Privacy Policy

Last updated: January 4, 2026

We respect your privacy! This Privacy Policy explains what data we collect, for what purpose, and how we protect it.

1. Personal Data Administrator

The administrator of your personal data is:

Damian Bednarski
Business activity
Email: kontakt@damianbednarski.com
Website: www.damianbednarski.com

2. What Data Do We Collect?

2.1. Voluntarily Provided Data

When you contact us through the contact form or email, we collect:

First and last name
Email address
Phone number (optional)
Message content
Other data you decide to provide us

2.2. Automatically Collected Data

While browsing our website, we automatically collect:

IP address
Browser type and operating system
Visit time and date
Visited subpages
Referral source
Website usage data (via Google Analytics)

2.3. Cookies

Our website uses cookies. Details can be found in the Cookie Policy.

3. Purpose of Data Processing

We process your data solely for the following purposes:

3.1. Contact and Inquiry Handling

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance) or lit. f (legitimate interest)
Purpose: responding to inquiries, quote preparation, communication
Retention period: until the matter is resolved or 3 years from last contact

3.2. Contract Performance

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance)
Purpose: order execution, invoice issuance, project-related contact
Retention period: contract duration + 5 years (tax regulations)

3.3. Marketing

Legal basis: Art. 6 para. 1 lit. a GDPR (consent) or lit. f (legitimate interest)
Purpose: sending information about our services (only if you have consented)
Retention period: until consent withdrawal

3.4. Analytics and Statistics

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)
Purpose: website traffic analysis, content optimization (Google Analytics)
Retention period: 26 months (Google Analytics)

3.5. Protection Against Abuse

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)
Purpose: protection against spam, attacks, abuse
Retention period: up to 12 months

4. Disclosure of Personal Data

Your data may be disclosed to the following entities:

4.1. Subcontractors

Hosting provider - data storage on server
Google Analytics - website traffic analysis (anonymized data)
EmailJS - email sending service from contact form
Accounting services provider - invoice issuance (if applicable)

4.2. State Authorities

In justified cases, data may be transferred to law enforcement agencies or other authorized institutions.

4.3. Data Transfer Outside the EEA

Some tools (e.g., Google Analytics, EmailJS) may transfer data outside the European Economic Area. We only use services that ensure an appropriate level of data protection.

5. Your Rights

Under GDPR, you have the following rights:

5.1. Right of Access to Data

You have the right to obtain confirmation whether we process your data and receive a copy thereof.

5.2. Right to Data Rectification

You may request correction of incorrect data or completion of incomplete data.

5.3. Right to Erasure ("right to be forgotten")

You may request deletion of your data unless regulations require their storage (e.g., invoices).

5.4. Right to Restriction of Processing

You may request restriction of processing of your data in specific situations.

5.5. Right to Data Portability

You have the right to receive your data in a structured format or transfer it to another administrator.

5.6. Right to Object

You may object to data processing, especially for marketing purposes.

5.7. Right to Withdraw Consent

If processing is based on consent, you may withdraw it at any time.

5.8. Right to Lodge a Complaint

You have the right to file a complaint with the President of the Personal Data Protection Office (PUODO).

How to exercise your rights?

To exercise your rights, send an email to: kontakt@damianbednarski.com

We will respond within 30 days of receiving the request.

6. Data Security

We apply appropriate technical and organizational measures to protect your data:

SSL/TLS encryption - secure HTTPS connection
Secure servers - hosting with reputable providers
Restricted access - only authorized persons have access to data
Regular backups - protection against data loss
Security updates - regular patching of security vulnerabilities
Monitoring - detection of unauthorized access attempts

7. Children's Data

Our website is not directed at persons under 16 years of age. We do not knowingly collect data from children. If you are a parent/guardian and learn that your child has provided us with data, please contact us.

8. Changes to the Privacy Policy

We reserve the right to update this Privacy Policy. We will inform about significant changes through:

Announcement on the homepage
Email (if we have your address)
Update of the "Last updated" date at the top of this document

We recommend regularly checking this page to familiarize yourself with any changes.

9. Detailed Information About Tools

9.1. Google Analytics

We use Google Analytics to analyze website traffic. Google Analytics collects data through cookies, including:

Information about visited pages
Time spent on the website
Referral source
Demographic data (age, gender, interests - in aggregated form)
Geographic data (country, city)

IP addresses are anonymized. You can opt out of Google Analytics by installing the add-on: Google Analytics Opt-out Browser Add-on

9.2. EmailJS

The contact form uses the EmailJS service to send messages. Data from the form (name, email, message content) is transmitted to EmailJS to deliver the email message.

EmailJS Privacy Policy: emailjs.com/legal/privacy-policy

9.3. Hosting

The website is hosted on professional hosting service provider servers. The hosting provider has technical access to the data but is contractually obligated to protect it and does not use it for its own purposes.

10. Legal Basis

Personal data processing is based on:

GDPR Regulation - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
Act on the Protection of Personal Data - Act of 10 May 2018
Act on the Provision of Electronic Services - Act of 18 July 2002
Consumer Rights Act - Act of 30 May 2014

11. Privacy Contact

If you have questions about this Privacy Policy or how your data is processed, please contact us:

Email: kontakt@damianbednarski.com
Contact form: www.damianbednarski.com

12. Personal Data Protection Office

You may contact the supervisory authority:

Personal Data Protection Office (PUODO)
ul. Stawki 2, 00-193 Warszawa
Tel.: 22 531 03 00
Email: kancelaria@uodo.gov.pl
www.uodo.gov.pl

This Privacy Policy has been prepared in accordance with GDPR and Polish personal data protection regulations.