Privacy Policy

Last updated: March 11, 2026

1. Data Controller

The controller of your personal data is Grupa Damian ZiÄ™ba, with its registered office at ul. Sandomierska 4A, 37-300 Leżajsk, Poland, Tax ID (NIP): 7941720919 (hereinafter: “Controller” or “we”).

Contact the Controller: contact@cookiesem.com

2. What data we collect

We collect the following categories of data:

  • Registration data: first name, last name, email address, company name, Tax ID
  • Billing data: data necessary for invoicing and payment processing (processed by payment providers, including Stripe)
  • Technical data: IP address, browser type, operating system, device information
  • Form data: message content, complaints, and inquiries
  • Service usage data: activity logs in the panel, usage statistics

3. Purposes of processing

We process your data for the following purposes:

  • Providing services and performing the contract (Art. 6(1)(b) GDPR)
  • Fulfilling legal obligations, including tax and accounting requirements (Art. 6(1)(c) GDPR)
  • Pursuing the Controller's legitimate interests, including security, claims enforcement, and analytics (Art. 6(1)(f) GDPR)
  • Direct marketing – based on consent (Art. 6(1)(a) GDPR)

4. Data recipients

Your data may be shared with:

  • Entities processing data on our behalf (hosting, payment processing, email delivery)
  • Government authorities, if required by law

We use the following data processors:

  • Stripe – card payment processing (Stripe, Inc., USA – Standard Contractual Clauses)
  • OVH / nazwa.pl – server hosting (EU)

5. Data retention period

We retain data for the following periods:

  • Account data – until account deletion + 90 days in backup
  • Billing data – 5 years from the end of the tax year (legal obligation)
  • Marketing data – until consent is withdrawn
  • Website user consent records – in accordance with GDPR requirements, a minimum of 3 years as proof of consent

6. Your rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15) – you can obtain information about the processing of your data and a copy of the data
  • Right to rectification (Art. 16) – you can correct inaccurate or incomplete data
  • Right to erasure (Art. 17) – you can request deletion of data (“right to be forgotten”)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21) – you can object to the processing of data
  • Right to withdraw consent – at any time, without affecting the lawfulness of processing prior to withdrawal
  • Right to lodge a complaint – with the President of the Personal Data Protection Office (UODO)

To exercise your rights, contact us at: contact@cookiesem.com

7. Security

We apply appropriate technical and organizational measures to ensure data security:

  • SSL/TLS encryption for all connections
  • Role-based access control (RBAC)
  • Regular encrypted backups
  • Security monitoring and threat detection
  • Anonymization of personal data in consent records after the retention period

8. Cookies

Information about cookies used by our Service can be found in a separate document: Cookie Policy.

9. Data processing within the CMP service

As part of providing the CMP service, we process data of website visitors of our clients (Service Users) as a Data Processor. This data includes:

  • Anonymized consent identifiers
  • Hashed IP addresses
  • Cookie category choices
  • Consent timestamps

Detailed processing terms are set out in the Data Processing Agreement (DPA), available upon request.

10. Changes to this policy

We reserve the right to amend this Privacy Policy. We will notify you of significant changes via email and/or a notice on the Service at least 14 days in advance.

11. Contact

For matters related to personal data protection, contact us: