We care about the safety and comfort of customers, we protect their data and we comply with consumer rights

The Rights Protection Cooperation Program (Program Współpraca w Ochronie Praw) was created to eliminate illegal items and service offers from Allegro. We verify reports regarding violations of:

• industrial property rights (for example, selling counterfeit items)
• copyright (for example, the use of images without the copyright owner’s permission).

We protect:

• brand owners’ rights
• sellers – often unaware of violations – from legal consequences
• buyers from purchasing goods which violate the law

The Product Safety Pledge is a European Commission initiative, supporting the cooperation of various market regulators (the Office of Competition and Consumer Protection in Poland, UOKiK) and the biggest e-commerce platforms in Europe. Our joint objective is to ensure consumer safety as well as to educate both buyers and sellers on potential threats from products deemed dangerous or posing a serious threat.

When emphasizing Allegro’s responsibility for each transaction, the Discussions (Dyskusje) and the Buyer Protection Program (Program Ochrony Kupujących) should be mentioned. In the extremely rare case a consumer makes a transaction but does not receive the item paid for, the item received is not as described in the offer, is damaged, the consumer receives an incomplete order, returns the item and does not receive a refund from the seller, the buyer may start a discussion with the seller. Over 97% of issues between parties are resolved this way. In cases where agreement is not reached, Allegro will pay the buyer full compensation.

In order to support our customers even better, we cooperate closely with the Office of Competition and Consumer Protection. We have launched a special contact channel for municipal and district Consumer Ombudsmen to clarify all matters referred to them by our clients.

Customer satisfaction on Allegro starts with ensuring safety and confidence that the purchases will be successful. Cybersecurity is among our management priorities. We conduct a bi-annual Cybersecurity Maturity Assessment [Ocena Dojrzałości Cyberbezpieczeństwa]. During the last such review in 2019, Allegro.pl scored higher than the market average. We have multiple security provisions in place, all of which are being monitored and improved on an ongoing basis. We also have a private and public bug bounty program where we enable users to submit security vulnerabilities they detected on our platform to our IT department. We have a Computer Emergency Response Team – CERT Allegro. It is an interdisciplinary team set up to increase the level of Allegro security as well as build awareness around security issues among our employees and users. CERT Allegro responds to cybersecurity threats, exchanges information, knowledge and experience about cyber threats with other, external CERT teams and supports raising security awareness among employees and users. We are members of Trusted Introducer, an initiative within the biggest European organisation of cyberthreat response teams. We are also active members of various working groups, including the IAB Polska Group for Cybersecurity (chaired by our employee) and the Working Group for Cybersecurity in the Supply Chain at the Chancellery of the Prime Minister.

In 2020, as a result of complaints submitted to the President of the Personal Data Protection Office, Allegro was a party to 6 proceedings. Only one procedure completed in 2020 resulted in a negative decision issued by the Office.

In 2020, no penalties were imposed on Allegro for violating the provisions on the protection of personal data. At every stage of data collection and processing, we make sure to comply with the obligation to inform the customer about the purpose and scope of processing their data and the right to access and rectify them.

The rules and policies adopted by Allegro in the area of customer privacy, data protection and cybersecurity, include

• Security policy (including the rules for managing security incidents)
• Procedure for handling and reporting significant incidents to CERT Polska
• The procedure for registering and managing data security incidents
• NDA circulation procedure
• Rules for personal data storage
• The procedure for reporting personal data breaches to the Personal Data Protection Office
• Business continuity management policy

The highest priority is to ensure a high level of infrastructure and data security based on a layered approach. The platform is protected by multiple layers of security, including protection against distributed denial-of-service attacks, bot detection systems or web application firewalls.

We make every effort to ensure the safety of consumers, to protect systems and consumer data processed and stored in them. We have also developed policies and procedures to manage data security risks. We use technical security measures that are periodically verified by internal auditors and external penetration testers as well as security analysts.

We also participate in private and public Bug Bounty programs and use third parties to improve our security practices and prevent and detect fraud.

We have also developed rules and risk management procedures linked to data security. We are making every effort to ensure safety for consumers using our platform. Towards this goal, we employ a variety of technical and organizational security provisions, implemented proportionately to risk estimates.

It is worth emphasizing that all of these solutions are being monitored and continuously upgraded, in proportion to the existing threats and risk levels. We regularly test our security solutions through penetration tests and independent and internal audits.

We respond to all questions, requests and complaints from external stakeholders regarding personal data on an ongoing basis, although we do not collect detailed statistics broken down by the type of notification.

In December 2020, the Advertising Council Office (Biuro Rady Reklamy) received a consumer complaint against a specific Allegro advert. In response, we stated our  intention to participate in the relevant proceedings and present our arguments. In our position before the Council, we emphasized the fact that even though we are not a formal member of The Union of Association Advertising Council  (Związek Stowarzyszeń Rady Reklamy) nor a signatory of the Code of Ethics in Advertising (Kodeks Etyki Reklamy), we are familiar and compliant with the rules and practices included in the Code. We also argued that the advert in question was produced with due care, with a sense of social responsibility as well as in compliance with the rules of fair competition. The Advertising Ethics Council agreed with this position and dismissed the complaint.