Privacy Policy

1. Data Controller

The controller of your personal data is Filip Krasiewicz, operating a sole proprietorship under the name IT Po Twojemu, with registered address at ul. B. Prusa 12, 05-270 Marki, Poland, Tax ID (NIP): 125 172 95 90.

For matters related to personal data protection, you can contact us:

• Email: privacy@itpotwojemu.pl
• Phone: +48 601 131 446
• Postal address: ul. B. Prusa 12, 05-270 Marki, Poland

2. Data We Collect

When using our website, we may collect the following categories of personal data:

2.1. Data provided voluntarily

• First and last name
• Email address
• Content of messages sent via the contact form

2.2. Data collected automatically

• IP address
• Browser and device type
• Location data (approximate, based on IP)
• Information about website interaction (pages visited, time on site)
• Cookie data (see section 6)

2.3. Obligation to Provide Data and Consequences

Providing personal data via the contact form is voluntary but necessary to:

• Respond to your inquiry
• Contact you regarding potential collaboration
• Execute a potential automation services agreement

Consequences of not providing data: Failure to provide an email address or other contact information will prevent us from responding to your inquiry and establishing contact to discuss potential collaboration.

Automatically collected data is divided into two categories:

• Essential technical data (e.g., IP address, basic server logs) – necessary for proper website functioning, security, and required by law regarding electronic service provision.
• Analytics data (Matomo, including a visitor identifier in cookies, visited URLs, referrer, language, device and browser type, and approximate location based on IP address) – collected only after you click “Accept” in the analytics banner. Rejecting analytics does not affect the basic operation of the website.

3. Purposes of Data Processing

We process your personal data for the following purposes:

3.1. Details of Legitimate Interests

Where processing is based on legitimate interests (Art. 6(1)(f) GDPR), our legitimate interests are:

• Analytics and statistics – Conducting basic visit statistics to analyze website effectiveness, improve content, and optimize user experience. This enables us to better tailor our offerings to visitor needs.
• Protection against spam and bots – Maintaining website security, protection against automated attacks, contact form abuse, and malicious bot activities. This is essential to ensure proper functioning of our services.
• Legal claims – Establishment, exercise, or defense of legal claims arising from the use of our services or website.
• Diagnostic logs – Diagnostics and error resolution in automation scenarios to ensure proper service delivery and maintain service quality.

3.2. Automated Decision-Making and Profiling

We inform you that we do not make automated decisions concerning you, including profiling within the meaning of Article 22 GDPR, that would produce legal effects concerning you or similarly significantly affect you.

Data collected by Matomo is used solely to create aggregated statistics regarding website traffic and is not used to make decisions concerning specific individuals.

4. Data Processing Within Provided Services

4.1. Data Controller vs Data Processor

In the course of our business activities, we assume different roles depending on the data processing context:

4.2. Data processed within service delivery

When providing business process automation services (e.g., CRM integration, email marketing automation, order processing), we may access personal data of your customers or contractors. In such cases:

• You remain the Data Controller of such data
• We act as Data Processor exclusively under your instructions
• Processing terms are governed by a separate Data Processing Agreement (DPA), executed before service commencement

4.3. Diagnostic logs

For diagnostic and debugging purposes (Make/n8n scenario troubleshooting), temporary logs containing fragments of processed data may be collected. These logs:

• Are retained for a maximum of 30 days
• Serve exclusively for diagnostics and error resolution
• Are deleted immediately after the issue is resolved
• Are processed under Art. 6(1)(f) GDPR (legitimate interests)

4.4. Sub-processors

As part of providing automation services, we may use sub-processors (providers of automation tools and platforms). The list of sub-processors is provided before commencing cooperation within the Data Processing Agreement (DPA) and requires your authorization in accordance with Art. 28(2) and (4) GDPR.

Typical tools used as sub-processors include: Make.com, n8n (self-hosted), Google Workspace, and other integration platforms necessary for project execution. The exact list depends on the project scope and is determined individually.

5. Data Recipients

Your personal data may be shared with the following categories of recipients:

• Matomo – analytics is operated as a self-hosted instance at itpotwojemu.pl/matomo, without transferring analytics data to Google Analytics or Usercentrics
• Notion Labs, Inc. – for project management and communication (EU-U.S. Data Privacy Framework certified + Standard Contractual Clauses)
• Google Ireland Limited – as part of Google Sheets services (processing within the EU)
• n8n hosting provider – servers located within the European Union

5.1. Data transfers to the USA and safeguards

Some of our service providers are based in the United States. Data transfers to the USA are conducted based on the following safeguarding mechanisms:

EU-U.S. Data Privacy Framework (DPF) – You can verify the DPF certification of specific entities at: dataprivacyframework.gov

Standard Contractual Clauses (SCCs) – Where a provider does not have DPF certification or as an additional safeguard, we use Standard Contractual Clauses approved by the European Commission. Upon your request, we will provide a copy of the applied SCCs. To receive a copy, please contact us at: privacy@itpotwojemu.pl

6. Your Rights

Under the GDPR, you have the following rights:

• Right of access – you can obtain information about whether we process your data and receive a copy
• Right to rectification – you can request correction of inaccurate data or completion of incomplete data
• Right to erasure ("right to be forgotten") – you can request deletion of your data in certain cases
• Right to restriction of processing – you can request limitation of processing in certain situations
• Right to data portability – you can receive your data in a structured format
• Right to object – you can object to processing based on legitimate interests
• Right to withdraw consent – if processing is based on consent, you can withdraw it at any time
• Right to lodge a complaint – you can file a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland)

To exercise these rights, please contact us at: privacy@itpotwojemu.pl

7. Cookies

Our website uses cookies to ensure proper functionality and analyze traffic.

7.1. Types of cookies used

7.2. Managing cookies

On your first visit, a banner lets you accept or reject Matomo analytics. You can change your preference by clearing site data/localStorage for itpotwojemu.pl in your browser settings; after the decision is removed, the banner will be shown again.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or disclosure, including:

• Data transmission encryption (HTTPS/TLS protocol)
• Restricted access to data for authorized personnel only
• Regular software and system updates
• Hosting on servers meeting security standards

9. Changes to Privacy Policy

We reserve the right to make changes to this Privacy Policy. We will inform you of any significant changes by publishing an updated version on this page with the date of the last update. We recommend checking this page regularly.

10. Contact

If you have any questions about this Privacy Policy or the processing of your personal data, please contact us: