EN

Privacy Policy

5.00 /5 - (30 votes )
Last verified: March 1, 2026
Experience: 19+ years experience
Table of Contents

Privacy and Cookies Policy of WPPoland.com

This Privacy Policy explains how WPPoland processes personal data of users of wppoland.com, the contact form, and related communication channels.

§1. Data Controller and Contact

The data controller is Mariusz Szatkowski, operating as WPPoland Mariusz Szatkowski, ul. Starowiejska 16/2, 81-356 Gdynia, Poland, Tax ID (NIP): 7393037445.

Contact for privacy matters:

  • e-mail: hello@wppoland.com
  • postal address: WPPoland Mariusz Szatkowski, ul. Starowiejska 16/2, 81-356 Gdynia, Poland

§2. Scope and Definitions

  1. This policy applies to users of wppoland.com in all language versions.
  2. Definitions:
    • Service: the website wppoland.com.
    • User: a natural person using the Service or contacting the Controller.
    • GDPR: Regulation (EU) 2016/679.

We process personal data only where we have a legal basis:

  1. Contact and handling inquiries (form/e-mail):
    • Art. 6(1)(b) GDPR (steps prior to entering into a contract),
    • Art. 6(1)(f) GDPR (legitimate interest: communication and inquiry handling).
  2. Security and stability of the Service (logs, abuse protection, reCAPTCHA):
    • Art. 6(1)(f) GDPR.
  3. Traffic analytics (Google Analytics) and Service development:
    • Art. 6(1)(a) GDPR (consent for analytical cookies),
    • Art. 6(1)(f) GDPR for strictly necessary technical measurements.
  4. Compliance with legal obligations (e.g., tax/accounting):
    • Art. 6(1)(c) GDPR.
  5. Establishing, exercising, or defending legal claims:
    • Art. 6(1)(f) GDPR.

§4. Categories of Data

  1. Data provided by the User via form or e-mail, such as name, e-mail address, message content, and any other data submitted voluntarily.
  2. Automatically collected technical data: IP address, device type, operating system, browser, connection time, server logs, and cookie identifiers.

§5. Contact Form and Processors

  1. The contact form is technically operated by Web3Forms.
  2. Web3Forms acts as a technical provider (processor or separate controller under its own terms), and form data are forwarded to the Controller.
  3. The Controller processes received form data for the purposes described in this policy.
  4. Web3Forms privacy policy: https://web3forms.com/privacy.

§6. Data Recipients and Transfers Outside the EEA

  1. Data may be shared with entities supporting the Controller, in particular hosting providers, analytics/security providers, and IT service providers.
  2. Because services such as Google (Analytics, reCAPTCHA) are used, some data may be transferred outside the EEA (e.g., to the USA) with safeguards required by GDPR, including Standard Contractual Clauses (SCCs), and where applicable also based on the EU-U.S. Data Privacy Framework.
  3. Data are disclosed to public authorities only where legally required.

§7. Retention Periods

  1. Contact data: for the period necessary to handle an inquiry and follow-up communication, then for the limitation period for claims (typically up to 3 years unless a longer period is required by law).
  2. Data processed due to legal obligations (e.g., accounting/tax): for statutory retention periods (typically 5 years from the end of the relevant tax year).
  3. Analytics/cookie data: according to cookie lifetime or until consent withdrawal; Google Analytics statistical retention is typically configured up to 14 months.
  4. Server logs and security data: for as long as necessary to ensure security and investigate incidents, typically no longer than 12 months unless needed longer for legal defense.
  5. Data processed under legitimate interest: until an effective objection is raised or the purpose ceases.

§8. User Rights

Users have the right to:

  1. access personal data,
  2. rectify data,
  3. erase data,
  4. restrict processing,
  5. data portability (where applicable),
  6. object to processing based on Art. 6(1)(f) GDPR,
  7. withdraw consent at any time (without affecting lawfulness before withdrawal),
  8. lodge a complaint with a competent supervisory authority, including the President of the Personal Data Protection Office (UODO) in Poland (ul. Stawki 2, 00-193 Warsaw), or your local EU/EEA authority.

Requests can be sent to: hello@wppoland.com. We respond without undue delay, usually within 1 month from receipt. For complex requests, the deadline may be extended by up to 2 additional months, and we will inform you of the reasons. We may request identity verification before completing a request.

§9. Cookies and Similar Technologies

  1. The Service uses:
    • necessary cookies (operation and security),
    • analytical cookies (traffic measurement),
    • functional/security cookies (e.g., reCAPTCHA).
  2. Non-essential cookies are used based on User consent where required by law.
  3. Consent can be changed or withdrawn in cookie settings and browser settings.
  4. Google privacy details: https://policies.google.com/privacy.

§10. Security and Incidents

  1. We apply technical and organizational safeguards appropriate to risk, including HTTPS, access control, and security monitoring.
  2. In case of a personal data breach, we act in accordance with GDPR, including notification to the supervisory authority where required (typically within 72 hours of becoming aware of the breach).
  3. We do not use solely automated decision-making, including profiling, that produces legal effects concerning users or similarly significantly affects them.

§11. Policy Updates

  1. This policy may be updated due to legal, technological, or organizational changes.
  2. The current version is always available on wppoland.com.
  3. Material changes are communicated on the Service.

WPPoland Mariusz Szatkowski
ul. Starowiejska 16/2
81-356 Gdynia, Poland
E-mail: hello@wppoland.com

Image Credits

The photographs of Mariusz Szatkowski used on this website were taken by Marta Weronika Pawłowska.

§12. Data Subject Rights

Right to Access

Users have the right to access their personal data. Access requests get processed within one month. Identity verification may be required.

Access includes data copies in common electronic formats. Reasonable requests get accommodated free of charge. Excessive requests may incur reasonable fees.

Right to Rectification

Inaccurate personal data gets corrected promptly. Complete incomplete data gets completed. Rectification requests require verification.

Notifications get sent to recipients where required. Data subjects get informed about recipients.

Right to Erasure

Users may request erasure of their personal data. Erasure applies when data is no longer necessary. Withdrawal of consent triggers erasure rights.

Exceptions exist for legal obligations and legal claims. Erasure may affect service delivery. Consequences get explained to data subjects.

Right to Restriction

Users may request restriction of processing. Restriction applies during accuracy disputes. Processing gets limited pending resolution.

Data may get stored but not processed further. Restrictions get lifted when grounds end. Data subjects get informed before restrictions lift.

Right to Portability

Users may receive their data in structured formats. Common electronic formats enable data transfer. Portability applies to automated processing bases.

Data gets transmitted directly where technically feasible. Alternative formats get provided when direct transmission is impossible.

Right to Object

Users may object to processing based on legitimate interests. Objections get assessed promptly. Processing stops unless compelling grounds override.

Direct marketing objections get honored immediately. No justification needed for marketing objections.

Complaints

Users may lodge complaints with supervisory authorities. Polish supervisory authority is UODO. Complaints get addressed internally first.

Supervisory authority contact information gets provided. Complaints do not affect other rights.

§13. Third-Party Processors

Hosting Services

Our hosting provider processes data on our behalf. Hosting includes server storage and maintenance. Data processing agreements govern these relationships.

Hosting providers meet security standards. Regular audits verify compliance. Data stays within EU where possible.

Analytics Tools

Google Analytics processes visitor data. Analytics helps understand website usage. Privacy-friendly settings minimize data collection.

Analytics data gets anonymized where possible. Data retention periods get enforced. Users may opt out of analytics.

Communication Tools

Email services process communications. Support tickets get stored securely. Communication data retention follows legal requirements.

Email marketing requires explicit consent. Unsubscribe options get honored promptly. Contact preferences get respected.

Payment Processors

Payment processors handle financial transactions. Payment data gets processed by processors. We do not store payment card details.

PCI DSS compliance gets verified. Payment security gets audited. Transaction records get retained as required.

§14. Cookies and Tracking

Essential Cookies

Essential cookies enable basic website functions. These cookies do not require consent. Disabling essential cookies affects functionality.

Essential cookies include session management. Security cookies prevent fraud. Load balancing cookies improve performance.

Analytics Cookies

Analytics cookies track website usage. Usage data helps improve the website. Analytics require consent before placement.

Google Analytics provides usage insights. Data gets anonymized where possible. Users may opt out anytime.

Marketing Cookies

Marketing cookies track visitors across websites. Targeting enables personalized advertising. Marketing requires explicit consent.

Third-party advertisers may use cookies. Ad preferences get managed through industry tools. Consent management gets implemented.

Browser settings manage cookies. Consent tools on website control tracking. Opt-out options disable tracking.

Cookies get reviewed periodically. Unnecessary cookies get removed. New cookies get assessed for necessity.

§15. Data Retention

Contact Inquiries

Contact inquiry data gets retained for one year. Inquiries not leading to projects get deleted. Project-related data gets retained longer.

Communication records support dispute resolution. Business records get retained as required by law. Retention periods follow legal requirements.

Website Analytics

Analytics data gets retained for 26 months. Shorter retention periods apply where possible. Anonymized data may retain longer.

Data aggregation reduces identification risk. Retention reviews happen annually. Unnecessary data gets purged.

Financial Records

Invoice data gets retained for five years. Tax requirements dictate retention periods. Financial records support compliance.

Archival storage protects historical records. Access gets restricted appropriately. Retention policies follow legal requirements.

Security Logs

Security logs get retained for three months. Log rotation prevents excessive storage. Logs support incident investigation.

Log analysis identifies security patterns. Automated alerts detect anomalies. Retention supports compliance requirements.

§16. International Transfers

EU/EEA Transfers

Data primarily stays within EU/EEA. No additional safeguards needed for EU transfers. GDPR protections apply throughout.

Third-Country Transfers

Transfers outside EU/EEA require safeguards. Standard Contractual Clauses govern transfers. Adequacy decisions may apply.

Transfer impact assessments get conducted. Additional measures protect data. Transfers get minimized where possible.

US Services

US services may process data. Privacy Shield or equivalent protections apply. Data gets protected appropriately.

Subcontractor agreements get required. Compliance gets verified periodically. Transfer mechanisms get documented.

§17. Children’s Data

Age Restrictions

Services do not target children under 16. Parental consent required for processing children’s data. Age verification does not occur actively.

Parents may request information about children’s data. Parental responsibility gets verified. Data gets deleted upon request.

Educational Services

Educational services may have different requirements. Parental consent gets obtained where required. Educational institution agreements govern processing.

School verification gets conducted. Educational purpose limitations apply. Data minimization gets implemented.

§18. Profiling and Automation

Automated Decisions

No solely automated decisions affect users. Human oversight exists for significant decisions. Profiling does not produce legal effects.

Automated tools assist but do not decide. Human review applies where required. Appeals get handled manually.

Personalization

Content personalization improves user experience. Recommendations based on past behavior. Personalization uses minimal data.

Users may opt out of personalization. Preference settings get respected. Personalization gets explained where required.

External Websites

Links to external websites get provided for information. External sites have separate privacy practices. We do not control external sites.

Third-party privacy policies get reviewed where possible. External sites get monitored for broken links. Linking does not imply endorsement.

Social Media

Social media features may be integrated. Social media platforms collect data independently. Privacy settings on platforms control sharing.

Social buttons get implemented carefully. Data sharing requires user action. Platform privacy policies govern their practices.

§20. Business Transfers

Merger or Sale

Business transfers may involve data transfer. Acquisitions require data protection measures. Customer data transfers with businesses.

Notice gets provided where required. Data protection levels get maintained. Transfer agreements include privacy provisions.

Insolvency

Insolvency proceedings may affect data. Data gets protected during proceedings. Administrators get bound by privacy obligations.

Data may get transferred to purchasers. Customer interests get protected. Legal requirements get followed.

§21. Contract Performance

Service Delivery

Data processing necessary for service delivery. Contract terms govern data use. Service provision requires data processing.

Contract performance includes communication. Account management requires data. Service improvements use aggregated data.

Customer Support

Support requests require data access. Issue resolution uses necessary data. Support quality depends on information accuracy.

Support interactions get recorded. Training purposes may use support data. Retention follows support policies.

Law Enforcement

Law enforcement requests get evaluated. Legal process required before disclosure. We object to overbroad requests.

Data may get disclosed with legal authority. Disclosure scope gets limited where possible. Users get notified where permitted.

Regulatory Requests

Regulatory bodies may request data. Compliance gets assessed carefully. Required disclosures get made appropriately.

Regulatory relationships get managed. Data protection gets maintained. Legal requirements get followed.

§23. Questions and Contact

General Inquiries

Questions about this policy get answered. Contact through hello@wppoland.com. Response within reasonable timeframes.

Detailed questions may require follow-up. Additional information may get requested. Complex requests may take longer.

Data Subject Requests

Data subject requests get handled specially. Identity verification gets required. Requests get processed within timeframes.

Expedited processing may get available. Complex requests may require extension. Fees may apply to excessive requests.

§24. Policy Review

Regular Reviews

This policy gets reviewed annually. Legal updates get incorporated. Technological changes get addressed.

Industry best practices get considered. User feedback gets reviewed. Policy improvements get implemented.

User Feedback

Feedback about privacy practices gets welcomed. Concerns get addressed promptly. Suggestions may get implemented.

Privacy remains priority. Continuous improvement gets pursued. User trust gets maintained.

Related Articles

A practical guide to cloud AI agents, parallel execution, quality gates, and the evolving role of software engineers.
development

Agentic engineering, a new model for software development in 2026

Writing code still matters, but results now depend on how teams orchestrate AI agents. This guide explains a practical agentic workflow and how to adopt it without losing quality.

Software is becoming a commodity. What does this mean for creators and the IT industry? Learn the brutal truth about distribution and software slop.
business

The future of software in 2026: Distribution and the end of mediocrity

Creating software is getting easier. Find out why distribution, relationships, and brand matter more than code in the age of AI tools.

AI tools like chatgpt and copilot are changing how websites get built. but what does it actually mean for WordPress developers? here's the truth.
AI

Will AI replace WordPress developer?

AI tools like chatgpt and copilot are changing how websites get built. but what does it actually mean for WordPress developers? here's the truth.