Contact


    Privacy Policy

    1. Data Controller

    The Data Controller is Poland Documents, a sole proprietorship (Jednoosobowa działalność gospodarcza) registered in the Republic of Poland.

    Contact regarding personal data processing matters: inbox@polandoc.com

    2. Categories of Personal Data Processed

    We process personal data voluntarily provided by users when contacting us via contact forms, email, or messaging services (including WhatsApp). Such data may include:

    • first and last name;
    • telephone number;
    • email address;
    • content of the message or submitted documentation.

    In addition, certain technical data is processed automatically, including:

    • IP address (within Google Analytics configuration);
    • browser data (user-agent);
    • device type;
    • date and time of visit;
    • information about on-site activity.

    Where invoices are issued, we process data necessary for accounting and tax compliance purposes, including name, surname, address, tax identification number, and other legally required details.

    3. Purposes and Legal Basis for Processing

    Personal data is processed in accordance with Article 6(1)(b), 6(1)(c), and 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) for the following purposes:

    • responding to user inquiries;
    • taking steps prior to entering into a contract and performing contractual obligations;
    • issuing invoices and maintaining accounting records;
    • ensuring website security and proper technical functioning;
    • complying with legal obligations under applicable Polish and EU law, including accounting and tax regulations.

    Where required by law, processing is also carried out pursuant to Article 6(1)(c) GDPR in connection with statutory obligations, including those arising from Polish accounting and tax legislation.

    4. Contact Forms and Correspondence

    Messages submitted through website contact forms are delivered to the administrator’s email account and are not stored in the website database unless technically required for system integrity.

    Email correspondence is retained for the period necessary to process the request and, where applicable, to establish, exercise, or defend legal claims.

    5. Cookies and Analytics

    The website uses cookies necessary for its proper functioning and analytical tools provided by Google Analytics (GA4).

    Google Analytics may process technical data relating to users. Processing is conducted in accordance with Google’s Privacy Policy and applicable data protection safeguards.

    Users may disable cookies through their browser settings. Disabling certain cookies may affect website functionality.

    6. Data Sharing and Processors

    Personal data may be transferred to trusted service providers acting as data processors under appropriate contractual arrangements, including:

    • Hostinger (website hosting services);
    • Google (analytics and related technical services);
    • InFakt (online accounting and invoicing services);
    • providers of email and communication services.

    Data is shared solely to the extent necessary for the provision of services and in accordance with data processing agreements compliant with Article 28 GDPR.

    7. Data Retention

    Personal data related to inquiries is retained for the period necessary to respond to and manage the request, and subsequently for the limitation period applicable to potential legal claims.

    Accounting and tax documentation is retained for the period required under Polish law, including the Polish Accounting Act and applicable tax regulations.

    8. Rights of the Data Subject

    Under the GDPR, users have the right to:

    • access their personal data;
    • request rectification of inaccurate data;
    • request erasure of data (within the limits permitted by law);
    • request restriction of processing;
    • object to processing based on legitimate interest;
    • lodge a complaint with the competent supervisory authority.

    In Poland, the competent supervisory authority is the President of the Personal Data Protection Office (UODO).

    9. Transfers Outside the European Economic Area

    Some service providers (for example, Google) may process data outside the European Economic Area (EEA).

    Where such transfers occur, appropriate safeguards are applied in accordance with Chapter V of the GDPR, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission or other lawful transfer mechanisms.

    10. Security Measures

    We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction, taking into account the nature of the data and the risks associated with processing.

    11. Amendments

    The current version of this Privacy Policy is always available on this page. The Data Controller reserves the right to amend this Policy to reflect legal, regulatory, or operational changes.

    contact-bg-min

    Request a Callback



      contact-img-min