Privacy Policy

Effective date: 10 March 2026

Last updated: 10 March 2026

1. Data Controller

1. The controller of your personal data is Konrad Kaminski, conducting business under the name Kaminski.link, with registered address at ul. P.O.W. 17/404, 97-200 Tomaszow Mazowiecki, Poland, Tax ID (NIP): PL7732503951 (hereinafter "Controller").
2. You can contact the Controller regarding personal data matters at: [email protected].

2. Scope of Data Collected

1. The Controller collects personal data in the following situations:
   • Contact form: name, email address, phone number (optional), message content;
   • Website browsing: IP address, browser type and version, operating system, referring URL, pages visited, date and time of visit, and other technical data collected automatically through cookies and similar technologies (see Cookie Policy);
   • Email correspondence: name, email address, and any personal data voluntarily included in the message.
2. The Controller does not collect special categories of personal data (sensitive data) as defined in Article 9 of GDPR.
3. The Website does not require user registration and does not process payment data.

3. Purposes and Legal Bases for Processing

Your personal data is processed for the following purposes and on the following legal bases:

1. Responding to enquiries submitted via the contact form or email — legal basis: Article 6(1)(f) of GDPR (legitimate interest of the Controller, i.e. responding to enquiries and maintaining business communication).
2. Conducting pre-contractual negotiations and performing contracts — legal basis: Article 6(1)(b) of GDPR (performance of a contract or taking steps at the request of the data subject prior to entering into a contract).
3. Analytical and statistical purposes — to improve the Website's functionality and content — legal basis: Article 6(1)(f) of GDPR (legitimate interest of the Controller).
4. Marketing purposes (only with your consent) — displaying personalised advertisements, remarketing — legal basis: Article 6(1)(a) of GDPR (consent), which can be withdrawn at any time via the cookie consent settings.
5. Establishing, pursuing, or defending legal claims — legal basis: Article 6(1)(f) of GDPR (legitimate interest of the Controller).
6. Compliance with legal obligations — e.g. tax and accounting requirements — legal basis: Article 6(1)(c) of GDPR.

4. Data Retention Periods

1. Personal data collected through the contact form and email correspondence is stored for a period not exceeding 12 months from the last contact, unless the data is necessary for the performance of a contract or for establishing, pursuing, or defending legal claims.
2. Data processed for contract performance purposes is retained for the duration of the contract and for a subsequent period as required by applicable law (up to 5 years for tax-related obligations under Polish law, or up to 6 years for potential claims under the Polish Civil Code).
3. Data processed on the basis of consent is retained until the consent is withdrawn.
4. Analytical and statistical data is retained for 26 months from collection.

5. Recipients of Personal Data

1. Your personal data may be shared with the following categories of recipients (data processors acting on behalf of the Controller):
   • Resend Inc. — email delivery service provider; data is processed on servers located in the European Union (Ireland); Resend Privacy Policy;
   • Cloudflare, Inc. — hosting (Cloudflare Pages), CDN, DNS, and DDoS protection provider; data may be processed in EU and US data centres; Cloudflare participates in the EU-US Data Privacy Framework; Cloudflare Privacy Policy;
   • Analytics and marketing service providers — only if you have given your consent via the cookie banner (see Cookie Policy for details).
2. Your personal data may also be disclosed to authorised public authorities upon a lawful request, in accordance with applicable law.
3. The Controller does not sell your personal data to any third parties.

6. Transfer of Data Outside the EEA

1. Some of the Controller's data processors (e.g. Cloudflare) may process data outside the European Economic Area (EEA), including in the United States.
2. In such cases, the transfer is safeguarded by:
   • the EU-US Data Privacy Framework (adequacy decision of the European Commission of 10 July 2023);
   • Standard Contractual Clauses (SCCs) adopted by the European Commission; or
   • other appropriate safeguards as required by Chapter V of the GDPR.
3. You may request a copy of the applicable safeguards by contacting the Controller.

7. Your Rights Under GDPR

1. In accordance with GDPR, you have the following rights:
   • Right of access (Article 15) — you have the right to obtain confirmation as to whether your personal data is being processed and to access that data;
   • Right to rectification (Article 16) — you have the right to request the correction of inaccurate data or the completion of incomplete data;
   • Right to erasure ("right to be forgotten") (Article 17) — you have the right to request the deletion of your data when, among other situations, the data is no longer necessary for the purposes for which it was collected;
   • Right to restriction of processing (Article 18) — you have the right to request restriction of processing in specific circumstances;
   • Right to data portability (Article 20) — you have the right to receive your data in a structured, commonly used, and machine-readable format;
   • Right to object (Article 21) — you have the right to object to data processing based on the Controller's legitimate interests, including profiling;
   • Right to withdraw consent (Article 7(3)) — where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to the withdrawal.
2. To exercise any of the above rights, please contact the Controller at: [email protected]. The Controller will respond to your request within 30 days. If the request is complex, this period may be extended by an additional 60 days, of which you will be notified.
3. You also have the right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warszawa, Poland, website: uodo.gov.pl.

8. Automated Decision-Making and Profiling

1. The Controller does not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or significantly affect you in a similar manner.
2. Analytics cookies may be used to create anonymised, aggregated usage statistics, but this does not constitute profiling within the meaning of Article 22 of GDPR.

9. Security of Personal Data

1. The Controller implements appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction, including:
   • SSL/TLS encryption for all data transmitted between the User's browser and the Website;
   • hosting on Cloudflare infrastructure with DDoS protection and Web Application Firewall (WAF);
   • restricted access to personal data on a need-to-know basis;
   • regular review of data processing procedures.

10. Cookies

1. The Website uses cookies and similar technologies. Detailed information about the types of cookies used, their purposes, and how to manage them is available in the Cookie Policy.

11. Changes to This Privacy Policy

1. The Controller reserves the right to update this Privacy Policy to reflect changes in legal requirements, data processing practices, or Website functionality.
2. Any changes take effect upon publication on the Website. The date of the last update is indicated at the top of this document.
3. The Controller encourages Users to review this Privacy Policy periodically.

12. Contact

For any questions regarding the processing of your personal data, please contact:

• Business name: Kaminski.link — Konrad Kaminski
• Address: ul. P.O.W. 17/404, 97-200 Tomaszow Mazowiecki, Poland
• Email: [email protected]
• Phone: +48 730 695 095

Disclaimer: This Privacy Policy has been prepared for informational purposes and should not be treated as legal advice. It is recommended to consult a qualified legal professional for verification.