This privacy and cookies policy (hereinafter referred to as the 'Policy') defines the rules for the processing and protection of personal data provided by Users in connection with their use of the website available at optymalizacjakredytowa.pl (hereinafter referred to as the 'Service').

We care about your privacy and the security of your data. Below we present detailed information on the principles of processing your personal data and on the cookies used by our Service, in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as 'GDPR').

The administrator of your personal data (hereinafter referred to as the 'Administrator') is:

DIGITAL & FINANCE SOLUTIONS ŁUKASZ TURCZYN
ul. Złota 75A/7
00-819 Warsaw, Poland
NIP (VAT ID): 5243041119
REGON: 541849794

In matters related to the processing of your personal data and the exercise of your rights, including withdrawing consent, you can contact the Administrator via the dedicated email address: [email protected].

After conducting an analysis, the Administrator has determined that at the current stage of business, there is no obligation to appoint a Data Protection Officer (DPO). All inquiries regarding data protection should be directed to the email address above.

We process your personal data in the Service for the following purposes:

• Handling inquiries via the contact form and providing initial information about the offer. If you contact us via the contact form, we process data such as: name/company, email address, phone number (if provided), and the content of the inquiry. The legal basis is your consent (Art. 6(1)(a) GDPR) expressed by checking the appropriate checkbox before sending the form, which also includes consent to be contacted to provide information about services. Additionally, to a limited extent, we may process this data based on our legitimate interest (Art. 6(1)(f) GDPR) of short-term archiving of inquiries to ensure continuity of communication and the ability to respond, unless you object.
• Initial management of inquiries (leads) in the CRM system (HubSpot). Data from the contact form may be transferred to our CRM system (HubSpot) for efficient management of inquiries and contact history at the pre-cooperation stage. The legal basis is our legitimate interest (Art. 6(1)(f) GDPR) in organizing work, effectively managing potential clients, and maintaining high-quality service at the initial stage. We have conducted a balancing test for this purpose.
• Service analytics and statistics. Based on your consent to cookies (Art. 6(1)(a) GDPR), we collect statistical data using Google Analytics 4. This data concerns your use of the Service (e.g., pages visited, visit duration, clicks). It helps us understand how users use our site and how we can improve it.
• Ensuring Service security and protection against spam. To secure the contact form against bots, we use the Google reCAPTCHA v2 service. This service may analyze data about your hardware and software (e.g., IP address, browser information). The legal basis is our legitimate interest (Art. 6(1)(f) GDPR) in ensuring the security of the Service and data integrity. We have conducted a balancing test for this purpose.
• Displaying fonts and icons. We use Google Fonts and Font Awesome (delivered via the Cloudflare CDN) to correctly display the appearance of the site. This may involve transferring your IP address and browser information to the providers of these services. The legal basis is our legitimate interest (Art. 6(1)(f) GDPR) in ensuring an attractive and consistent design of the Service. We have conducted a balancing test for this purpose.

Providing data in the contact form is voluntary, but failure to provide data marked as necessary (e.g., name, email address) will prevent us from processing your inquiry and providing a response.

The optymalizacjakredytowa.pl Service is used to obtain initial contact and information about your needs. If you express interest in using our financial brokerage services, your personal data (name, contact details, inquiry content) provided via the contact form on the Service will be transferred and further processed in our main CRM system (Notus) and through direct communication with you.

The processing of your personal data in the Notus CRM system and within the scope of providing financial brokerage services (e.g., needs analysis, preparing offers, contacting financial institutions) will be based on a separate, detailed information clause compliant with Art. 13 and 14 of the GDPR, which will be presented to you before the provision of these services begins or when collecting additional data necessary for their realization. This separate clause will include, among other things, detailed information about the purposes and legal bases of data processing for financial services, categories of data processed, recipients, retention periods, and your rights.

In connection with the operation of the Service, your personal data may be transferred to the following categories of entities:

• Hosting service providers on whose servers the Service is maintained.
• Email system providers through which email correspondence is conducted.
• Google LLC – in connection with the use of reCAPTCHA, Google Analytics 4, and Google Fonts services.
• HubSpot, Inc. – in connection with the use of the CRM system for the initial management of inquiries from the Service.
• Cloudflare, Inc. - as a CDN provider for the Font Awesome library.
• Notus CRM system provider – if you express interest in using our financial brokerage services, your data from the contact form will be transferred to this system for further handling (as described in Section 4).

Some of our providers (Google LLC, HubSpot, Inc., Cloudflare, Inc.) are based outside the European Economic Area (EEA), mainly in the United States of America (USA). The transfer of data to these entities is based on appropriate legal mechanisms that ensure an adequate level of data protection, in line with GDPR requirements. These may include Standard Contractual Clauses (SCCs) approved by the European Commission or a European Commission adequacy decision under the EU-US Data Privacy Framework (DPF) program, if the provider is certified. When using SCCs, we conduct a Transfer Impact Assessment and implement additional measures if necessary.

We always ensure that our providers guarantee a high level of personal data protection. These entities usually operate under a data processing agreement and in accordance with our instructions.

Your personal data processed in the Service will be stored for the following periods:

• Data from the contact form (name, email, phone, inquiry content):
  • If the inquiry does not lead to establishing cooperation: for the period necessary to respond to the inquiry and for up to 6 months after the end of correspondence for archival, accountability purposes, or until you effectively object or withdraw consent.
  • If the inquiry leads to expressing interest in financial brokerage services: this data will be transferred to the Notus CRM system, and its further retention period will be specified in a separate information clause regarding the provision of these services.
• Data processed in the HubSpot CRM system (for inquiries from the Service): until the data is transferred to the Notus CRM system in case of cooperation, or for up to 6 months from the last contact if cooperation is not established, unless you withdraw consent or object earlier.
• Data collected by Google Analytics 4 cookies: for up to 14 months from your last activity in the Service (according to the standard Google Analytics 4 settings we use) or until you withdraw your consent for these cookies.
• Data related to the operation of Google reCAPTCHA, Google Fonts, Font Awesome: for the period necessary for Google or Cloudflare to provide these services, in accordance with their privacy policies, or for the duration of your session in the Service.

Data retention periods may be extended if processing is necessary to establish, pursue, or defend against possible claims, and after this period, only if and to the extent required by law.

In connection with our processing of your personal data, you have the following rights:

• The right to access your data and receive a copy of it (Art. 15 GDPR).
• The right to rectify (correct) your data if it is incorrect or incomplete (Art. 16 GDPR).
• The right to erasure of data ('the right to be forgotten') if there are no grounds for its further processing (Art. 17 GDPR).
• The right to restriction of processing (Art. 18 GDPR).
• The right to object to the processing of data based on our legitimate interest (Art. 21 GDPR). In such a case, we will cease to process your data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
• The right to data portability – to the extent that the data is processed automatically on the basis of your consent or a contract (Art. 20 GDPR).
• The right to withdraw consent at any time. If we process your data based on consent (e.g., for handling an inquiry, for analytical cookies), you can withdraw it at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You can withdraw consent for cookies by changing the settings in the cookie management mechanism on the Service or in your browser settings. You can withdraw consent for the processing of data from the contact form by contacting us at the email address: [email protected].
• The right to lodge a complaint with a supervisory authority – the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland), if you believe that the processing of your personal data violates the provisions of the GDPR.

To exercise your rights, please contact us at the email address: [email protected]. We will respond to your request without undue delay, and in any case within one month of receiving the request. If necessary, this period may be extended by another two months due to the complexity of the request or the number of requests, of which we will inform you.

Our Service uses cookies and browser local storage to ensure the proper functioning of the site, facilitate its use, and for analytical and security purposes.

What are cookies and local storage?

Cookies are small text files saved on your device (computer, phone, tablet) when you visit websites. Local storage is a technology similar to cookies that allows data to be stored in your browser.

What data and technologies do we use?

• localStorage 'preferredLanguage': Saves your preferred language for the Service (Polish or English) so you don't have to select it on every visit. This is a functional file, necessary for the proper operation of this feature.
• localStorage 'cookieConsentGiven': Saves information about whether you have accepted consent for analytical cookies, so the information banner does not appear again on subsequent visits. This is a functional file.
• Google Analytics Cookies ('_ga', '_ga_*', '_gid', etc.): Used to collect anonymous statistics about visits and user behavior on the Service. They allow us, among other things, to distinguish users, count visits, traffic sources, and understand which content is most popular. These are analytical files, installed and used only with your prior, voluntary consent.
• Google reCAPTCHA Cookies ('_GRECAPTCHA', 'rc::a', 'rc::c', etc.): Used by Google to assess risk and confirm that the interaction with the contact form comes from a human and not a bot. These are functional/security files, the use of which is based on our legitimate interest in ensuring the security of the Service.
• Cookies related to Google Fonts and Font Awesome (may be set by Google/Cloudflare): May be used to optimize the delivery of fonts and icons. Their use is based on our legitimate interest in ensuring an attractive appearance of the Service.

Managing cookies and consents

During your first visit to the Service, an information banner (cookie consent management mechanism) is displayed, through which you can give or refuse consent for the use of analytical cookies. You also have the option to customize your preferences.

You can withdraw or change your consent for analytical cookies at any time via the 'Cookie Settings' link in the footer of the page.

You can also manage cookies through your web browser settings. Most browsers allow you to view, delete, and block cookies. However, please remember that restricting the use of cookies may affect some of the functionalities available on the Service. Detailed information on managing cookies can be found in the help section of your browser.

Personal data collected through the optymalizacjakredytowa.pl Service (i.e., data from the contact form, data from cookies) is not used for automated decision-making that would produce legal effects concerning you or similarly significantly affect you. We also do not use profiling in this regard that would have such consequences.

Any profiling for analytical purposes (e.g., by Google Analytics) is intended only to better understand the general trends and preferences of Service users and does not lead to automated decisions having significant effects on you.

If, within the scope of providing financial brokerage services (outside the Service, e.g., in the Notus CRM system), automated decision-making or profiling with significant effects occurs, you will be informed in detail in a separate information clause regarding those services.

We attach great importance to the security of your personal data. We use appropriate technical and organizational measures to protect your data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access. We regularly monitor our systems and procedures for potential threats.

However, please remember that no data transmission system over the Internet or any data storage system is 100% secure. If you have reason to believe that your interaction with us is no longer secure, please notify us of the problem immediately.

We reserve the right to make changes to this Policy. We will inform you of any changes by publishing the new version of the Policy on this page with a new effective date. In the event of significant changes that could substantially affect your rights or the way we process your data, we may also inform you in another, more direct way (e.g., via a notice on the homepage of the Service).

We encourage you to regularly review the content of this Policy to stay informed about the principles of protecting your personal data.

If you have any questions or concerns about this Privacy Policy or the way we process your personal data, please contact us:

DIGITAL & FINANCE SOLUTIONS ŁUKASZ TURCZYN
ul. Złota 75A/7, 00-819 Warsaw, Poland
Email: [email protected]