Privacy Policy
Last updated: January 12, 2026
1. Data Controller
The controller of your personal data is Filip Krasiewicz, operating a sole proprietorship under the name IT Po Twojemu, with registered address at ul. B. Prusa 12, 05-270 Marki, Poland, Tax ID (NIP): 125 172 95 90.
For matters related to personal data protection, you can contact us:
- Email: privacy@itpotwojemu.pl
- Phone: +48 601 131 446
- Postal address: ul. B. Prusa 12, 05-270 Marki, Poland
2. Data We Collect
When using our website, we may collect the following categories of personal data:
2.1. Data provided voluntarily
- First and last name
- Email address
- Content of messages sent via the contact form
2.2. Data collected automatically
- IP address
- Browser and device type
- Location data (approximate, based on IP)
- Information about website interaction (pages visited, time on site)
- Cookie data (see section 6)
2.3. Obligation to Provide Data and Consequences
Providing personal data via the contact form is voluntary but necessary to:
- Respond to your inquiry
- Contact you regarding potential collaboration
- Execute a potential automation services agreement
Consequences of not providing data: Failure to provide an email address or other contact information will prevent us from responding to your inquiry and establishing contact to discuss potential collaboration.
Automatically collected data is divided into two categories:
- Essential technical data (e.g., IP address, basic server logs) – necessary for proper website functioning, security, and required by law regarding electronic service provision.
- Analytics and marketing data (e.g., Google Analytics cookies) – collected only after obtaining your consent through our cookie management mechanism (Usercentrics). You may reject these without affecting basic website functionality.
3. Purposes of Data Processing
We process your personal data for the following purposes:
| Purpose | Legal Basis (GDPR) | Retention Period |
|---|---|---|
| Responding to contact form inquiries | Art. 6(1)(b) – performance of a contract or pre-contractual measures | 3 years from last contact |
| Analytics and traffic statistics | Art. 6(1)(f) – legitimate interests of the controller | 26 months (Google Analytics) |
| Protection against spam and bots (reCAPTCHA) | Art. 6(1)(f) – legitimate interests of the controller | According to Google's policy |
| Direct marketing (if consent given) | Art. 6(1)(a) – consent | Until withdrawal of consent |
| Establishment or defense of legal claims | Art. 6(1)(f) – legitimate interests of the controller | Until expiration of statutory limitation periods (generally 3 or 6 years, depending on claim type) |
3.1. Details of Legitimate Interests
Where processing is based on legitimate interests (Art. 6(1)(f) GDPR), our legitimate interests are:
- Analytics and statistics – Conducting basic visit statistics to analyze website effectiveness, improve content, and optimize user experience. This enables us to better tailor our offerings to visitor needs.
- Protection against spam and bots – Maintaining website security, protection against automated attacks, contact form abuse, and malicious bot activities. This is essential to ensure proper functioning of our services.
- Legal claims – Establishment, exercise, or defense of legal claims arising from the use of our services or website.
- Diagnostic logs – Diagnostics and error resolution in automation scenarios to ensure proper service delivery and maintain service quality.
3.2. Automated Decision-Making and Profiling
We inform you that we do not make automated decisions concerning you, including profiling within the meaning of Article 22 GDPR, that would produce legal effects concerning you or similarly significantly affect you.
Data collected by Google Analytics is used solely to create aggregated statistics regarding website traffic and is not used to make decisions concerning specific individuals.
4. Data Processing Within Provided Services
Important distinction
This Privacy Policy applies only to data collected through www.itpotwojemu.pl and marketing activities.
4.1. Data Controller vs Data Processor
In the course of our business activities, we assume different roles depending on the data processing context:
| Context | Our Role | Governing Document |
|---|---|---|
| Website, marketing, contact form | Data Controller | This Privacy Policy |
| Automation service delivery (e.g., processing client databases in Make/n8n) | Data Processor | Data Processing Agreement (DPA) |
4.2. Data processed within service delivery
When providing business process automation services (e.g., CRM integration, email marketing automation, order processing), we may access personal data of your customers or contractors. In such cases:
- You remain the Data Controller of such data
- We act as Data Processor exclusively under your instructions
- Processing terms are governed by a separate Data Processing Agreement (DPA), executed before service commencement
4.3. Diagnostic logs
For diagnostic and debugging purposes (Make/n8n scenario troubleshooting), temporary logs containing fragments of processed data may be collected. These logs:
- Are retained for a maximum of 30 days
- Serve exclusively for diagnostics and error resolution
- Are deleted immediately after the issue is resolved
- Are processed under Art. 6(1)(f) GDPR (legitimate interests)
4.4. Sub-processors
As part of providing automation services, we may use sub-processors (providers of automation tools and platforms). The list of sub-processors is provided before commencing cooperation within the Data Processing Agreement (DPA) and requires your authorization in accordance with Art. 28(2) and (4) GDPR.
Typical tools used as sub-processors include: Make.com, n8n (self-hosted), Google Workspace, and other integration platforms necessary for project execution. The exact list depends on the project scope and is determined individually.
5. Data Recipients
Your personal data may be shared with the following categories of recipients:
- Google LLC – as part of Google Analytics and Google reCAPTCHA services (EU-U.S. Data Privacy Framework certified + Standard Contractual Clauses)
- Notion Labs, Inc. – for project management and communication (EU-U.S. Data Privacy Framework certified + Standard Contractual Clauses)
- Google Ireland Limited – as part of Google Sheets services (processing within the EU)
- Usercentrics GmbH – for cookie consent management (processing within the EU)
- n8n hosting provider – servers located within the European Union
5.1. Data transfers to the USA and safeguards
Some of our service providers are based in the United States. Data transfers to the USA are conducted based on the following safeguarding mechanisms:
| Provider | Mechanism |
|---|---|
| Google LLC (Analytics, reCAPTCHA) | EU-U.S. Data Privacy Framework (DPF) + Standard Contractual Clauses (SCCs) |
| Notion Labs, Inc. | EU-U.S. Data Privacy Framework (DPF) + Standard Contractual Clauses (SCCs) |
EU-U.S. Data Privacy Framework (DPF) – You can verify the DPF certification of specific entities at: dataprivacyframework.gov
Standard Contractual Clauses (SCCs) – Where a provider does not have DPF certification or as an additional safeguard, we use Standard Contractual Clauses approved by the European Commission. Upon your request, we will provide a copy of the applied SCCs. To receive a copy, please contact us at: privacy@itpotwojemu.pl
6. Your Rights
Under the GDPR, you have the following rights:
- Right of access – you can obtain information about whether we process your data and receive a copy
- Right to rectification – you can request correction of inaccurate data or completion of incomplete data
- Right to erasure ("right to be forgotten") – you can request deletion of your data in certain cases
- Right to restriction of processing – you can request limitation of processing in certain situations
- Right to data portability – you can receive your data in a structured format
- Right to object – you can object to processing based on legitimate interests
- Right to withdraw consent – if processing is based on consent, you can withdraw it at any time
- Right to lodge a complaint – you can file a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland)
To exercise these rights, please contact us at: privacy@itpotwojemu.pl
7. Cookies
Our website uses cookies to ensure proper functionality and analyze traffic.
7.1. Types of cookies used
| Name | Provider | Purpose | Duration |
|---|---|---|---|
| _ga, _ga_* | Google Analytics | Analytics – user differentiation | 26 months |
| _gid | Google Analytics | Analytics – user differentiation | 24 hours |
| uc_* | Usercentrics | Cookie consent management | 12 months |
| _GRECAPTCHA | Google reCAPTCHA | Spam protection | 6 months |
7.2. Managing cookies
On your first visit to the website, a banner is displayed allowing you to accept or reject specific cookie categories. You can change your preferences at any time by clicking the privacy settings icon in the bottom left corner of the page or through your browser settings.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or disclosure, including:
- Data transmission encryption (HTTPS/TLS protocol)
- Restricted access to data for authorized personnel only
- Regular software and system updates
- Hosting on servers meeting security standards
9. Changes to Privacy Policy
We reserve the right to make changes to this Privacy Policy. We will inform you of any significant changes by publishing an updated version on this page with the date of the last update. We recommend checking this page regularly.
10. Contact
If you have any questions about this Privacy Policy or the processing of your personal data, please contact us:
Filip Krasiewicz – IT Po Twojemu
ul. B. Prusa 12, 05-270 Marki, Poland
Email: privacy@itpotwojemu.pl
Phone: +48 601 131 446