we process your identifying data, such as your email address and website domain. We may also automatically collect information, including:

      • Usage Data and Logs: Details about your activity, log files, diagnostics, failure reports, and performance data related to the website.
      • Subscription Information
      • Order Details:
        • Basic order information such as the order ID and payment method, which are used in real time.
        • We do not store or process these or any other order-related data.

      3. Relationship with the General Policy

      All other rules regarding:

      - Legal basis for processing
      - Data retention periods
      - Security
      - Data sharing

      are defined in the general section of this privacy policy (sections 3, 6, 7, 11) and apply equally to this application.