RODO services for the construction and real estate industry
This is how we designed ODO 24 services to meet the most demanding expectations of companies and institutions by tailoring solutions to the individual needs of customers.
ODO 24 services – our mission
Our mission is to build safe working environments that ensure full compliance with regulations and cyber resilience. By choosing ODO 24, your organisation gains not only professional support, but also peace of mind that challenging topics are in the best hands.
The scope of the GDPR services in the retail and e-commerce sectors
Data security in sales and e-commerce business case
The sales and e-commerce industry processes personal data in an intensive and automated way - from identification and address data to order history, purchase preferences and marketing consents. In an environment based on fast online transactions, the biggest challenge of RODO is to ensure that data is transparent, up-to-date and secure across multiple customer touchpoints - on the website, mobile app, payment system or newsletter. In addition, e-commerce companies often use third-party services (logistics, IT, payment processing), which increases the risks associated with unstructured data entrustment.
ODO 24 has implemented RODO in online shops, sales platforms and retail chains operating hybrids - online and offline. We conducted compliance audits, implemented privacy policies, consent management systems and updated records of processing activities. We also developed templates for compliant marketing communications and training for e-commerce, marketing and customer service departments. We also sorted out issues of customer profiling, 'tracking' customers through cookies and similarly-enabled technologies, notifying them of an abandoned shopping cart. We assisted with trade shows and competitions, including those conducted via social media. In doing so, our clients have increased the transparency of their activities, structured their relationships with partners and reduced the risk of consumer complaints and regulator scrutiny. We have regulated the acquisition of marketing databases in accordance with RODO and PKE, and the issues of offering webinars and e-books in exchange for marketing consents (WUDE regulations, consents from PKE, legal basis from RODO). Other issues we have handled include: monitoring during shopping in stationary shops in terms of customer preferences (use of AI for this) (information clause, analysis of the use of AI in the process, privacy by design, ew. DPIA), marketing of business partners (consents from RODO and PKE, information clause), verification of relations with business partners - when it is a controller - controller relationship and when it is a controller - processor relationship (data flow analysis, possibly conclusion of entrustment agreements, security surveys), minimisation of address data necessary for dispatch (when customers collect full address data for dispatch was to take place to the point of collection).
The e-commerce industry is exposed to many legal risks related to the protection of personal data, also at the interface with consumer rights or new digital regulations. Personal data is often processed on a large scale in connection with various processes such as account maintenance, loyalty programme, direct marketing, profiling. A large online shop has to cope with more queries and requests from customers in connection with the processing of their personal data. ODO 24 supports e-commerce entrepreneurs in every customer service process. As part of our ongoing support for one of our clients in this industry, we carried out: adaptation of the processing information to the new requirements (DSA, DAC7), support in the implementation of rights: right of access, right to erasure, including in communication with customers, audit of the customer path in the online shop, advice on the implementation of new cookies.
We serve or have served, among other things.
The sales and e-commerce industry processes personal data in an intensive and automated way - from identification and address data to order history, purchase preferences and marketing consents. In an environment based on fast online transactions, the biggest challenge of RODO is to ensure that data is transparent, up-to-date and secure across multiple customer touchpoints - on the website, mobile app, payment system or newsletter. In addition, e-commerce companies often use third-party services (logistics, IT, payment processing), which increases the risks associated with unstructured data entrustment.
ODO 24 has implemented RODO in online shops, sales platforms and retail chains operating hybrids - online and offline. We conducted compliance audits, implemented privacy policies, consent management systems and updated records of processing activities. We also developed templates for compliant marketing communications and training for e-commerce, marketing and customer service departments. We also sorted out issues of customer profiling, 'tracking' customers through cookies and similarly-enabled technologies, notifying them of an abandoned shopping cart. We assisted with trade shows and competitions, including those conducted via social media. In doing so, our clients have increased the transparency of their activities, structured their relationships with partners and reduced the risk of consumer complaints and regulator scrutiny. We have regulated the acquisition of marketing databases in accordance with RODO and PKE, and the issues of offering webinars and e-books in exchange for marketing consents (WUDE regulations, consents from PKE, legal basis from RODO). Other issues we have handled include: monitoring during shopping in stationary shops in terms of customer preferences (use of AI for this) (information clause, analysis of the use of AI in the process, privacy by design, ew. DPIA), marketing of business partners (consents from RODO and PKE, information clause), verification of relations with business partners - when it is a controller - controller relationship and when it is a controller - processor relationship (data flow analysis, possibly conclusion of entrustment agreements, security surveys), minimisation of address data necessary for dispatch (when customers collect full address data for dispatch was to take place to the point of collection).
The e-commerce industry is exposed to many legal risks related to the protection of personal data, also at the interface with consumer rights or new digital regulations. Personal data is often processed on a large scale in connection with various processes such as account maintenance, loyalty programme, direct marketing, profiling. A large online shop has to cope with more queries and requests from customers in connection with the processing of their personal data. ODO 24 supports e-commerce entrepreneurs in every customer service process. As part of our ongoing support for one of our clients in this industry, we carried out: adaptation of the processing information to the new requirements (DSA, DAC7), support in the implementation of rights: right of access, right to erasure, including in communication with customers, audit of the customer path in the online shop, advice on the implementation of new cookies.
We serve or have served, among other things.
GDPR and cybersecurity – challenges for the automotive sector
Online shops, sales platforms and retail chains process the data of thousands of customers every day - including contact, transactional, behavioural and often location-based data. The increasing scale of personalisation, automation and system integration makes data protection in e-commerce not only an obligation under the RODO, but also a matter of real digital security.
Securing personal data and IT infrastructure - such as payment systems, customer databases, marketing automation tools or third-party partner integrations - requires the implementation of effective cyber security mechanisms: from encryption and access management to incident monitoring and response to attack attempts.
In an industry where trust counts and every second of downtime means real losses, data protection is more than compliance - it is a prerequisite for business stability, customer loyalty and resilience to increasingly sophisticated digital threats.
We use recognized international standards.
This is how you recognize quality
We use recognized international standards. This is how you recognize quality
CIPM
Implementation of privacy and personal data protection system
ISO/IEC 27001
Information technology - Security techniques - Information security management systems
ISO/IEC 29134
Information technology - Security techniques - Guidelines for data protection impact assessment
ISO/IEC 27001
Privacy information management system
ISO 31000
Risk management - Principles and guidelines
PRINCE2 and SMC™
Project management methodologies
ISO 19011
Guidelines for auditing management systems
ISO/IEC 27005
Information technology - Security techniques - Information security risk management
Looking for solutions tailored to the retail and e-commerce sector? We invite you to work with us!
What our customers say about our services
Marcin Wieczorek
„I am very impressed with the high level of substantive expertise of the training staff"
From 13 to 17 March I attended the "Course for Information Security Administrators" organized by ODO 24 sp. z o.o. I am very impressed with the high substantive level of the training staff and the comprehensive program. Working as an ABI requires knowledge not only of legal provisions but also of IT matters, which ODO 24 took into account. Noteworthy is the curriculum, which gradually introduces increasingly advanced nuances of personal data protection, starting from the legal basics and ending with practical aspects of auditing and working with documents within a company. The complete set of materials, editable documents and publications I received will facilitate my daily work as an ABI. I can certainly recommend ODO 24 as a reliable partner offering training services of a high standard.
Magdalena Węglewska
„We can wholeheartedly recommend ODO 24 as a professional and reliable partner"
For many years we have consistently placed great importance on the protection of the personal data of our customers as well as our employees. We took an active part in creating the "Code of Good Practice for the Protection of Personal Data of Customers and Potential Customers,” developed jointly by GIODO and the Polish Automotive Industry Association. Due to the complexity and variability of the rules on personal data protection, as well as Mazda’s dynamic development in Poland and the increasing volume of data we process, we decided to entrust the ABI function to a company specialized in this field. The decision to use the services of ODO 24 was primarily influenced by the experience and competence of the team of experts, the comprehensiveness of the offering and its flexibility in adapting to our organization. After a year of cooperation we can recommend ODO 24 as a professional and reliable partner.
Agnieszka Karłowicz
„A practical approach, continuous advisory availability, and positive working relationships"
We have been working with ODO24 for over a year. For us it has been a year of peaceful breathing and a sense of security: at least regarding personal data protection :-) The people at ODO are professionals who explain matters that are incomprehensible to the average person in an understandable way. They understand not only their profession but, which is very important to us, business and its requirements. A practical approach, constant advisory availability, and great relationships — all of this means I can recommend this Company to anyone who wants to work and sleep peacefully.
Tomasz Siwicki
„I recommend the company ODO 24 as a professional partner"
For several years we have been cooperating with ODO 24 in the field of personal data protection. A professional team that efficiently helped us to comply with the requirements of the GDPR. We make use not only of the experts’ knowledge but also of professionally prepared e‑training, thanks to which we were able to train several hundred employees in a very short time. I highly recommend ODO 24 as a professional partner delivering services at the highest level.
Opinion of the participants
Opinions4.9
(173)
(173)
Tomasz G.
2 years ago
I wanted to thank you for the wonderful training I've had at your company, the materials were very well prepared, and the instructor has shown tremendous knowledge and experience.
Aleksandra P.
2 years ago
Training at a very high level, I highly recommend!!! Training materials very useful in everyday work.
Sławomir M.
2 years ago
Mrs. Mecenas, it was an honor to be able to take part in this training, and thank you very much for your professional approach and valuable practical guidance.
Wacław T.
3 years ago
The IOD course organized by ODO24 has met all my expectations, a very practical approach, concrete examples and professional support.
Maria K.
1 year ago
The training was conducted in a way that was understandable even to those without previous experience in this field.
Piotr N.
10 months ago
Very good training, a lot of practical examples, a little bit too little time to ask questions, but overall I'm satisfied.
Anna W.
8 months ago
A professional approach, a great atmosphere during the training, the instructor answered all the questions thoroughly, and I highly recommend ODO24!
Jan K.
1 year ago
It's the best personal data protection training I've ever had, specific examples from real life, not just a dry theory, I recommend it to anyone who works with GDPR.
Katarzyna J.
6 months ago
The training meets my expectations. A lot of practical knowledge, good materials. The only drawback is too much group, so less time for individual consultations.
Michał L.
4 months ago
Excellent training! A very competent conductor with vast experience. Everything explained in a clear and understandable way. The training materials are very useful.
Joanna D.
3 months ago
I recommend ODO24 training to anyone seeking a sound knowledge of the field of ODO: professional service, excellent organisation and excellent teaching facilities.
Andrzej S.
2 months ago
Sometimes the pace was a little too fast, but the conductor was happy to return to the topics discussed earlier at the request of the participants.
RODO in sales and e-commerce questions and answers
How much do RODO services for shops and e-commerce cost?
Cost depends on the number of sales channels, the technologies used and the level of automation. We offer packages for online stores, brands with their own platform, sales networks and e-commerce businesses operating on marketplaces. We prepare an individual quotation depending on the size of the operation and the systems used.
What RODO problems most commonly arise in online sales?
The most common are a lack of a properly constructed marketing consent mechanism, an inconsistent privacy policy and the absence of legally compliant checkboxes. Many companies also struggle to manage customer data in integrated systems (CRM, e-mail, analytics, payments).
Do I need separate consents for newsletter, remarketing and profiling?
Not always – but if the legal basis for processing data for marketing purposes is consent, it should be explicit, voluntary and given separately for each purpose. This means that:
- Newsletter(email communication) requires separate consent in accordance with the provisions of the Act on the Provision of Electronic Services and the Telecommunications Law.
- Remarketing(e.g. tracking activity on the website for the purpose of targeting ads) may require consent to cookies or other tracking technologies – in accordance with online privacy regulations (ePrivacy).
- ProfilowanieProfiling for marketing purposes requires separate consent if it produces legal effects for the person or similarly significantly affects them – pursuant to Article 22 RODO.
Therefore, it is worth separating consents in forms and creating a clear, RODO-compliant checkbox mechanism that also enables proper documentation of consents given. We offer full support in this regard.
Which data are most at risk in e-commerce?
They are contact and address details, transactional data, purchase history and shopping preferences. High risk also applies to analytics data, profiling and connections to social media and external advertising platforms.
Does RODO also cover data collected in mobile applications and by chatbots?
Yes – any processing of personal data, regardless of the channel (website, app, live chat, social media), falls under RODO. You must ensure consistency of communications, policies and consents across all customer touchpoints.
Will the implementation of RODO impede the operation of the store or reduce conversion?
No – well-implemented RODO can increase trust and improve the user experience. We ensure that solutions are compliant with the regulations while remaining user-friendly and commercially effective.
Does ODO 24 understand the specifics of the sales and e-commerce industry?
Yes – we have worked with online stores, omnichannel brands, retail chains and D2C start-ups. We know the tools, sales models and the points at which RODO most commonly fails.
Can I take advantage of a free initial consultation?
Yes! We offer a free consultation for e-commerce companies and retail chains – we will help organise customer data, refine consents and ensure compliance with RODO without risk to sales performance.
Our greatest value is the trust of our customers.
How can we help you?
Write or call, we will find a solution
