Privacy Policy

Version 3.0 | 01.06.2025

Introduction

During collaboration with ENGELdevelopment, personal data may be collected, processed, and stored. This is based on various legal bases and involves different points of contact with the business operation - from casually browsing the website to contacting us and entering into contracts.

Below, you can find detailed information about the processing of personal data, which is carried out in accordance with the applicable version of the General Data Protection Regulation (GDPR). After defining relevant terms, you will find general information. Subsequently, the various points of contact with our company are described, along with aspects of data protection.

If you have any questions or complaints, please contact the data protection officer of the company via our contact form.

Definitions

General Terms

  • Personal Data: Information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. [Art. 4 No. 1 GDPR]

The information relating to a person can be of various kinds. They are defined below and explained at the relevant point in this privacy policy.

  • Data Subject: Natural person whose personal data is processed. A person can be directly (e.g., contacting or entering into contracts with a natural person) or indirectly (employees of the contracting party) affected.
  • Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. [Art. 4 No. 2 GDPR]
  • Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. [Art. 4 No. 4 GDPR]
  • Data Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller. [Art. 4 No. 8 GDPR]
  • Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. [Art. 4 No. 7 GDPR]
  • Consent: Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. [Art. 4 No. 11 GDPR]

Types of Processed Data

  • Inventory Data: Basic master data, e.g., name, address
  • Contact Data: Master data for contacting, e.g., email address, phone number
  • Content Data: Data concerning the content of communication, e.g., content of an email message, text inputs in the submitted contact form
  • Metadata: In particular, data about the use of the website, e.g., device information, IP address, access time
  • Contract and Order Data: Data concerning a contract and the service to be provided, e.g., contracting parties, duration, order
  • Payment and Billing Data: Data concerning payment processing, e.g., bank details, payment history

General Data Protection Information

Purpose of Data Processing

Data is only processed if it is absolutely necessary for a specific business activity based on the principle of necessity. The necessary purpose is explained at the appropriate point in the privacy policy.

The legality of processing necessary data arises from one of the following conditions:

  • Performance of a Contract: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. [Art. 6 (1) (b) GDPR]
  • Legitimate Interest: Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. [Art. 6 (1) (f) GDPR]
  • Consent: The data subject has given consent to the processing of his or her personal data for one or more specific purposes. [Art. 6 (1) (a) GDPR]

In summary, your data is processed for the establishment, execution, and administration of our contracts with you. This also includes pre-contractual measures. In doing so, we generally receive your data directly from you. If there is neither a contract nor a legitimate interest, then we only process your data explicitly with your consent.

In addition, personal data obtained from publicly accessible sources and therefore lawfully obtainable (e.g., commercial register extract) are processed.

Data Storage

As part of an active contractual relationship pursuant to Art. 6 (1) (b) GDPR, your inventory, contact, content, payment, billing, contract, and order data will be stored for as long as necessary for the performance of the contract. This serves the proper provision of the ordered service (performance of the contract). The storage period is determined by the duration of our business relationship.

After termination of the contract, your inventory, contact, and content data will be stored for an additional 2 years. This is to ensure that we can maintain contact with you after the end of the contract if either party has questions or claims regarding the service provided.

Your payment, billing, contract, and order data will be stored for 10 years to comply with our commercial and tax retention and documentation obligations.

Finally, data storage after the end of the business relationship (and contrary to retention obligations) may occur with your consent.

When processing personal data for the purpose of direct marketing based on Art. 6 (1) (f) GDPR, this data will be stored until you exercise your right to object under Art. 21 (2) GDPR.

Appropriate technical and organizational measures have been established for lawful processing and, in particular, for the storage of the data generated. These correspond to the state of the art and are regularly evaluated.

If data is transmitted over the internet, it is done via transport encrypted means. Data stored on cloud servers is encrypted. The storage of your data, especially to comply with the documentation obligations listed above, is done exclusively offline.

Unless otherwise indicated by the other information in this declaration regarding specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

Contract Data Processing

To maintain our business operations and fulfill our contracts, data may also be processed on our behalf by data processors. This is done within the framework of a legal permission (e.g., if data transmission to third parties, such as payment service providers, is required for contract fulfillment pursuant to Art. 6 (1) (b) GDPR), you have consented, a legal obligation provides for this, or based on our legitimate interests (e.g., when using agents, web hosts, etc.).

If we commission third parties with the processing of data on the basis of a data processing agreement, this is done on the basis of Art. 28 GDPR.

A detailed list of our data processors and their purpose of data processing can be found in the section Privacy and Processing in Business Operations.

Data in Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs as part of the use of third-party services or disclosure or transmission of data to third parties, this will only be done if it is necessary to fulfill our (pre-)contractual obligations, based on your consent, on a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that processing is carried out on the basis of special guarantees, such as the officially recognized determination of a level of data protection equivalent to that of the EU (e.g., for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

Scoring and Automated Processing

We generally do not use fully automated decision-making processes in accordance with Art. 22 GDPR to establish and conduct our business relationship. If these procedures are used in individual cases, we will inform you separately if required by law.

Furthermore, scoring with the aim of evaluating certain personal aspects (profiling) is not used in our business operations.

Your Rights

As a data subject in our business relationship, you have a number of rights regarding the processing of your data. At this point, we would like to inform you about your rights in accordance with Art. 13 (2) (b) GDPR.

  • Right to information [Art. 15 GDPR]
  • Right to rectification or erasure [Art. 16 and Art. 17 GDPR]
  • Right to restriction of processing [Art. 18 GDPR]
  • Right to object to processing [Art. 21 GDPR]
  • Right to withdraw consent [Art. 7 (3) GDPR]
  • Right to data portability [Art. 20 GDPR]
  • Right to lodge a complaint [Art. 77 GDPR]

To exercise the rights listed, you can contact us via our contact form:

Controller and Contact of Data Protection Officer

Responsible for data processing is:

ENGELdevelopment Oliver Engel
Kalwaryjska 69/9
30-504 Kraków
Poland

The business owner is also the data protection officer. You can contact us regarding data protection via our contact form or directly at [email protected].

Privacy and Processing in Business Operations

General Business Operations

Communication

For communication with you, we primarily use email provided by Microsoft. The underlying privacy policy can be found on the provider's website.

Contact and content data are processed as part of contract fulfillment in accordance with Art. 6 (1) (b) GDPR and stored in accordance with retention periods.

Payment Transactions

For invoicing and payment, we work with the provider inFakt Sp. z o.o. The underlying privacy policy can be found on the provider's website.

Payment and invoice data are processed as part of contract fulfillment in accordance with Art. 6 (1) (b) GDPR and stored in accordance with retention periods.

Website Usage

When using the website for informational purposes only, i.e., if you do not register or otherwise provide us with information, only the following data that your browser transmits to the web host's server ("server log files") is collected because it is technically necessary to display the website to you:

  • Date and time of access
  • Amount of data sent in bytes
  • Source/referral from which you accessed the page
  • Browser used
  • Operating system used
  • IP address used

Processing is carried out in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in improving the stability and functionality of our website. No transfer or other use of the data takes place. However, we reserve the right to check the server log files subsequently if there are specific indications of unlawful use.

The website is hosted by DigitalOcean, LLC on a server location in Europe, and you can view the underlying data processing agreement on the provider's website.

Cookies

To ensure the functionality of our website, we use cookies, which are small text files that are stored on your device. Some of these cookies are automatically deleted when you close your browser ("session cookies"), while others remain on your device for longer and enable the storage of page settings ("persistent cookies"). In the latter case, you can find the storage period in the cookie settings of your web browser.

You can configure your browser to inform you about the setting of cookies and decide on a case-by-case basis whether to accept them or to exclude the acceptance of cookies for certain cases or in general.

Contact Form

The website offers you a contact form to get in touch with us. The contact and content data transmitted are processed as part of pre-contractual measures in accordance with Art. 6 (1) (b) GDPR or our legitimate interest in responding to your inquiry. The data will be deleted when it can be inferred from the circumstances that the matter concerned has been finally clarified and provided that no legal retention obligations oppose this.