Privacy Policy

1. Data Controller

The controller of your personal data is QUALIX SOFTWARE MICHAŁ KASPRZYK, operated by Michał Kasprzyk, registered in the Central Register and Information on Economic Activity (CEIDG).

2. Purposes and Legal Bases for Processing

We process your personal data for the following purposes:

3. Categories of Personal Data

We process the following categories of data:

• Identification data: name, surname, company name
• Contact data: email address, phone number, address
• Technical data: IP address, browser information
• Project data: requirements, preferences, materials

4. Data Sources

Personal data is collected directly from you (e.g., through contact forms, email, phone conversations) or automatically when using the website (e.g., technical data such as IP address collected via cookies).

5. Data Retention Period

Data retention periods are determined based on legal provisions (e.g., tax law), processing purposes, and business needs such as securing claims. We store your data only as long as necessary to achieve the purposes for which it was collected:

• Contact form: maximum 12 months from last contact (for response and potential cooperation)
• Contract data: duration of contract + 6 years (tax law requirements)
• Marketing data: until consent withdrawal or maximum 3 years
• Technical data (analytical cookies): maximum 2 years
• Business correspondence: 3 years from last contact

6. Rights of Data Subjects

You have the right to:

• Access your personal data
• Rectify incorrect data
• Delete data (right to be forgotten)
• Restrict processing
• Port data
• Object to processing
• Withdraw consent at any time
• Lodge a complaint with the President of the Personal Data Protection Office or the supervisory authority in your country of residence or workplace if you believe that the processing of your data violates GDPR provisions

The exercise of these rights may be limited by law, e.g., in case of tax obligations or securing claims.

To exercise the above rights, contact me at: kontakt@qualixsoftware.com

7. Cookie Files

The website uses only cookies necessary for proper functioning and anonymous analytics without cookies (GDPRmetrics). We do not use analytical or marketing cookies requiring consent. You can manage cookie settings in your browser.

Detailed information about cookies can be found in the Cookie Policy.

8. Data Transfer and Third Countries

Your data may be transferred only to the following categories of recipients:

• Web hosting providers: data storage on servers
• Email service providers: sending and receiving email messages
• Analytics service providers: website traffic analysis
• Accounting offices: bookkeeping and tax settlements
• Subcontractors: cooperating with the Controller in service provision (e.g., programmers, graphic designers, SEO specialists), only to the extent necessary for contract performance and based on signed data processing agreements compliant with Art. 28 GDPR
• Public authorities: only based on legal provisions

Data Transfer Outside the European Economic Area (EEA)

Due to the use of technological services, your data may be transferred to countries outside the EEA:

• GDPRmetrics.com: Anonymous website traffic analysis without cookies and identifiers (European Economic Area).
• Cloudflare Inc.: Website hosting and CDN services (privacy policy: https://www.cloudflare.com/privacypolicy/).

Due to the transition to GDPRmetrics, all analytical data is processed within the European Economic Area (EEA) anonymously, without collecting personal data. Data transfer to Cloudflare is based on standard contractual clauses approved by the European Commission.

Detailed information about data transfer within analytical cookies can be found in the Cookie Policy available at: https://www.qualixsoftware.com/en/cookie-policy.

9. Automated Decision Making and Profiling

10. Data Security

The Controller applies modern technical and organizational measures, such as SSL/TLS encryption, regular backups, restricted data access (including pseudonymization where possible), and regular security audits to ensure an appropriate level of data protection.

• Connection encryption: all data is transmitted via secure SSL/TLS connections
• Regular backups: protection against data loss
• Limited access: only authorized persons have access to data
• Pseudonymization: applied where possible
• Regular security audits: periodic checks of protection systems
• Security updates: regular system and software updates

11. Contact for Data Protection Matters

12. Data Breach Procedure

In case of a personal data breach, the Controller immediately takes action to minimize the effects of the breach and reports the incident to the President of the Personal Data Protection Office within 72 hours if required under Art. 33 GDPR. If necessary, users whose data is affected will be notified in accordance with Art. 34 GDPR.

13. Privacy Policy Changes

The Controller reserves the right to make changes to the Privacy Policy. Users will be informed of any changes at least 14 days before the changes take effect, via the website or email.

14. Language and Applicable Law

The Privacy Policy has been prepared in Polish and is subject to Polish law. In case of discrepancies between the Polish version and other language versions, the Polish version is binding.