Privacy Policy
Last updated: 4 May 2026
1. Data controller
The controller of your personal data is Krzysztof Tarnas, doing business as Zetflo, based in Lublin, Poland (the “Controller”).
Contact: [email protected], phone +48 607 419 504.
2. Data we collect
We only collect data you provide voluntarily:
- Contact form: name, email address, company name (optional), message content.
- Technical data: IP address, browser type, operating system, screen resolution — collected automatically by Google Analytics (only after consent to analytics cookies).
- Email and phone correspondence: data shared during business conversations.
We do not collect sensitive data (e.g. health data, political views, sexual orientation).
3. Purposes and legal basis (GDPR)
| Purpose | Legal basis |
|---|---|
| Replying to a contact form request | Art. 6(1)(b) GDPR (pre-contractual steps) |
| Service delivery (audit, deployment, training) | Art. 6(1)(b) GDPR (contract performance) |
| Direct marketing of own services | Art. 6(1)(f) GDPR (legitimate interest) |
| Site analytics (Google Analytics) | Art. 6(1)(a) GDPR (consent — cookie banner) |
| Tax and accounting obligations | Art. 6(1)(c) GDPR (legal obligation) |
| Pursuing or defending legal claims | Art. 6(1)(f) GDPR (legitimate interest) |
4. Retention periods
- Contact form data: up to 12 months after the last contact, unless a contract is signed.
- Client data (contracts): for the duration of the contract + 5 years (statute of limitations for civil claims).
- Tax/accounting data: 5 years from the end of the tax year in which the invoice was issued.
- Analytics data (GA): per Google Analytics policy (max 26 months).
5. Your rights (GDPR)
As a data subject, you have the right to:
- Access your data (Art. 15 GDPR)
- Rectification of incorrect data (Art. 16 GDPR)
- Erasure of data (“right to be forgotten”, Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Object to processing based on legitimate interest (Art. 21 GDPR)
- Withdraw consent at any time (Art. 7(3) GDPR) — without affecting the lawfulness of processing before withdrawal
To exercise these rights, email [email protected]. We respond within 30 days.
You also have the right to lodge a complaint with the supervisory authority: the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland, uodo.gov.pl.
6. Recipients of data
Your data may be shared only with:
- Hosting providers (Cloudflare, Vercel — servers in EU/USA)
- Google LLC (Google Analytics) — under Standard Contractual Clauses (SCC) per Art. 46(2)(c) GDPR
- Accounting service (for invoices and settlements)
We do not sell or share data with third parties for marketing purposes.
7. Transfers outside the EEA
When using Google Analytics, data may be transferred to the USA. The transfer is based on Standard Contractual Clauses (SCC) approved by the European Commission, plus additional technical safeguards (encryption, IP pseudonymization).
8. Cookies
The site uses the following types of cookies:
- Essential: remembering cookie consent (cookie-consent). No consent required.
- Analytics: Google Analytics — installed only after consent in the cookie banner. Used for anonymized site traffic analysis.
You can manage cookies in your browser settings or withdraw consent by deleting cookies in your browser.
9. Data security
We apply appropriate technical and organizational measures to protect personal data, including:
- Encrypted transport (SSL/TLS)
- Regular software updates
- Restricted data access (need-to-know principle)
- Backups
10. Changes to this policy
We reserve the right to update this policy. We will announce significant changes on the site. The current version is always available at zetflo.com/privacy-policy.