Introduction 

 This Privacy Policy outlines the principles for processing and protecting the personal data of users (hereinafter referred to as “Users”) using the website movement.com.pl (hereinafter referred to as “Website”). This document complies with the General Data Protection Regulation (EU) 2016/679 (GDPR) and other applicable data protection laws. 

Data Controller 

 The data controller is ADAM SIDORUK “MOVEMENT”, based at 62-002 Suchy Las / near Poznań, Ogrodnicza 43, registered in the CEIDG Register, NIP: 9720897767, REGON: 300980874 (hereinafter referred to as “Administrator”). 

Contact email: movement@movement.com.pl. 

Legal Basis for Data Processing 

We process personal data based on: 

• Article 6(1)(a) GDPR – User consent (e.g., subscription to the newsletter, cookie acceptance), 

• Article 6(1)(b) GDPR – Contract performance or service provision, 

• Article 6(1)(c) GDPR – Compliance with legal obligations (e.g., accounting documentation retention), 

• Article 6(1)(f) GDPR – Legitimate interest of the Administrator (e.g., analytics, marketing, fraud prevention). 

Purposes of Data Processing 

Users’ personal data is collected for the following purposes:  

• Handling inquiries via contact forms and project briefs, 

• Fulfilling ordered services, 

• Presenting offers and marketing information, 

• Conducting analytical and statistical activities, 

• Preventing fraud and abuse. 

Scope of Collected Data 

Collected data may include: 

• Name and surname, 

• Email address, 

• Phone number, 

• Company name, 

• Company address, 

• Company website, 

• Industry, 

• Project budget, 

• Scope of services, 

• Style and execution preferences, 

• Project deadline, 

• IP address, 

• Data from cookies, 

• Information about activity on the Website (Google Analytics, Google Search Console), 

• Purchase preferences and service usage data. 

Cookies and Similar Technologies 

The Website uses cookies for: 

• Maintaining the User session, 

• Analyzing Website traffic (Google Analytics), 

• Direct marketing (with anonymized data), 

• Personalizing content based on User preferences. 

Users can manage cookies through their browser settings. Disabling certain cookies may affect the Website’s functionality. 

 Data Security 

The Administrator applies appropriate technical and organizational measures to protect personal data, including: 

• SSL certificate for securing data transmission, 

• Regular password changes and data encryption, 

• Data backups, 

• Server protection (firewall, monitoring systems, two-step authentication). 

Automated Decision-Making and Profiling 

Data may be used for automated decision-making in marketing purposes, such as personalized advertising and user behavior analysis. Users have the right to object to such processing. 

Data Retention Period  

• Data related to service fulfillment: up to 5 years (accounting requirements), 

• Marketing data: up to 3 years or until consent is withdrawn, 

• Cookies: according to browser settings or up to 2 years, 

• Data related to security and fraud prevention: up to 6 years. 

Data Transfers Outside the EU 

We use tools such as Google (Analytics, Search Console) and Facebook Ads, which may involve transferring data outside the European Economic Area. We apply EU Standard Contractual Clauses (SCC) and additional safeguards to protect personal data. 

User Rights 

Every User has the right to:  

• Access their data, 

• Rectify or update their data, 
• Erase data (“right to be forgotten”), 

Changes to the Privacy Policy 

The Administrator reserves the right to modify the Privacy Policy. Each update will be published on the Website.