Privacy
Policy

§1. Personal Data Controller

The controller of personal data processed through the website www.ukkf.pl is:

INDPL sp. z o.o.
ul. Grzybowska 2/31, 00-131 Warszawa
NIP: 6762644503 · KRS: 0001040452 · REGON: 525515545
E-mail: biuro@ukkf.pl
Tel: +48 731 826 092

§2. Data Protection Officer

The Controller is not required to appoint a Data Protection Officer (DPO) pursuant to Art. 37 GDPR. For matters relating to personal data, please contact the Controller directly: biuro@ukkf.pl.

§3. Purposes and Legal Bases for Data Processing

3.1. Contact Form Handling

• — Purpose: responding to inquiries submitted via the contact form.
• — Data: first name, e-mail address, subject, message content.
• — Legal basis: Art. 6(1)(b) or (f) GDPR (pre-contractual measures / legitimate interest).
• — Retention period: up to 12 months from the last contact.

3.2. Contract Conclusion and Performance

• — Purpose: provision of website design and development services.
• — Data: full name / company name, address, VAT ID, e-mail, phone.
• — Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
• — Retention period: duration of the contract + 6 years after its termination.

3.3. Tax and Accounting Obligations

• — Purpose: issuing invoices, maintaining accounting records.
• — Data: full name / company name, address, VAT ID, invoice details.
• —Legal basis: Art. 6(1)(c) GDPR (legal obligation).
• — Retention period: 5 years from the end of the tax year.

3.4. Website Analytics (Google Analytics)

• — Purpose: statistical analysis of website traffic.
• — Data: anonymised IP address, behavioural data on the website.
• — Legal basis: Art. 6(1)(a) GDPR (consent via acceptance of analytical cookies).
• — Retention period: 26 months; data deleted upon withdrawal of consent.

§4. Recipients of Personal Data

Data may be transferred to the following categories of recipients:

• — Hosting service provider – server maintenance and backups (EEA).
• — Google LLC – Google Analytics, Google Workspace (USA, based on SCCs – see §5).
• — Accounting office – financial documentation services (Poland).
• — Public authorities – exclusively on the basis of applicable law (courts, tax authorities, Police).

The Controller does not sell personal data or share it with third parties for commercial purposes.

§5. Transfer of Data Outside the EEA

Due to the use of Google LLC services, data may be transferred to the United States. The transfer is carried out on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission (Art. 46(2)(c) GDPR). More information: policies.google.com/privacy.

§6. Rights of the Data Subject

Under the GDPR, you have the following rights:

• — Right of access (Art. 15) – obtaining information and a copy of your data.
• — Right to rectification (Art. 16) – correcting inaccurate or completing incomplete data.
• — Right to erasure (Art. 17) – requesting deletion of data when the basis for processing has ceased.
• — Right to restriction of processing (Art. 18) – processing only to a limited extent.
• — Right to data portability (Art. 20) – receiving data in a structured format.
• — Right to object (Art. 21) – objecting to processing based on legitimate interest.
• — Right to withdraw consent – at any time, without affecting the lawfulness of prior processing.

To exercise the above rights, please contact us: biuro@ukkf.pl. A response will be provided within 30 days.

You also have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl.

§7. Cookies

The website uses the following categories of cookies:

• — Necessary – ensure the correct functioning of the website; do not require consent.
• — Analytical (Google Analytics 4) – visit statistics; require consent.
• — Marketing – remarketing and ad personalisation; require consent.

Consent can be given or withdrawn at any time via the cookie banner or browser settings (Chrome, Firefox, Safari, Edge).

§8. Automated Processing and Profiling

The Controller does not carry out automated decision-making with legal effects or profiling within the meaning of Art. 22 GDPR.

§9. Data Security

The Controller applies technical and organisational measures to ensure data protection, including: HTTPS/TLS encryption, access control, regular backups, and software updates.

§10. External Links

The website may contain links to external websites. The Controller is not responsible for their privacy policies.

§11. Changes to the Privacy Policy

The Controller reserves the right to update this Policy. Users will be informed of significant changes via a notice on the website. The current version is always available at: ukkf.pl/polityka-prywatnosci.

§12. Legal Bases

• — Regulation (EU) 2016/679 (GDPR)
• — Act of 10 May 2018 on the Protection of Personal Data
• — Act of 18 July 2002 on the Provision of Electronic Services
• — Act of 16 July 2004 – Telecommunications Law (with regard to cookies)