This document is for information purposes and does not replace individual legal advice. Contact us or your legal adviser if in doubt.

This Privacy Policy explains how we process personal data and information about users of code-one.pl (the “Service”).

1. Data Controller and contact

1. The Data Controller is Code One Marketing Sp. z o.o., pl. Jana Kilińskiego 2, 35-005 Rzeszów, Poland, tax ID (NIP): 8133781992 (“Controller”).
2. Privacy enquiries: [email protected], tel. +48 502 190 642.
3. This policy applies to https://code-one.pl (Polish and English versions).
4. No Data Protection Officer has been designated — contact [email protected] for GDPR matters.

2. Purposes and legal bases

• Contact form — name, e-mail, company (optional), project type, message, locale, GDPR consent. Legal basis: Art. 6(1)(b) pre-contract steps and (a) consent (checkbox).
• E-mail correspondence — form data and message content. Legal basis: Art. 6(1)(b) and (f) legitimate interest.
• CMS storage — form data, truncated IP hash, User-Agent. Legal basis: Art. 6(1)(f) security and abuse prevention.
• Cookies and consent — consent ID and category choices. Legal basis: Art. 6(1)(f); optional categories — (a) banner consent.
• Analytics (if deployed) — technical events only after consent. Legal basis: Art. 6(1)(a).
• Server logs — IP, timestamps, URL, browser, referrer, HTTP codes. Legal basis: Art. 6(1)(f).

We do not make automated decisions with legal or similar significant effects, nor profile users under Art. 22 GDPR in connection with the Service.

3. Contact form

1. The Contact page form is for business or technical enquiries.
2. Required: name, e-mail, message and privacy consent (checkbox).
3. Optional: company, project category.
4. Submissions are stored in the Service database (admin panel) and — if mail is configured — sent to [email protected]. You may receive an automatic acknowledgement.
5. IP addresses are not stored in plain text — only a short hash for abuse prevention.

4. Retention periods

1. Form submissions — up to 24 months from last contact on the matter, unless you object or request erasure earlier, or law requires longer retention.
2. E-mail — per the Controller’s mailbox retention policy, typically 24–36 months.
3. Cookie preferences — up to 12 months or until cleared in the browser.
4. Server/host logs — typically 30–90 days per hosting policy, longer if required for security incidents.
5. Consent-based processing — until consent is withdrawn or the purpose ends.

5. Recipients and processors

Data may be shared with:

1. Authorised staff and contractors of the Controller.
2. Hosting / infrastructure provider in the European Union (server, PostgreSQL, backups) under a data processing agreement.
3. E-mail (SMTP) provider — when outbound mail is enabled, for replies and confirmations.
4. CDN / reverse proxy (e.g. Cloudflare) — if enabled; IP and traffic metadata per provider documentation and safeguards.
5. Analytics tools — only after your banner consent and actual deployment by the Controller (see § 9).

We do not sell personal data or share it for third-party marketing without your consent.

6. Transfers outside the EEA

1. Core processing (hosting, CMS, forms) takes place in the EEA.
2. Transfers outside the EEA may occur only in connection with services in § 5, with appropriate safeguards (e.g. EU Standard Contractual Clauses) and updated disclosure in this Policy.

7. Your rights

You have the right to access, rectification, erasure, restriction, data portability (where applicable), object to legitimate-interest processing, and to withdraw consent at any time — including via the cookie banner or “Cookie settings” in the footer.

We respond without undue delay within GDPR time limits and may ask you to verify your identity.

Supervisory authority (Poland): President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw.

8. Security

TLS encryption, restricted admin access, software updates, and organisational/technical measures proportionate to risk.

9. Cookies and analytics

1. Details: Cookie Policy — https://code-one.pl/en/cookie-policy.
2. Manage consent in the cookie banner and Cookie settings in the footer.
3. Current state: essential cookies and — with your consent — banner preferences (localStorage / cookie file). Functional: after consent, your chosen interface language (PL/EN) is remembered. Analytics / marketing: third-party scripts (e.g. Google Analytics, ad tags in GTM) load only after consent to the relevant category and when the tool is configured by the Controller.
4. Disabling essential cookies may limit functionality (e.g. CMS login).

10. Voluntary provision

Form data is voluntary but required to handle your enquiry. Without GDPR consent the form cannot be submitted.

11. Changes

We may update this Policy for legal or operational reasons. Material changes are published with a new “Last updated” date; renewed consent may be requested where required by law.

Last updated: 22 May 2026. Site: code-one.pl. Contact: [email protected].