Privacy Policy

I GENERAL PROVISIONS OF THE PRIVACY POLICY

  1. The purpose of this Privacy Policy (hereinafter: “Privacy Policy”) is to ensure all users (“Users”) of the website operating under the address www.arlemi.pl (“Website”) the security of their personal data being processed.

  2. The Privacy Policy defines the method of collecting, processing, and storing personal data necessary for the provision of electronic services via the Website.

  3. The Controllers of Users’ personal data are:

  • Arian Orwat, NIP 7812045344, REGON 524031360, operating under the business name Arian Orwat – partner in a civil law partnership
  • Jakub Lemiesiewicz, NIP 9721334954, REGON 524031130, operating under the business name Jakub Lemiesiewicz Lemis – partner in a civil law partnership

  1. Users’ personal data is processed on the following legal bases:

    a. necessity for the performance of a contract or to take action prior to its conclusion (Article 6(1)(b) GDPR), specifically for the purposes of:

    1. providing the newsletter service;
    2. using contact forms to communicate with the Controller;
    3. enabling access to materials related to the content published on the Website;

    b. legitimate interests of the Controller (Article 6(1)(f) GDPR), specifically for the purposes of:

    1. marketing of the Controller’s own products and services, including for analytical and profiling purposes, where the legitimate interest of the Controller is direct marketing of its own products and services. Profiling aims to prepare product offers tailored to Website users’ preferences;
    2. using contact forms made available by the Controller on the Website, where the legitimate interest of the Controller is to provide user support and respond to inquiries;
    3. defense against potential claims, where the legitimate interest of the Controller is to pursue or defend claims.

II PERIOD OF PERSONAL DATA PROCESSING

  1. Users’ personal data will be processed only for the period necessary to fulfill the purpose for which they were collected or as long as required of the Controller by law, particularly until the statute of limitations of possible claims or expiration of archiving obligations under legal provisions.

  2. For data processed in connection with the newsletter service, Users’ personal data will be processed for as long as the service is provided, until a given User unsubscribes.

  3. Where processing is based on consent, Users’ data will be stored until such consent is withdrawn. Consent can be withdrawn at any time, including consent for marketing purposes by partners of the Controller. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

  4. Where processing is based on the legitimate interests of the Controller, processing will cease earlier if the User effectively objects to the processing of their data.

III USER RIGHTS UNDER GDPR

  1. In connection with data processing by the Controller, the User has the rights provided for under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), in particular:

    a. Right of access (Art. 15 GDPR):
    The User has the right to obtain confirmation whether their personal data is being processed and, if so, to access such data, receive a copy, and obtain information on the purposes of processing, categories of data, recipients, retention period or criteria, their rights, and any automated decision-making.

    b. Right to rectification (Art. 16 GDPR):
    If the User finds their data inaccurate or incomplete, they may request its immediate rectification or completion.

    c. Right to erasure (“right to be forgotten”, Art. 17 GDPR):
    The User may request the deletion of their data if one of the grounds in Art. 17 GDPR applies, e.g., when data is no longer necessary, or consent is withdrawn and no other legal basis applies.

    d. Right to restriction of processing (Art. 18 GDPR):
    The User may request restriction in cases specified by GDPR, e.g., when contesting the accuracy of data during verification by the Controller.

    e. Right to data portability (Art. 20 GDPR):
    Where processing is based on consent or contract and is automated, the User has the right to receive their data in a structured, machine-readable format and request it be transferred to another controller where technically feasible.

    f. Right to object (Art. 21 GDPR):
    The User may object to processing based on the Controller’s legitimate interests.

    g. Right to withdraw consent (Art. 7(3) GDPR):
    Where processing is based on consent, it may be withdrawn at any time without affecting prior lawful processing.

    h. Right to lodge a complaint (Art. 77 GDPR):
    The User may lodge a complaint with a supervisory authority. In Poland, this is the President of the Office for Personal Data Protection (UODO): https://uodo.gov.pl/.

  2. Personal data will only be processed for the necessary period, then deleted or anonymized unless continued processing is legally justified, in which case the User will be informed.

  3. To exercise these rights, the User may submit a request in writing, electronically, or another verifiable form using the contact details provided in this Privacy Policy. The Controller will respond promptly, no later than within the period specified in Art. 12 GDPR.

IV COOKIES

  1. The Website uses cookies and similar technologies (“Cookies”). Cookies are small data files installed on the User’s device (e.g., computer, smartphone, tablet), provided the browser allows. They enable collecting information about user preferences, maintaining login sessions, ensuring security, analyzing visits, personalizing content, or delivering ads tailored to user interests.

  2. Cookies on the Website are categorized as:
    a. Necessary cookies – required for Website access and basic functions, not requiring User consent.
    b. Optional cookies – used only with User consent, including:
    1. Functional – remembering preferences such as username, language, or text size.
    2. Analytical – measuring visits, traffic sources, and user navigation for performance improvements.
    3. Advertising – delivering personalized ads based on interests and online activity.

  3. Using the Website without changing browser settings constitutes consent to essential cookies. Optional cookies require explicit consent (e.g., via a cookie banner). Users can withdraw or adjust consent anytime through browser settings or Website tools.

  4. Data collected via cookies will not be used for marketing without User consent.

  5. Where cookies originate from third parties (e.g., analytics or ad providers), data may be shared with them per their privacy policies. Users will be informed about such parties before consenting.

  6. Users may limit cookies anytime, though disabling some may impact Website functionality.

V DISCLOSURE OF DATA TO THIRD PARTIES

  1. Users’ personal data may be disclosed to third parties to ensure the Website’s functionality and fulfill processing purposes specified in this Privacy Policy.

  2. These may include, in particular:
    a. Cloudflare, Inc. (incl. Cloudflare Germany GmbH) – network and security services. See: Cloudflare Privacy Policy.
    b. Microsoft Corporation (incl. Microsoft Ireland Operations Ltd.) – for Microsoft Clarity analytics. See: Microsoft Clarity Privacy.
    c. Google LLC (incl. Google Ireland Ltd.) – advertising and analytics (Google Ads, Google Analytics).
    d. Meta Platforms, Inc. (incl. Meta Platforms Ireland Ltd.) – advertising and analytics (Facebook Ads, Pixel).
    e. LinkedIn Corporation (incl. LinkedIn Ireland Unlimited Company) – marketing and analytics via LinkedIn tools.
    f. PostHog, Inc. – analytics tools (servers located in Germany). See: Posthog Privacy.
    g. GetResponse S.A. – marketing and analytics services.

  3. Data transfers comply with GDPR, ensuring appropriate technical and organizational safeguards.

  4. Where data is transferred outside the EEA, the Controller applies lawful mechanisms such as Standard Contractual Clauses approved by the European Commission to ensure adequate protection.

VI VALIDITY OF THE PRIVACY POLICY

  1. This Privacy Policy is valid indefinitely from its publication on the Website.

  2. The Controller reserves the right to modify the Privacy Policy at any time to remain compliant with law and adapt to changes in Website functionality or services.

  3. Amendments will be published as annexes or consolidated texts on the Website. Updated versions are effective upon publication unless stated otherwise.

  4. Where significant changes affect the scope of processing or Users’ rights, the Controller will notify Users in advance (e.g., via Website notification or email, if available).

  5. Continued use of the Website after changes constitutes acceptance. Users who do not agree should stop using the Website and may exercise GDPR rights, including the right to request data erasure where legally possible.