Skip to content
Witamy na nowej stronie

Privacy Policy

IMPORTANT: this privacy policy is a template provided as a starting point. Before publishing, fill in your company details, audit all third-party processors (Resend, Stripe, Mailchimp, MailerLite, possibly Google Analytics) and have the text reviewed by a lawyer.

This policy describes how [COMPANY NAME] ("we", "us") collects and processes personal data of visitors to this website, in line with Regulation (EU) 2016/679 (GDPR) and applicable national data-protection laws.

1. Data controller. The controller of your personal data is [COMPANY NAME], [ADDRESS], company registration [REG. NO.]. For any data-related question contact us at [contact@example.com].

2. What we collect. We collect: (a) information you submit through the contact form (name, e-mail, message); (b) e-mail and language preference when you subscribe to the newsletter; (c) information needed to process event-ticket payments (name, e-mail, invoice details — collected directly by Stripe); (d) basic server logs (IP, user-agent) used only for security and rate limiting; (e) analytics data only after you opt in via the cookie banner.

3. Purposes and legal bases. We process data in order to: (a) answer contact-form enquiries — Art. 6(1)(b) GDPR (pre-contract steps); (b) deliver the newsletter — Art. 6(1)(a) GDPR (double opt-in consent); (c) fulfil ticket purchases — Art. 6(1)(b) GDPR (contract) and Art. 6(1)(c) (tax obligations); (d) keep the system secure — Art. 6(1)(f) (legitimate interest); (e) measure traffic — Art. 6(1)(a) (consent).

4. Retention periods. Contact-form messages: 24 months. Newsletter subscriptions: until you unsubscribe, plus a 30-day archive. Transaction records (invoices): 5 years as required by accounting law. Server logs: 90 days.

5. Recipients. We share data only with trusted processors acting on our behalf: Resend (transactional e-mail, USA — Standard Contractual Clauses), Stripe (payments, Ireland/USA — SCC), optionally Mailchimp and/or MailerLite (newsletter — SCC), optionally Sentry (error monitoring, USA — SCC). A full sub-processor list is available on request.

6. Your rights. You have the right to: access your data (Art. 15), rectify it (Art. 16), have it erased / "right to be forgotten" (Art. 17), restrict processing (Art. 18), data portability (Art. 20), object (Art. 21), and withdraw consent at any time. File requests through the "Data request" page or by e-mail. We respond within 30 days.

7. Complaints to a supervisory authority. You may lodge a complaint with your national supervisory authority (in Poland: the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw).

8. Cookies. The site uses only strictly-necessary cookies without your consent (session, language preference, cookie banner state). Analytics and marketing cookies (Google Analytics, Meta Pixel) are loaded only after you opt in via the banner, which you can change at any time.

9. Changes. The current version is always published on this page. We announce material changes 14 days in advance by e-mail to newsletter subscribers.