[FON]
Start for Free

Privacy Policy

Version 1.0 – effective from 05.05.2026

The binding version of this Privacy Policy is the Polish one. This English version is provided for informational purposes only. In case of any discrepancy, the Polish version prevails.

Dear User,

{COMPANY_NAME}, conducting sole proprietorship registered with CEIDG (hereinafter: "FON", "we", "Controller"), as the operator of the FON service – two bots in the Telegram messenger (@FON_RentFlatPL_ConfigBot and @FON_RentFlatPL_AlertBot) and the website fonbot.pl/en – makes every effort to ensure the security and confidentiality of your personal data.

This Privacy Policy is presented in the form of questions and answers. It describes what data we process, why, on what legal basis, for how long, with whom we share it, and what rights you have. We operate in accordance with Regulation (EU) 2016/679 of 27 April 2016 (GDPR) and the Polish Personal Data Protection Act.

1. Who is the controller of your personal data?

The controller of your personal data is:

  • {COMPANY_NAME}, conducting sole proprietorship (CEIDG),
  • correspondence address: {ADDRESS},
  • Tax ID (NIP): {NIP},
  • Statistical ID (REGON): {REGON},
  • e-mail: contact@fonbot.pl.

In matters related to the protection of personal data, you can contact us by e-mail at contact@fonbot.pl or via a message to our @FON_Support Telegram contact account.

We have not appointed a Data Protection Officer, as we are not legally required to do so.

2. What personal data do we process?

We process the following categories of personal data:

a) Data retrieved automatically from Telegram – when you start using the Config Bot or the Alert Bot:

  • your Telegram user identifier (telegram_user_id),
  • your Telegram username (username), if set,
  • first and last name (first_name, last_name), as visible to Telegram bots,
  • language code set in Telegram (language_code).

b) Data generated while using the Service:

  • search settings (city, price range, number of rooms, area, additional filters),
  • account preferences and settings,
  • alert status (enabled / disabled, active / blocked),
  • history of bot interactions (commands, clicks, form responses),
  • registration date, dates and versions of Terms and Privacy Policy you have accepted,
  • marketing information allowing us to identify the source of user acquisition (ad_campaign_id).

c) Data provided voluntarily:

  • phone number – if you consent via Telegram's "Share phone number" feature; used, among other things, to handle Partner forms and to contact you,
  • data provided in Partner forms (as defined in each form),
  • information provided in correspondence and complaints,
  • e-mail address – if provided (e.g., for complaints or invoicing).

d) Data related to payments (Premium Plan):

  • Payment card data and transaction data are processed exclusively by the Payment Operator – Stripe Payments Europe, Ltd. FON does not store full card data. From Stripe, we receive only transaction identifiers, payment status, amount, currency, and the last 4 digits of the card along with its type – solely for settlements and issuing accounting documents.

e) Technical data:

  • IP addresses and server logs (on OVH infrastructure), to the extent necessary for security, diagnostics, and abuse prevention,
  • browser and device data (user agent, device type) – if you use the fonbot.pl/en website.

Providing data is voluntary, but necessary to use the features of the Service that require it. If you do not wish your data to be processed, we are unable to provide the Service.

3. Where do we obtain your data from?

We obtain data:

  • directly from you – when you start using the bots, configure searches, fill in forms, send messages, make payments;
  • from the Telegram platform – user identifier and public Telegram profile data are provided to bots under the Telegram Bot API;
  • from the Payment Operator (Stripe) – to the extent necessary to settle and handle transactions.

We do not obtain your data from other public sources or third parties.

4. For what purposes and on what legal basis do we process your data?

Purpose of processing Legal basis (GDPR)
Providing the Service (account, alerts, searches, service communication) – Free Plan and Premium Art. 6(1)(b) GDPR – performance of a contract
Handling payments and subscriptions in the Premium Plan Art. 6(1)(b) GDPR – performance of a contract
Issuing invoices and receipts, maintaining tax and accounting documentation Art. 6(1)(c) GDPR – legal obligation (e.g., VAT Act, Accounting Act)
Handling complaints, requests, and correspondence Art. 6(1)(b) and (c) GDPR
Transferring data to Partners based on the lead-generation form Art. 6(1)(a) GDPR – your consent
Processing the phone number provided via Telegram's share feature Art. 6(1)(a) GDPR – consent; when necessary to handle a Partner form – Art. 6(1)(b) GDPR
Internal analytics (ELK/Kibana), usage statistics, improving Service quality, abuse detection, Service security Art. 6(1)(f) GDPR – legitimate interest of the Controller
Direct marketing of the Service (including advertising campaigns, promotional communication within the bots) Art. 6(1)(f) GDPR – legitimate interest of the Controller
Sending marketing messages to persons who have given consent Art. 6(1)(a) GDPR – consent; Art. 10 of the Act on the Provision of Services by Electronic Means
Analytics of the fonbot.pl website (including planned deployment of Google Analytics or similar tools) Art. 6(1)(a) GDPR – consent (cookies)
Establishment, pursuit, and defense of legal claims Art. 6(1)(f) GDPR – legitimate interest

Where processing is based on consent, you may withdraw it at any time – withdrawal does not affect the lawfulness of processing carried out before it.

5. How long do we store your data?

We store your data only as long as necessary to achieve the purposes for which it was collected:

  • account data and Service usage data – for the term of the Agreement and the period necessary to pursue claims (as a rule, up to 3 years under Art. 118 of the Civil Code, from the end of the year in which the Agreement ended);
  • settlement data, invoices, accounting documents – for the period required by tax and accounting law (as a rule, 5 years from the end of the tax year in which the tax obligation arose);
  • data processed based on consent (e.g., phone number for Partner forms, marketing consent, analytics cookies) – until consent is withdrawn or the purpose no longer exists;
  • data transferred to a Partner – once transferred, the Partner becomes a separate controller with its own retention policy; FON's systems retain only metadata (fact and date of transfer, Partner identifier, fields submitted) for the claim-limitation period;
  • complaint data – for the time necessary to resolve the complaint and the claim-limitation period;
  • server logs and security data – as a rule, up to 12 months from registration, unless longer retention is needed to establish, pursue, or defend claims;
  • blocked accounts (e.g., for abuse) – for as long as necessary to prevent further abuse.

After these periods, data is deleted or anonymized.

6. With whom do we share your data?

We share data only to the extent necessary to operate the Service and only with trusted entities with whom we have (or will have, before actual data transfer) agreements ensuring data security:

a) Infrastructure and tool providers:

  • OVH SAS / OVHcloud – VPS infrastructure provider (hosting the Service); servers located in the European Union;
  • Telegram FZ-LLC / Telegram Messenger Inc. – the messenger platform through which the FON bots operate;
  • Stripe Payments Europe, Ltd. – Premium Plan payment processing;
  • e-mail and transactional communication providers (to the extent we use them).

b) Lead-generation Partners:

  • cleaning companies, movers, real-estate agencies, mortgage advisors, insurance brokers, relocation companies, and others – only when you independently and knowingly send a query to them via a form in the Config Bot. Each such transfer requires your separate, explicit consent. Once data is transferred, the Partner becomes a separate controller.

c) Analytics tools (planned):

  • Google Analytics or similar tools – in relation to fonbot.pl/en, once deployed and only upon your cookie-banner consent. On the effective date of this Policy, these tools are not yet in use; we will inform you of their deployment by updating this Privacy Policy.

d) Law firms, accounting offices, legal and financial advisors – to the extent necessary to perform services for the Controller, under confidentiality obligations.

e) Public authorities and authorized entities – in cases and to the extent required by law (e.g., courts, prosecutor's office, the President of UODO, tax authorities).

We do not sell your personal data.

7. Do we transfer data outside the European Economic Area (EEA)?

The infrastructure we use (OVH) is located in the European Union.

However, some providers we cooperate with may process data in third countries:

  • Telegram – platform infrastructure is located in various locations, including outside the EEA;
  • Stripe – entity group with offices in, e.g., the US and Ireland; some data may be processed in the US;
  • Google Analytics (planned) – Google group entities operate in, e.g., the US.

In such cases, we ensure that transfers take place only on the basis of mechanisms providing an adequate level of protection required by the GDPR, in particular:

  • European Commission adequacy decisions (e.g., EU-US Data Privacy Framework for certified US entities),
  • Standard Contractual Clauses approved by the European Commission,
  • other legally recognized safeguards.

You may request copies of applicable safeguards by e-mailing contact@fonbot.pl.

8. Do we make automated decisions, including profiling?

We do not make decisions based solely on automated processing (including profiling) that produce legal effects concerning you or similarly significantly affect you within the meaning of Art. 22 GDPR.

We apply automated mechanisms to match Listings to your search criteria and to detect abuse – these are necessary for the Service to function but do not determine your rights or obligations. You always control your search configuration yourself.

9. Cookies and similar technologies

The Telegram bots themselves do not use cookies, because interaction takes place inside the Telegram application rather than in a browser.

Cookies may be used on our website fonbot.pl/en:

  • essential (technical) cookies – necessary for the correct operation of the website; processed on the basis of Art. 6(1)(f) GDPR (legitimate interest) and Art. 173 of the Telecommunications Law (currently: Art. 398 of the Electronic Communications Law); no consent required;
  • analytics cookies (e.g., Google Analytics – once deployed) – used to measure traffic and analyze user behavior; processed only with your consent expressed via the cookie banner;
  • marketing cookies (if deployed in the future) – also only with consent.

You can change your cookie preferences at any time via the website settings or your browser. Disabling certain cookies may limit website functionality.

10. How do we protect your data?

We apply technical and organizational measures proportionate to risk, in particular:

  • transmission encryption (TLS/HTTPS, encrypted communication with the Telegram Bot API),
  • encrypted access to databases, password and key rotation, access control,
  • hosting in a trusted, professional data center (OVH, EU),
  • regular backups,
  • logging and monitoring (ELK/Kibana),
  • environment separation (production/testing),
  • data-minimization policy – we process only data necessary for the purpose,
  • strong authentication,
  • restricted circle of persons authorized to process data,
  • incident response in accordance with the GDPR (including notifying PUODO within 72 hours where required by law).

11. What are your rights?

Under the GDPR, you have the following rights:

a) Right of access (Art. 15 GDPR) – to receive information on the data we process and a copy.

b) Right to rectification (Art. 16 GDPR) – to correct inaccurate or incomplete data.

c) Right to erasure (Art. 17 GDPR, "right to be forgotten") – to request erasure where there is no further legal basis for processing.

d) Right to restrict processing (Art. 18 GDPR) – in specific cases.

e) Right to data portability (Art. 20 GDPR) – to receive your data in a structured, commonly used, machine-readable format and transmit it to another controller (for data processed under consent or contract).

f) Right to object (Art. 21 GDPR) – to object to processing based on legitimate interest; for direct marketing – at any time, and we will stop such processing.

g) Right to withdraw consent – where processing is based on consent, you may withdraw it at any time; this does not affect prior lawfulness.

How to exercise these rights? Send an e-mail to contact@fonbot.pl with a description of your request, or write to our @FON_Support Telegram contact account. We will respond without undue delay, no later than within one month of receiving the request (extendable in complex cases by another 2 months – we will inform you).

Not all rights are absolute – in certain cases, the law requires us to continue processing data (e.g., retaining invoice data under tax law).

12. Can you file a complaint?

Yes. If you believe we process your data unlawfully, you have the right to file a complaint with the supervisory authority, which in Poland is:

President of the Personal Data Protection Office (PUODO) Stawki 2, 00-193 Warsaw, Poland Website: https://uodo.gov.pl

Before doing so, we encourage you to contact us directly (contact@fonbot.pl) – we will do our best to resolve any matter promptly and fairly.

13. Can we change the Privacy Policy?

Yes. The Privacy Policy may be updated as the Service, law, or technology evolves. The current version of the Privacy Policy is always published at fonbot.pl/en/privacy with a version number and effective date. A link to the Privacy Policy is also available in the welcome message of the Config Bot (response to the /start command).

If the change affects processing based on your consent, we may ask you to give consent again.

We encourage you to review the Privacy Policy periodically. Continued use of the Service after the changes take effect means you have taken note of them.

14. Contact

For any matter related to your personal data, write to us:

  • E-mail: contact@fonbot.pl
  • Telegram contact: @FON_Support
  • Correspondence address: {ADDRESS}

We care to keep your data safe and our communication clear.