PRIVACY POLICY — STUDIVO PLATFORM

studivo.eu

Version dated: 1 April 2026

1. Data Controller

The controller of personal data of StuDivo Platform Users is the Operator of the Platform. For all data protection matters, please contact: kasiawszwajcarii@gmail.com.

2. Sign-in via Google — Shared Responsibility for Data

The StuDivo Platform uses only the Google sign-in mechanism (Google OAuth / "Sign in with Google"). This means that the authentication process is carried out by Google LLC, which processes sign-in credentials pursuant to its own Privacy Policy (policies.google.com/privacy).

With regard to data transmitted to the Platform by Google (name, email address, account identifier), the Controller is the StuDivo Operator. The Operator does not store the User's Google account password and has no access to it.

Users should review Google's Privacy Policy, as it covers part of the processes associated with use of the Platform.

3. Legal Basis for Processing

Personal data are processed on the following legal bases:

  • Article 6(1)(b) GDPR — performance of a contract (account and subscription management);
  • Article 6(1)(c) GDPR — legal obligation (tax and accounting obligations);
  • Article 6(1)(f) GDPR — legitimate interests of the Controller (platform security, usage analytics);

Article 6(1)(a) GDPR — the User's consent (newsletter, optional analytics cookies).

4. Categories of Data Collected

4.1 Data Received from Google

  • name (or display name associated with the Google account);
  • email address linked to the Google account;
  • unique Google account identifier (Google ID).

4.2 Data Provided Voluntarily by the User

invoice details (VAT number, business address — optional);

information provided in correspondence with the Operator.

4.3 Data Collected Automatically

  • IP address and device data;
  • browser type and operating system;
  • activity data on the Platform (session logs, sections visited);
  • cookie data in accordance with the Cookie Policy.

5. Purposes of Processing

Personal data are processed for the following purposes:

  • authentication and management of the User account;
  • processing payments and managing subscriptions;
  • issuing invoices and fulfilling tax obligations;
  • operating the referral programme and paying commissions;
  • communicating with the User (technical notifications, responding to enquiries);
  • sending newsletters and marketing communications (with consent);
  • ensuring the security and stability of the Platform;
  • analytics and usage statistics (in aggregated form);
  • establishing, exercising or defending legal claims.

6. Data Retention

For the duration of the Agreement and 6 years after its termination — data required for tax and accounting purposes.

Until consent is withdrawn — data processed on the basis of consent (newsletter).

Until a valid objection is raised — data processed on the basis of legitimate interests.

7. Recipients of Data

Personal data may be shared with the following categories of recipients:

  • Google LLC — for the purposes of sign-in processing (Google OAuth);
  • Stripe Inc. — for payment processing; Stripe processes payment data as an independent data controller in accordance with its own privacy policy;
  • cloud and hosting service providers;
  • email service providers;
  • legal advisors — in the event of claims;
  • public authorities — where required by law.

The Operator does not sell personal data to third parties.

8. International Transfers

Google LLC and Stripe Inc. are headquartered in the United States. Data transfers are carried out on the basis of compliance mechanisms provided for under the GDPR, including Standard Contractual Clauses approved by the European Commission or adequacy decisions.

9. Rights of Data Subjects

Users have the following rights:

  • access to their data and to obtain a copy;
  • rectification (correction) of data;
  • erasure of data ('right to be forgotten');
  • restriction of processing;
  • data portability;
  • objection to processing on the basis of legitimate interests;
  • withdrawal of consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

Users also have the right to lodge a complaint with the supervisory authority competent for their place of residence or habitual residence. In particular, residents of EU/EEA member states may contact the national data protection authority of the country in which they reside or are habitually resident. The Polish supervisory authority is the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl.

Requests regarding the exercise of rights should be sent to: kasiawszwajcarii@gmail.com. A response will be provided within 30 days.

10. Cookies

The Platform uses cookies. Detailed information on the cookies used and how to manage them is set out in the Cookie Policy available at studivo.eu.

11. Data Security

The Operator applies technical and organisational security measures appropriate to the risk of processing, including encrypted data transmission (SSL/TLS) and access controls. Payment data are protected by Stripe in accordance with the PCI DSS standard. In the event of a personal data breach, the Operator will notify the User and the supervisory authority to the extent and within the timeframes required by the GDPR.

12. Amendments to the Privacy Policy

Users will be informed of material changes by email with at least 14 days' notice. The current version of the Privacy Policy is always available at studivo.eu.

13. Contact

For all data protection matters: kasiawszwajcarii@gmail.com.

Back to home