2020 ESG

We care about the safety and comfort of customers, we protect their data and we comply with consumer rights

We are proud to say that 90% of our customers rate shopping on the Allegro platform as safe. This is an excellent result and we are working hard to constantly raise standards in this area. We fight all attempts of fraud or breaking the law on our website in an uncompromising manner. We also invest in the latest IT solutions and train our employees.

Safety, customer convenience, reliability of sellers and high quality of products offered on our platform are our core values. (...) To ensure the highest level of security, many teams are involved in continuous monitoring, identification and elimination of suspicious behaviours that may endanger buyers and sellers.

Bogna Niklasiewicz Trust & Safety Director
  • 103-1

The safety and convenience of customers and sellers are of key importance to Allegro.

The platform is designed to ensure stability, based on state-of-the-art solutions. We use the following measures to ensure that shopping on our platform is secure:

  • Buyer Protection Program [Program Ochrony Kupujących]
  • Rights Protection Cooperation Program [Program Współpraca w Ochronie Praw]
  • Active elimination of infringing offers, including the exclusion of counterfeit items.
  • Quick response to rights infringement reports
  • Cooperation with the European administration as well as government agencies to recall products that fail to meet specific norms or are not allowed on the market – Product Safety Pledge
    • Memorandum of Understanding on the sale of counterfeit goods via the internet, signed under the auspices of the European Commission.
  • Cooperation with the Office of Competition and Consumer Protection (UOKiK) as well as municipal and district Consumer Ombudsmen, including joint consultations, assessments and analyses.
  • The Anti-Smog Coalition along with the Polish Smog Alert and the Office of Competition and Consumer Protection (UOKiK)
  • Regulations governing prohibited and conditionally admitted goods
  • The Safe Online Shopping Program [Bezpieczne z@kupy w sieci]
  • My Sales Quality – transparent buyer reviews

The safety of our customers

The Rights Protection Cooperation Program (Program Współpraca w Ochronie Praw) was created to eliminate illegal items and service offers from Allegro. We verify reports regarding violations of:

  • industrial property rights (for example, selling counterfeit items)
  • copyright (for example, the use of images without the copyright owner’s permission).

We protect:

  • brand owners’ rights
  • sellers – often unaware of violations – from legal consequences
  • buyers from purchasing goods which violate the law

We are constantly working to increase the awareness of customers and sellers on issues related to intellectual property, protection of rights and their violations. For this purpose, we cooperate with national and international partners, including with owners of exclusive rights under the Rights Protection Cooperation Program, which currently brings together over 1,700 brandsWe are also a signatory to the Memorandum of Understanding on the Sale of Counterfeit Goods and the Product Safety Pledge.

Joanna Gęga Intellectual Property Team Manager

Allegro.pl signed the Product Safety Pledge

The Product Safety Pledge is a European Commission initiative, supporting the cooperation of various market regulators (the Office of Competition and Consumer Protection in Poland, UOKiK) and the biggest e-commerce platforms in Europe. Our joint objective is to ensure consumer safety as well as to educate both buyers and sellers on potential threats from products deemed dangerous or posing a serious threat.

When emphasizing Allegro’s responsibility for each transaction, the Discussions (Dyskusje) and the Buyer Protection Program (Program Ochrony Kupujących) should be mentioned. In the extremely rare case a consumer makes a transaction but does not receive the item paid for, the item received is not as described in the offer, is damaged, the consumer receives an incomplete order, returns the item and does not receive a refund from the seller, the buyer may start a discussion with the seller. Over 97% of issues between parties are resolved this way. In cases where agreement is not reached, Allegro will pay the buyer full compensation.

In order to support our customers even better, we cooperate closely with the Office of Competition and Consumer Protection. We have launched a special contact channel for municipal and district Consumer Ombudsmen to clarify all matters referred to them by our clients.

We strive for your complete satisfaction, which is why we offer you additional security through our Buyer Protection Program (BPP for short) so that you can feel safe even if something goes wrong.

Jarosław Dykrzak Dispute Monitoring and Coverage Leader

Read more about the Buyer Protection Program

Allegro’s Buyer Protection Program 2019 2020
% of customers who think that buying on Allegro is safe or as safe as on other platforms 92.00% 93.03%
The NPS index among Allegro customers who have taken advantage of Allegro’s Buyer Protection Program (POK) +66.73 +71.32
The average number of transactions on Allegro.pl against a single reimbursement made Buyer Protection Program (POK) 12,030 7,440
Average time it takes to receive a refund 5 days 5 days
Average time it takes to receive a refund (SMART Program members) 12h 12h
In practice
The Safe Online Shopping

For years, we have been sharing our experience and educating customers about the opportunities offered by online shopping. We have introduced the Safe Online Shopping Program [Bezpieczne z@kupy w sieci] addressed to schoolchildren aged 13-18 years and students, i.e. some of the most active customers of online shops. We continue to demonstrate how to do online shopping safely. We also educate customers how to verify sellers and pay for shopping in a secure manner. Moreover, we raise awareness around identity theft. In 2020 we organized 25 workshops, most of them online, for over 2,600 participants.

  • G-S1


Customer satisfaction on Allegro starts with ensuring safety and confidence that the purchases will be successful. Cybersecurity is among our management priorities. We conduct a bi-annual Cybersecurity Maturity Assessment [Ocena Dojrzałości Cyberbezpieczeństwa]. During the last such review in 2019, Allegro.pl scored higher than the market average. We have multiple security provisions in place, all of which are being monitored and improved on an ongoing basis. We also have a private and public bug bounty program where we enable users to submit security vulnerabilities they detected on our platform to our IT department. We have a Computer Emergency Response Team – CERT Allegro. It is an interdisciplinary team set up to increase the level of Allegro security as well as build awareness around security issues among our employees and users. CERT Allegro responds to cybersecurity threats, exchanges information, knowledge and experience about cyber threats with other, external CERT teams and supports raising security awareness among employees and users. We are members of Trusted Introducer, an initiative within the biggest European organisation of cyberthreat response teams. We are also active members of various working groups, including the IAB Polska Group for Cybersecurity (chaired by our employee) and the Working Group for Cybersecurity in the Supply Chain at the Chancellery of the Prime Minister.

At Allegro, we care about the safety of our employees, customers and partners every day. I cannot reveal too many details for security reasons, but the system is multi-layered and very complex.

Michał Wierucki Chief Security Officer

Data safety

  • 103-3
  • G-S1

Customer Privacy

We also take care of your personal data. We are fully compliant with the GDPR. We carefully follow the decisions and guidelines issued by the Personal Data Protection Office (PDPO) and the EDPB (European Data Protection Board) and then verify and, if necessary, adjust our actions. All Allegro employees undergo training in the field of security policy and GDPR rules. We additionally carry out audits to verify compliance with the provisions of the GDPR. The audit carried out between September and December 2020 did not reveal any significant shortcomings.

We keep a record of all security incidents involving data, including personal data. The most serious incident reported to the Personal Data Protection Office in 2020 was the disappearance of a registered letter containing an employment contract. The sealed envelope with the documents was found in a waste paper container in the block where the addressee lives. It is possible, therefore, that someone could have accessed his personal data, including information on remuneration. In the light of the ENISA (European Union Agency for Cybersecurity) guidelines on the assessment of the risk of a breach of personal data protection that the Group follows in the event of such incidents, we were required to report the incident to the supervisory authority.

  • 418-1
  • G-S1

In 2020, as a result of complaints submitted to the President of the Personal Data Protection Office, Allegro was a party to 6 proceedings. Only one procedure completed in 2020 resulted in a negative decision issued by the Office.

In 2020, no penalties were imposed on Allegro for violating the provisions on the protection of personal data. At every stage of data collection and processing, we make sure to comply with the obligation to inform the customer about the purpose and scope of processing their data and the right to access and rectify them.

Responsible approach

  • 103-2
  • 418-1
  • G-S1

Rules and policies adopted by Allegro in the area of privacy and data protection

The rules and policies adopted by Allegro in the area of customer privacy, data protection and cybersecurity, include

  • Security policy (including the rules for managing security incidents)
  • Procedure for handling and reporting significant incidents to CERT Polska
  • The procedure for registering and managing data security incidents
  • NDA circulation procedure
  • Rules for personal data storage
  • The procedure for reporting personal data breaches to the Personal Data Protection Office
  • Business continuity management policy

The highest priority is to ensure a high level of infrastructure and data security based on a layered approach. The platform is protected by multiple layers of security, including protection against distributed denial-of-service attacks, bot detection systems or web application firewalls.

We make every effort to ensure the safety of consumers, to protect systems and consumer data processed and stored in them. We have also developed policies and procedures to manage data security risks. We use technical security measures that are periodically verified by internal auditors and external penetration testers as well as security analysts.

We also participate in private and public Bug Bounty programs and use third parties to improve our security practices and prevent and detect fraud.

We have also developed rules and risk management procedures linked to data security. We are making every effort to ensure safety for consumers using our platform. Towards this goal, we employ a variety of technical and organizational security provisions, implemented proportionately to risk estimates.

It is worth emphasizing that all of these solutions are being monitored and continuously upgraded, in proportion to the existing threats and risk levels. We regularly test our security solutions through penetration tests and independent and internal audits.

The total number of legitimate privacy complaints: 2019 2020
Complaints submitted to the regulating authority (PDPO) requiring corrective measures 0 1
Cybersecurity and data privacy infringements 2019 2020
Cybersecurity infringements (the total number of identified leaks, thefts or customer data loss) 0 0
Data privacy infringements (reported to the relevant authorities) 0 1


We respond to all questions, requests and complaints from external stakeholders regarding personal data on an ongoing basis, although we do not collect detailed statistics broken down by the type of notification.

In practice

One of the most important elements of safety is the human factor and building awareness among employees. All our employees undergo training in the field of security policy and GDPR principles (including general information as well as internal policies and procedures). These take place during onboarding sessions and are repeated every year. As part of the onboarding sessions, we also conduct security awareness workshops with case studies to help recognise a phishing campaign.

We also organize additional training for employees on security threats, social engineering and online privacy. We use every opportunity to educate our employees in the area of security. This year's events we celebrated include Safer Internet Day, Data Privacy Day, World Password Day. Additionally, we organise a wide range of contests and competitions, e.g. on Computer Security Day.

  • 103-1
  • 103-2
  • 103-3

Allegro.eu is the owner of strong brands such as Allegro, Ceneo and eBilet. We constantly strive to increase their recognition among both buyers and sellers through public relations and strategic partnerships. We use both traditional and online marketing.

We make sure that our marketing messages are always clear, unambiguous and true. We also require the same from companies that advertise their goods on our platform. Everyone must comply with the Terms and Conditions of Selling and Displaying Ads on Allegro.pl (Regulamin sprzedaży i emisji reklam), and Ads Service is regulated by the Ads Service Terms and Conditions.

In 2020, Allegro.pl, Ceneo.pl and eBilet.pl were not the addressees of any fines, nor did they record any non-compliance with voluntary codes regulating the issues of marketing communication.

  • 417-3

In December 2020, the Advertising Council Office (Biuro Rady Reklamy) received a consumer complaint against a specific Allegro advert. In response, we stated our  intention to participate in the relevant proceedings and present our arguments. In our position before the Council, we emphasized the fact that even though we are not a formal member of The Union of Association Advertising Council  (Związek Stowarzyszeń Rady Reklamy) nor a signatory of the Code of Ethics in Advertising (Kodeks Etyki Reklamy), we are familiar and compliant with the rules and practices included in the Code. We also argued that the advert in question was produced with due care, with a sense of social responsibility as well as in compliance with the rules of fair competition. The Advertising Ethics Council agreed with this position and dismissed the complaint.

Search results