Skip to main content

Privacy Policy (GDPR) πŸ“œ

We are committed to protecting your privacy. This policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR).

Table of Contents​

  1. Introduction
  2. Data Controller
  3. Data We Collect
  4. How We Use Your Data
  5. Legal Basis for Processing
  6. Data Sharing
  7. Data Transfers
  8. Data Retention
  9. Your Rights
  10. Data Security
  11. Cookies
  12. Children's Privacy
  13. Policy Changes
  14. Contact Us

Introduction​

1it.pro ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website and tell you about your privacy rights and how the law protects you.

This policy applies to all services provided by 1it.pro including our website, CRM systems, automation tools, and all related services.

Data Controller​

Company Information​

🏒 Data Controller Details:​

Company Name: 1it.pro Legal Form: Jednoosobowa dziaΕ‚alnoΕ›Δ‡ gospodarcza (JDG) Registration Number: [Your Registration Number] Address: [Your Address], Poland Contact Email: [email protected] Contact Phone: +48 571 314 537 Data Protection Officer: [email protected]

Our Role​

As data controller, we are responsible for deciding how your personal data is processed and for complying with GDPR requirements.

Data We Collect​

Personal Data​

We collect various types of information about you:

Information You Provide​

πŸ“ Direct Collection:​

Account Information: β€’ Name and surname β€’ Email address β€’ Phone number β€’ Company name and position β€’ Username and password β€’ Billing information

Service Information: β€’ Website content you create β€’ CRM data (clients, deals) β€’ Communication history β€’ Documents and attachments β€’ Configuration settings

Support Communications: β€’ Messages and emails to support β€’ Support tickets and history β€’ Recorded calls (with consent) β€’ Feedback and surveys

Information Automatically Collected​

πŸ“Š Automatic Collection:​

Technical Data: β€’ IP address β€’ Browser type and version β€’ Operating system β€’ Device information β€’ Referring website β€’ Pages visited and time spent

Usage Data: β€’ Services used β€’ Features accessed β€’ Actions performed β€’ Errors encountered β€’ Performance data

Authentication Data: β€’ Login times and locations β€’ Failed login attempts β€’ Security events β€’ Session duration

Special Categories of Data​

We may process special categories of data with your explicit consent:

πŸ” Special Data (with consent):

β€’ Biometric data (if using facial recognition)
β€’ Health data (rarely, with explicit consent)
β€’ Political opinions (rarely, if relevant to services)
β€’ Religious beliefs (rarely, if relevant to services)

How We Use Your Data​

Primary Purposes​

We use your personal data for specific purposes:

Service Provision​

πŸ’Ό Service Delivery:​

β€’ Creating and managing your account β€’ Providing website and CRM services β€’ Setting up automation tools β€’ Processing payments β€’ Delivering support services β€’ Providing backups and security

Communication​

πŸ’¬ Communication Purposes:​

β€’ Responding to your inquiries β€’ Sending service notifications β€’ Providing updates about changes β€’ Sending newsletters (with consent) β€’ Marketing communications (with consent) β€’ Security alerts and warnings

Improvement and Development​

πŸš€ Service Improvement:​

β€’ Analyzing usage patterns β€’ Identifying service issues β€’ Testing new features β€’ Improving user experience β€’ Developing new services β€’ Optimizing performance

Security and Compliance​

πŸ”’ Security and Compliance:​

β€’ Preventing fraud and abuse β€’ Protecting against cyber attacks β€’ Ensuring data security β€’ Complying with legal obligations β€’ Maintaining audit trails β€’ Conducting security reviews

Automated Decision Making​

We may use automated processing for certain purposes:

πŸ€– Automated Processing:

With Your Consent:
β€’ Personalized service recommendations
β€’ Content customization
β€’ Relevant marketing offers

Without Explicit Consent:
β€’ Spam and malware detection
β€’ Security threat identification
β€’ Service technical optimization

You have the right to object to automated decision making that significantly affects you.

We process your data based on these legal grounds:

Contract Performance​

πŸ“„ Contract Necessity:

When Required: β€’ Providing services you requested β€’ Processing payments β€’ Delivering agreed services β€’ Managing your account

Examples: β€’ Website hosting requires your account data β€’ CRM services need your business data β€’ Support communications require issue details

βš–οΈ Legal Requirement:

When Required: β€’ Tax and accounting obligations β€’ Anti-money laundering checks β€’ Data retention laws β€’ Security incident reporting

Examples: β€’ Keeping financial records for required period β€’ Reporting security breaches to authorities β€’ Maintaining audit trails

Legitimate Interests​

🎯 Legitimate Interests:

When Used: β€’ Network and information security β€’ Fraud prevention β€’ Direct marketing (limited) β€’ Service improvement β€’ Business analytics

Examples: β€’ Monitoring for security threats β€’ Preventing account abuse β€’ Analyzing usage to improve services

βœ… Consent-Based Processing:

When Required: β€’ Marketing communications β€’ Data analytics beyond service delivery β€’ Personalization features β€’ Special category data processing

Examples: β€’ Sending newsletters (opt-in required) β€’ Using cookies for analytics β€’ Personalizing website content

We will always seek your explicit consent for processing that requires it under GDPR.

Data Sharing​

Who We Share Data With​

We may share your data with specific categories of recipients:

Service Providers​

🏒 Third-Party Service Providers:

Hosting Providers:
β€’ Data center operators (Hetzner, etc.)
β€’ Cloud service providers
β€’ Content delivery networks

Communication Services:
β€’ Email service providers
β€’ SMS gateways
β€’ Telecommunication providers

Payment Processors:
β€’ Payment gateways
β€’ Banks and financial institutions
β€’ Billing service providers

Technical Services:
β€’ Security software providers
β€’ Monitoring services
β€’ Backup and storage providers
βš–οΈ Legal Sharing:

When Required:
β€’ Law enforcement authorities
β€’ Regulatory bodies
β€’ Tax authorities
β€’ Court orders

Process:
β€’ Verify legal basis
β€’ Provide only required data
β€’ Document disclosure
β€’ Notify you (unless prohibited)

Business Transfers​

πŸ”„ Business Changes:

Possible Scenarios:
β€’ Sale of business unit
β€’ Merger or acquisition
β€’ Asset transfer
β€’ Restructuring

Your Rights:
β€’ Notified in advance
β€’ Right to object
β€’ Data protection maintained
β€’ Choice of new controller

Data Transfers​

Your data may be transferred outside the EU:

Transfer Mechanisms​

🌍 International Transfers:

Adequacy Decision:
β€’ To countries with adequacy decision
β€’ Recognized sufficient protection

Appropriate Safeguards:
β€’ Standard Contractual Clauses (SCCs)
β€’ Binding Corporate Rules (BCRs)
β€’ EU-US Privacy Shield (if applicable)
β€’ Your explicit consent

Transfers To:
β€’ United States (with safeguards)
β€’ Other countries with proper protections
β€’ Limited transfers for specific purposes

Data Retention​

How Long We Keep Data​

We retain your data only as long as necessary:

Retention Periods​

⏰ Data Retention by Type:

Account Data:
β€’ While account active: Indefinitely
β€’ After account closure: 3 years
β€’ Legal requirement: As required

Transaction Data:
β€’ Financial records: 7 years (tax requirement)
β€’ Payment data: 5 years
β€’ Invoices: 7 years

Communications:
β€’ Support tickets: 2 years
β€’ Emails: 2 years
β€’ Chat history: 1 year

Analytics Data:
β€’ Usage statistics: 2 years
β€’ Performance data: 1 year
β€’ Security logs: 1 year

Special Cases:
β€’ Legal holds: Until matter resolved
β€’ Regulatory requirements: As specified
β€’ Litigation: Until conclusion

Deletion Process​

πŸ—‘οΈ Deletion Process:

Automatic Deletion:
β€’ When retention period expires
β€’ Account closure completed
β€’ Service termination

Manual Deletion:
β€’ Your deletion request
β€’ Data no longer needed for purpose
β€’ Duplicate or obsolete data

Verification:
β€’ Confirm identity for deletion
β€’ Verify account ownership
β€’ Prevent accidental deletion
β€’ Document deletion action

Your Rights​

GDPR Rights​

You have specific rights regarding your personal data:

Right to Access​

πŸ” Access Your Data:

What You Can Request:
β€’ Confirmation if we process your data
β€’ Copy of all your personal data
β€’ Categories of data we process
β€’ Purposes of processing
β€’ Recipients of your data

How to Request:
β€’ Through personal account
β€’ Email to [email protected]
β€’ Free of charge (unless excessive)

Response Time:
β€’ Within 1 month (extendable by 2 months)
β€’ Secure delivery method
β€’ Data in common format

Right to Rectification​

✏️ Correct Your Data:

When to Request:
β€’ Data is inaccurate
β€’ Data is incomplete
β€’ Information needs updating

Our Response:
β€’ Correct without undue delay
β€’ Notify recipients of correction
β€’ Inform of your right to rectify
β€’ Confirm completion

Right to Erasure​

πŸ—‘οΈ Delete Your Data:

When to Request:
β€’ Data no longer needed for purpose
β€’ Consent withdrawn (only if based on consent)
β€’ Legitimate interest objection
β€’ Unlawful processing
β€’ Legal obligation requires deletion

Exceptions:
β€’ Legal obligation to keep
β€’ Exercise of legal rights
β€’ Public interest task
β€’ Public health purpose
β€’ Archiving purpose

Right to Restrict Processing​

⏸️ Restrict Data Use:

When to Request:
β€’ Accuracy contested (during verification)
β€’ Unlawful processing (but you want retention)
β€’ No longer needed but you need retention
β€’ Objection to processing (during verification)

During Restriction:
β€’ Storage only
β€’ No active processing
β€’ With consent: other processing
β€’ With agreement: certain processing

Right to Data Portability​

πŸ“€ Move Your Data:

When to Request:
β€’ Processing based on consent
β€’ Automated processing
β€’ Directly provided by you

What You Receive:
β€’ Structured, common format
β€’ Machine-readable format
β€’ Transmission to another controller
β€’ Where technically feasible

Format Options:
β€’ CSV, JSON, XML
β€’ Direct API access
β€’ Physical media (if needed)

Right to Object​

🚫 Object to Processing:

Legitimate Interest Processing:
β€’ At any time
β€’ Specific reasons for objection
β€’ Stop processing unless:
  β€’ Compelling legitimate grounds
  β€’ Legal claims exercise

Direct Marketing:
β€’ Absolute right to object
β€’ No costs or fees
β€’ Simple method to object
β€’ Immediate effect on marketing

Automated Decision Rights​

πŸ€– Automated Decisions:

Your Rights:
β€’ Not subject to solely automated decisions
β€’ Express your point of view
β€’ Request human intervention
β€’ Challenge the decision
β€’ Obtain explanation

Exceptions:
β€’ Contract performance necessity
β€’ Authorized by law
β€’ With your explicit consent
βœ‹ Withdraw Consent:

How to Withdraw:
β€’ Any time, as easily as given
β€’ In personal account settings
β€’ By email to [email protected]
β€’ Unsubscribe links in communications

Effect:
β€’ Stops future processing
β€’ Past processing legality unaffected
β€’ Cannot retroactively delete all effects
β€’ Alternative legal basis may exist

Exercising Your Rights​

How to Make Requests​

πŸ“‹ Request Process:

Required Information:
β€’ Your identity (name, email, account ID)
β€’ Specific right being exercised
β€’ Relevant details about your request

Submission Methods:
β€’ Email: [email protected]
β€’ Mail: [Company Address]
β€’ Through personal account
β€’ In-person appointment (by arrangement)

Response:
β€’ Within 1 month typically
β€’ Explanation if extension needed
β€’ Action taken details
β€’ Information about further rights

Data Security​

Security Measures​

We implement appropriate security measures:

Technical Security​

πŸ” Technical Protections:

Encryption:
β€’ Data at rest: AES-256
β€’ Data in transit: TLS 1.3
β€’ Key management: HSM
β€’ Regular key rotation

Access Control:
β€’ Authentication required
β€’ Multi-factor authentication
β€’ Role-based permissions
β€’ Principle of least privilege
β€’ Regular access reviews

System Security:
β€’ Regular updates and patching
β€’ Security monitoring 24/7
β€’ Intrusion detection/prevention
β€’ Vulnerability scanning
β€’ Penetration testing

Organizational Security​

πŸ‘₯ Organizational Measures:

Policies and Procedures:
β€’ Security policies documented
β€’ Staff training programs
β€’ Data handling procedures
β€’ Incident response plans
β€’ Compliance monitoring

Physical Security:
β€’ Secure data center access
β€’ Visitor controls
β€’ Equipment security
β€’ Environmental controls
β€’ Surveillance systems

Security Breaches​

Breach Notification​

🚨 Security Incident Response:

Detection:
β€’ Immediate assessment
β€’ Impact determination
β€’ Affected individuals identification

Notification:
β€’ Within 72 hours of awareness
β€’ To you (if affected)
β€’ To supervisory authority
β€’ Clear description of breach
β€’ Likely consequences
β€’ Measures taken/proposed

What We Provide:
β€’ Nature of breach
β€’ Categories of data concerned
β€’ Likely consequences
β€’ Contact point for more info
β€’ Measures to address risks

Cookies​

What Are Cookies​

Cookies are small text files stored on your device when you visit our website.

πŸͺ Cookie Types:

Essential Cookies:
β€’ Required for website to function
β€’ Authentication
β€’ Shopping cart (if applicable)
β€’ Security features

Functional Cookies:
β€’ Remember your preferences
β€’ Language settings
β€’ Display settings
β€’ Saved forms

Analytical Cookies:
β€’ Website analytics
β€’ Usage statistics
β€’ Performance monitoring
β€’ Anonymized data collection

Marketing Cookies:
β€’ Personalization
β€’ Ad tracking (limited)
β€’ Conversion tracking (with consent)
β€’ Social media integration

Managing Cookies​

βš™οΈ Cookie Control:

Your Options:
β€’ Accept all cookies
β€’ Reject all cookies (limits functionality)
β€’ Select by category
β€’ Browser settings
β€’ Cookie consent banner

Browser Management:
β€’ Clear cookies anytime
β€’ Block cookies from specific sites
β€’ Private/incognito browsing
β€’ Third-party cookie controls

Website Options:
β€’ Cookie settings panel
β€’ Consent management
β€’ Opt-out of analytics
β€’ Marketing preferences

Local Storage​

We may use browser local storage for:

πŸ’Ύ Local Storage Uses:

β€’ User preferences
β€’ Application state
β€’ Session information
β€’ Cached data
β€’ Authentication tokens

Same privacy principles apply to local storage as cookies.

Children's Privacy​

Our Policy​

We do not knowingly collect personal data from children under 16 without parental consent.

What We Do​

πŸ‘Ά Children's Privacy:

βœ… DO:
β€’ Implement age verification where appropriate
β€’ Obtain parental consent when required
β€’ Limit data collection from children
β€’ Provide clear privacy notices
β€’ Respond to parental requests

❌ DON'T:
β€’ Target children in marketing
β€’ Collect excessive data from children
β€’ Share children's data without consent
β€’ Track children across sites

Parental Rights​

πŸ‘¨β€πŸ‘©β€πŸ‘§ Parental Rights:

If Child Data Collected:
β€’ Review child's data
β€’ Request deletion
β€’ Object to processing
β€’ Withdraw consent
β€’ Additional information request

Policy Changes​

Updates and Notifications​

We may update this privacy policy from time to time:

When Changes Occur​

πŸ“ Policy Updates:

Notification:
β€’ Website notice
β€’ Email to registered users
β€’ Significant changes: 30 days notice
β€’ Minor changes: Notice in reasonable time

What May Change:
β€’ New services added
β€’ Legal requirements change
β€’ Technology improvements
β€’ Business model changes
β€’ Feedback from users

Continued Use​

βœ… Your Choices:

After Changes:
β€’ Review updated policy
β€’ Continue use = acceptance
β€’ Object to changes: Contact us
β€’ Close account ifδΈεŒζ„
β€’ Export data before account closure

Contact Us​

How to Reach Us​

For questions about this privacy policy or your personal data:

Contact Information​

πŸ“§ Privacy Inquiries:

Email: [email protected]
Phone: +48 571 314 537
Mail: [Company Address]
Data Protection Officer: [email protected]
Response Time: Within 30 days

For Data Subject Requests:
Email: [email protected]
Subject: Data Subject Request - [Your Name]
Required: Identity verification

Complaints​

If you are not satisfied with our response:

βš–οΈ Supervisory Authority:

You Have the Right to:
β€’ Complain to supervisory authority
β€’ Seek judicial remedy
β€’ Contact Polish Data Protection Authority (UODO)
β€’ Contact relevant authority in your country

Polish Authority:
UODO (UrzΔ…d Ochrony Danych Osobowych)
Website: uodo.gov.pl

Effective Date​

This privacy policy is effective from: [Date]

This policy was last updated: [Date]

We reserve the right to update this policy at any time.

What Next?​