Privacy Policy
Last updated: 1 January 2025.
1. Data Controller
The controller of your personal data is SecureWarp Sp. z o.o. (KRS: 5342655540), contact address: office [at] securewarp.pl.
We have not appointed a Data Protection Officer. For matters relating to the processing of personal data, you may contact us directly at the address given above.
2. Purposes and Legal Bases for Processing
| Purpose of processing | Legal basis | Retention period |
|---|---|---|
| Responding to enquiries submitted via contact form or email | Art. 6(1)(b) GDPR — steps prior to entering into a contract; Art. 6(1)(f) GDPR — legitimate interest of the controller | Up to 2 years from the last contact |
| Performance of a cybersecurity services contract | Art. 6(1)(b) GDPR — necessity for the performance of a contract | Up to 5 years after the end of the contract (tax and archival requirements) |
| Issuing invoices and accounting documentation | Art. 6(1)(c) GDPR — legal obligation (Accounting Act) | 5 years from the end of the tax year |
| Establishment or defence of legal claims | Art. 6(1)(f) GDPR — legitimate interest of the controller | Until the limitation period expires (up to 6 years) |
| Website analytics and statistics (no advertising cookies) | Art. 6(1)(f) GDPR — legitimate interest | Up to 26 months |
3. Recipients of Data
Your data may be transferred exclusively to:
- IT service providers — hosting (Cloudflare Pages), email (Microsoft 365). They process data solely on our instructions and on the basis of data processing agreements.
- Public authorities — only when required by law (e.g. tax authorities, courts).
We do not sell, rent or share personal data with third parties for marketing purposes. We do not use external advertising trackers.
4. International Transfers of Data
Data may be processed by Cloudflare, Inc. (USA) on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of protection.
5. Your Rights
Under the GDPR, you have the following rights:
- Right of access (Art. 15) — you may obtain information about the data being processed and a copy thereof
- Right to rectification (Art. 16) — you may request the correction of inaccurate data
- Right to erasure (Art. 17) — you may request the deletion of data when it is no longer necessary
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20) — for data processed automatically on the basis of consent or a contract
- Right to object (Art. 21) — to processing based on legitimate interest
- Right to lodge a complaint — with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland)
Please send requests to exercise your rights to: office [at] securewarp.pl. We will respond within 30 days.
6. Cookies and Tracking Technologies
The securewarp.pl website does not use advertising cookies, tracking pixels or behavioural analytics tools. Only strictly necessary technical cookies required for the website to function (session, preferences) may be used.
The website is hosted on Cloudflare Pages — Cloudflare may process network connection metadata (IP address, HTTP headers) for network security and CDN purposes, in accordance with its own privacy policy.
7. Data Security
We apply technical and organisational measures proportionate to the risk, including transmission encryption (TLS), access controls, pseudonymisation where possible, and regular security reviews. As a cybersecurity company, we treat data protection as an operational priority.
8. Changes to the Privacy Policy
This policy may be updated in response to legal or technical changes. We will give advance notice of material changes on this page. The date of the last update appears at the top of this document.
9. Contact
For matters relating to personal data protection, please contact the controller: office [at] securewarp.pl