Privacy Policy
1. DATA CONTROLLER
The controller of personal data collected through the website visuality.pl is:
Visuality sp. z o.o.
ul. Gwiaździsta 7C/37, 01-651 Warsaw, Poland
NIP: PL 525 240 75 31 | KRS: 0001154778
Contact for data protection matters: contact@visuality.pl
2. WHAT WE DO
Visuality is a software development agency. We design and build web and mobile applications for clients worldwide. Our website serves as an informational and contact point for potential and existing clients.
3. WHAT DATA WE PROCESS AND LEGAL BASIS
3.1. Contact / Estimation Request Form
| Data scope | Name, email address, phone number, project description |
| Processing purpose | Responding to inquiries about our software development services |
| Legal basis | Art. 6(1)(b) GDPR — taking steps at the request of the data subject prior to entering into a contract; Art. 6(1)(f) GDPR — legitimate interest of the controller (handling correspondence) |
| Retention period | For the time necessary to handle the inquiry, then for the limitation period of potential claims (3 years) |
| Data provision | Voluntary, but necessary to handle your inquiry |
3.2. Web Analytics
| Data scope | Anonymized IP address, device and browser information, pages visited, time spent on pages, interaction data |
| Processing purpose | Website traffic analysis, advertising effectiveness measurement, and improvement of our services |
| Legal basis | Art. 6(1)(a) GDPR — user consent |
| Retention period | According to the respective service settings (Google Analytics: default 14 months) |
| Data provision | Voluntary — data collected only after consent to analytics and marketing cookies |
4. DATA RECIPIENTS AND PROCESSORS
Personal data may be shared with the following categories of recipients:
| Entity | Purpose | Location |
|---|---|---|
| Google LLC | Web analytics (Google Analytics), advertising (Google Ads) | USA — EU-US Data Privacy Framework |
| Meta Platforms Inc. | Advertising effectiveness measurement (Facebook Pixel) | USA — EU-US Data Privacy Framework |
| Cloudflare Inc. | DDoS protection, CDN, DNS | USA — EU-US Data Privacy Framework + Standard Contractual Clauses |
| Hosting providers | Server and website hosting | EU |
Personal data is not sold to third parties.
5. DATA SUBJECT RIGHTS
Under the GDPR, you have the following rights:
- Right of access (Art. 15) — you can obtain information about whether we process your data and receive a copy.
- Right to rectification (Art. 16) — you can request correction of inaccurate data.
- Right to erasure (Art. 17) — you can request deletion of your data.
- Right to restriction of processing (Art. 18) — you can request restriction of processing in certain cases.
- Right to data portability (Art. 20) — you can request your data in a structured format.
- Right to object (Art. 21) — you can object to processing based on legitimate interest.
- Right to withdraw consent (Art. 7(3)) — for processing based on consent (e.g., analytics cookies), you can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, contact us: contact@visuality.pl
You also have the right to lodge a complaint with a supervisory authority:
President of the Personal Data Protection Office (PUODO)
ul. Stawki 2, 00-193 Warsaw
https://uodo.gov.pl
6. DATA TRANSFERS OUTSIDE THE EEA
Some processors handling data on our behalf are based in the United States (Google, Meta, Cloudflare). Data transfers are based on:
- European Commission adequacy decision under the EU-US Data Privacy Framework (DPF) — for entities certified under the DPF program.
- Standard Contractual Clauses (SCCs) approved by the European Commission — as an additional safeguard.
7. DATA SECURITY
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or modification, including:
- Data transmission encryption (HTTPS/TLS)
- DDoS protection (Cloudflare)
- Restricted access to databases and personal data, limited to relevant personnel
- Regular backups
8. AUTOMATED DECISION-MAKING
We do not make automated decisions, including profiling, within the meaning of Art. 22 GDPR, that would produce legal effects concerning you or similarly significantly affect you.
9. COOKIES
What are cookies?
Cookies are small text files stored on your device when you use our website. We use them to ensure proper website functionality and to analyze traffic.
Types of cookies
| Category | Purpose | Consent required? |
|---|---|---|
| Essential | Proper website functionality, security, attack protection (Cloudflare) | No — Art. 6(1)(f) GDPR |
| Analytics | Website traffic analysis (Google Analytics) — collecting anonymized visit statistics | Yes — Art. 6(1)(a) GDPR |
| Marketing | Advertising effectiveness measurement (Google Ads, Facebook Pixel) | Yes — Art. 6(1)(a) GDPR |
Managing cookies
You can manage your cookie preferences through your browser settings or disable them entirely. Please note that disabling essential cookies may affect website functionality. Refusing analytics and marketing cookies does not affect your ability to use the website.
10. CHANGES TO THE PRIVACY POLICY
This privacy policy may be updated to reflect changes in our data processing practices or changes in applicable law. The date of the last update is provided at the beginning of this document.
11. CONTACT
If you have questions about this privacy policy or the processing of your personal data, contact us:
Visuality sp. z o.o.
ul. Gwiaździsta 7C/37, 01-651 Warsaw
Email: contact@visuality.pl