OMOM.APP service · Effective from: 5 June 2026 · Version 1.0
The controller of your personal data is OMOM.APP spółka z ograniczoną odpowiedzialnością with its registered office in Gdynia, Aleja Zwycięstwa 96/98, 81-451 Gdynia, entered in the register of entrepreneurs of the National Court Register under number KRS 0000937751, NIP 5862375284, REGON 520685797 (hereinafter: the “Controller”, “OMOM”, or the “Company”).
For all matters concerning the processing of personal data and the exercise of your rights, you can contact the Controller by email: administrator@omom.app.
OMOM operates an online platform (marketplace) connecting Users (Customers) with independent creators of desserts and special-occasion items (hereinafter: the “Creators” or “Sellers”). OMOM acts as an intermediary in concluding and fulfilling orders and in handling payments.
Depending on the processing activity, OMOM acts in various roles:
We process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR). Below we indicate the purposes and the corresponding legal bases:
| Purpose of processing | Legal basis (GDPR) | Retention period |
|---|---|---|
| Creating and maintaining the User’s account | Article 6(1)(b) – performance of a contract for the provision of electronic services | Until the account is deleted |
| Fulfilment of orders (conclusion and performance of the contract with the Creator, delivery) | Article 6(1)(b) | Fulfilment time + limitation period for claims |
| Handling payments and settlements (Stripe Connect) | Article 6(1)(b) and (c) | In accordance with tax/accounting regulations |
| Issuing invoices, accounting, tax obligations | Article 6(1)(c) – legal obligation | 5 years (counting from the end of the tax year) |
| Handling complaints and exercising consumer rights | Article 6(1)(b) and (c) | Limitation period for claims |
| OMOM’s own marketing (e.g. newsletter, email) | Article 6(1)(a) – consent; Article 6(1)(f) – legitimate interest | Until consent is withdrawn / an objection is raised |
| Establishing, pursuing, and defending against claims | Article 6(1)(f) – legitimate interest | Limitation period for claims |
| Platform security, prevention of abuse and fraud | Article 6(1)(f) | Until the purpose is achieved |
| Statistics and service improvement | Article 6(1)(f); for cookies – consent (see point 9) | Until the purpose is achieved / consent is withdrawn |
Providing data is voluntary but necessary to create an account, place an order, and use the services for which such data is required. Failure to provide the data marked as mandatory makes it impossible to provide the given service.
OMOM limits the scope of collected data to the necessary minimum (the data minimisation principle, Article 5(1)(c) GDPR).
In connection with the processing of data, you have the following rights:
To exercise your rights, contact us at administrator@omom.app. The Controller informs you of the actions taken without undue delay, no later than within one month of receiving the request; this period may be extended by a further two months for complex requests.
You can request the deletion of your data at any time by sending a message to administrator@omom.app. The data will be deleted without undue delay, no later than within 90 days, except for data whose further storage is required by law (e.g. accounting records) or necessary to establish, pursue, or defend against claims. Deletion of data does not affect the lawfulness of actions taken before its deletion.
In order to fulfil the order you have placed, OMOM transfers to the Creator fulfilling that order the data necessary to fulfil and deliver it, in particular: first name and surname, delivery address, phone number, and the content of the order. The Creator processes this data as a separate controller, solely for the purpose of fulfilling the order and meeting its own legal obligations (including tax and warranty/complaint obligations). The scope and rules of data processing by the Creator are set out in the agreement concluded between OMOM and the Creator.
Payments on the platform are handled via Stripe (Stripe, Inc. and Stripe Payments Europe, Ltd.) in the Stripe Connect model. Depending on the type of Seller, the Business mode (for registered businesses) or the Individual mode (for creators conducting unregistered activity) is used. Stripe processes the data necessary to process and settle payments as a separate controller in accordance with its own privacy policy available at stripe.com/privacy. When using Stripe, data may be transferred outside the European Economic Area – Stripe applies approved transfer mechanisms, in particular the standard contractual clauses (SCC) approved by the European Commission.
Entities acting on behalf of OMOM process data on the basis of data processing agreements (Article 28 GDPR).
As a rule, data is processed within the European Economic Area. In cases where the transfer of data outside the EEA is necessary (e.g. using Stripe services or certain analytics tools), it takes place solely with the application of appropriate safeguards provided for in the GDPR, in particular on the basis of an adequacy decision or standard contractual clauses approved by the European Commission. A copy of the safeguards applied can be obtained by contacting administrator@omom.app.
The service uses cookies (and technologies with similar functionality) to ensure the proper functioning of the platform, adapt it to the User’s preferences, and for statistical and marketing purposes.
| Type | Purpose | Basis |
|---|---|---|
| Essential | Session management, keeping you logged in, security, correct operation of the cart and the order process | Necessary to provide the service – no consent required |
| Functional | Remembering the User’s preferences and settings, adapting the layout and content | Consent |
| Analytics / statistical | Measuring traffic, analysing how the service is used, improving the platform | Consent |
| Marketing | Tailoring content and advertising messages, measuring ad effectiveness | Consent |
Cookies other than essential ones are installed only after the User has given consent via the cookie banner displayed on the first visit. Consent can be withdrawn or its scope changed at any time in the service or browser settings. Cookies store, among other things, a unique identifier, IP address, and information about the browser used; they serve to diagnose problems, administer the service, and analyse its use. Blocking or deleting cookies may limit the ability to use some features of the service.
The Controller applies appropriate technical and organisational measures ensuring protection of the processed personal data adequate to the risks and the categories of data, including safeguards against disclosure to unauthorised persons, loss, damage, or destruction.
Users’ personal data is not used for automated decision-making producing legal effects or similarly significantly affecting the User, including profiling with such an effect.
The Controller reserves the right to change this Privacy Policy. Users will be informed of any significant changes through the publication of an updated version on the service and – where necessary – in another appropriate manner. The current version of the Policy applies from the date of its publication.