Privacy Policy

1. Controller

The controller of personal data is Przemysław Filipiak, contact: [email protected].

If you have any questions about privacy or want to exercise your GDPR rights, please contact [email protected].

2. Scope of this policy

This policy applies to visitors of the public website, blog readers, and people contacting the controller by email.

Based on the current codebase review, the public-facing pages do not use optional analytics or marketing cookies. The service does, however, use a strictly necessary session cookie for authenticated admin access.

3. Categories of personal data

• technical data such as IP address, browser data, device data, request metadata, and security logs;
• email address and message content if you contact the controller directly by email;
• other data voluntarily provided by the user in correspondence.

4. Purposes and legal bases

• operating and securing the website: Article 6(1)(f) GDPR;
• responding to enquiries and business communication: Article 6(1)(f) GDPR or Article 6(1)(b) GDPR;
• maintaining records, preventing abuse, and defending legal claims: Article 6(1)(f) GDPR;
• complying with legal obligations: Article 6(1)(c) GDPR;
• processing based on consent, where consent is specifically requested: Article 6(1)(a) GDPR.

5. Cookies

The public-facing website does not currently use optional analytics or advertising cookies based on the reviewed implementation.

A strictly necessary session cookie named `session` may be used only where access to protected administrative functionality is involved. This cookie is used for authentication and security and does not require consent when used strictly for those purposes.

6. Recipients and processors

Personal data may be processed by providers used to host, secure, and technically operate the website, such as hosting, infrastructure, and email service providers, but only to the extent necessary for the website to function and for correspondence to be handled.

• hosting and infrastructure providers;
• email and communication providers, where correspondence is handled by email;
• technical security providers, where needed to keep the website available and secure.

7. International transfers

Some service providers may process data outside the European Economic Area. Where this happens, data transfers should rely on a valid GDPR transfer mechanism, such as an adequacy decision or appropriate safeguards.

8. Retention

• server and security logs are retained only for as long as needed for security, diagnostics, and operational purposes;
• email correspondence is retained for as long as reasonably necessary to handle the request and any follow-up;
• data may be retained longer where required by law or needed to establish, exercise, or defend legal claims.

9. Your rights under the GDPR

Subject to the conditions set out in the GDPR, you have the right to access your data, rectify it, erase it, restrict processing, object to processing, request data portability, withdraw consent at any time where processing is based on consent, and lodge a complaint with the President of the Personal Data Protection Office (UODO) in Poland.

The service is not intended to make decisions based solely on automated processing that produce legal or similarly significant effects on individuals.

10. Data security

Appropriate technical and organisational measures are used to protect personal data against unauthorised access, disclosure, alteration, and destruction. However, no internet-based system can be guaranteed to be completely secure.

11. Contact and updates

Questions, requests, and privacy-related notices should be sent to [email protected].

This Privacy Policy may be updated from time to time. The latest version will be published on this page.