Privacy policy.

Data security

• Encryption of communication — the Website operates on the HTTPS protocol with a current SSL certificate, which ensures encryption of data transmitted between the User's browser and the server.
• Access control — only authorized employees of the Controller and processors entrusted with the data have access to personal data.
• Regular backups and testing of data recovery procedures.
• Security monitoring — unauthorized access detection systems, log monitoring, DDoS attack protection.
• Regular security audits and software updates.
• Internal security policies — employee training, incident handling procedures, business continuity plans.

Purposes and legal grounds for processing

Cookies

Data processing period

• Contact forms: until a response is provided, then for up to 3 years to handle potential claims and contact history.
• Newsletter: until consent is withdrawn by the User (possible at any time by clicking the "Unsubscribe" link in any email).
• Contract performance data: for the duration of the contract, then for the limitation period of contract claims (typically 6 years) and the period required by tax and accounting law.
• Cookie data: according to the validity periods of individual cookies — details in the Cookies Policy (from session up to 24 months).
• Server logs and technical data: up to 14 months for security and diagnostic purposes.
• Data processed on the basis of consent: until consent is withdrawn.
• Remarketing data: up to 540 days from the last interaction with the Website.

Transfer of data outside the EEA

• European Commission decisions confirming an adequate level of data protection — in particular, Commission Implementing Decision (EU) 2023/1795 on the EU-US Data Privacy Framework.
• Standard Contractual Clauses (SCC) approved by the European Commission, applied in contracts with providers outside the EEA.
• Additional safeguarding measures required by CJEU case law (in particular the Schrems II judgment).

Contact

Recipients of personal data

• Infrastructure and hosting providers: server providers and file hosting providers.
• Analytics tool providers: Google LLC (Google Analytics 4, Google Tag Manager, Google Search Console), Hotjar Ltd, Microsoft Clarity.
• Marketing tool providers: Google LLC (Google Ads), Meta Platforms Inc. (Facebook Pixel, Instagram Ads), LinkedIn Corporation (LinkedIn Insight Tag).
• CRM and email marketing system providers: systems for managing the customer database and sending newsletters.
• Form tool providers: systems for handling contact forms and data submissions.
• Accounting firm: for invoicing and client settlements.
• Law firms: for legal services, including the pursuit of claims.
• State authorities and institutions: in cases provided for by law (e.g. tax offices, law enforcement on the basis of valid requests).

Basic information

User rights

Right of access to data (Art. 15 GDPR)

The User has the right to obtain from the Controller confirmation as to whether their personal data is being processed and to obtain a copy of that data.

Right to rectification (Art. 16 GDPR)

The User has the right to request the rectification of inaccurate data and the completion of incomplete data.

Right to erasure ("right to be forgotten", Art. 17 GDPR)

The User has the right to request data erasure in cases specified in the GDPR — including when the data is no longer necessary for the purposes for which it was collected.

Right to restriction of processing (Art. 18 GDPR)

The User has the right to request restriction of data processing in specific situations provided for in the GDPR.

Right to data portability (Art. 20 GDPR)

The User has the right to receive their data in a structured format and to transfer it to another controller.

Right to object (Art. 21 GDPR)

The User has the right to object to data processing, in particular in the case of processing for direct marketing purposes.

Right to withdraw consent

If processing is based on consent (Art. 6(1)(a) GDPR), the User has the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.

Right to lodge a complaint with the supervisory authority

The User has the right to lodge a complaint with the President of the Polish Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl).

Profiling and automated decision-making

Types of data collected

• Identification and contact data: first name, last name, email address, phone number, company name, position.
• Technical data: IP address, device identifier, web browser data, operating system, approximate location, browser language.
• Data on the use of the Website: pages visited, time spent on the page, traffic source, clicks, navigation path, progress in interactive tools (e.g. SEO Checklist).
• Business data: provided in contact forms — industry, business scale, budget, current store technology, growth plans.
• Contract performance data: company data (NIP, REGON, KRS, registered address), contact details on the client side, invoicing data.
• Cookie data: session identifiers, preferences, analytics data — details in the Cookies Policy.

Changes to the Privacy Policy

• changes in legal provisions binding the Controller;
• the introduction of new functionalities or services on the Website requiring new processing purposes;
• changes in the tools and processors handling data on behalf of the Controller;
• the introduction of significant organizational changes on the Controller's side.