[email protected]

Privacy Policy

Last Updated: 22 June 2026

Data Controller

The controller of your personal data is Cimivi Heviko, operating from Księcia Świętopełka 5/6 8A, Szczecin, Poland. You can contact us at [email protected] or by telephone at +48 731 350 244 with any data-related enquiry.

Legal Framework

This policy is prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation, hereinafter GDPR), as well as the Polish Act of 10 May 2018 on the Protection of Personal Data (Ustawa z dnia 10 maja 2018 r. o ochronie danych osobowych, Dz.U. 2018 poz. 1000) and the Polish Telecommunications Act (Prawo telekomunikacyjne) as applicable to electronic communications.

Data We Collect

We collect personal data only when it is voluntarily provided by you or automatically generated through your interaction with our website.

  • Contact data: Name and email address submitted through our contact form.
  • Message content: The subject and body of messages you send us.
  • Technical data: IP address, browser type, referring URL, and pages visited, collected automatically by server logs and, where consented to, analytics tools.
  • Cookie data: Preferences stored via cookies, described separately in our Cookie Policy.

We do not collect sensitive categories of personal data as defined in Article 9 of the GDPR.

Purposes and Legal Bases for Processing

  • Responding to enquiries (Article 6(1)(f) GDPR - legitimate interest in communicating with persons who contact us, or Article 6(1)(b) where the contact relates to a potential contractual relationship).
  • Website operation and security (Article 6(1)(f) GDPR - legitimate interest in maintaining a functional and secure website).
  • Analytics and improvement (Article 6(1)(a) GDPR - consent, obtained through the cookie consent mechanism).
  • Compliance with legal obligations (Article 6(1)(c) GDPR), where applicable under Polish law.

Retention Periods

Contact form data is retained for as long as necessary to address your enquiry and for a reasonable period thereafter in case of follow-up, not exceeding 24 months from the last communication. Technical log data is retained for up to 12 months. Data processed on the basis of consent is retained until consent is withdrawn.

Data Sharing

We do not sell personal data. We may share data with the following categories of recipients only where necessary:

  • Hosting and infrastructure providers operating our website servers, bound by data processing agreements.
  • Analytics service providers where you have given consent for analytics cookies.
  • Public authorities where required by applicable Polish or EU law.

Where data is transferred outside the European Economic Area, we ensure appropriate safeguards in accordance with Chapter V of the GDPR, including standard contractual clauses where applicable.

Your Rights Under GDPR

As a data subject, you hold the following rights, exercisable by contacting us at the address above:

  • Right of access (Article 15 GDPR): Obtain confirmation of whether we process your data and receive a copy.
  • Right to rectification (Article 16 GDPR): Request correction of inaccurate data.
  • Right to erasure (Article 17 GDPR): Request deletion of your data where processing is no longer necessary or lawful.
  • Right to restriction (Article 18 GDPR): Request that we limit processing in certain circumstances.
  • Right to data portability (Article 20 GDPR): Receive data you provided in a structured, machine-readable format.
  • Right to object (Article 21 GDPR): Object to processing based on legitimate interests.
  • Right to withdraw consent (Article 7(3) GDPR): Withdraw any consent given at any time without affecting prior lawful processing.

You also have the right to lodge a complaint with the Polish supervisory authority: Prezes Urzędu Ochrony Danych Osobowych (PUODO), ul. Stawki 2, 00-193 Warsaw, Poland, www.uodo.gov.pl.

Cookies

Our use of cookies is described in detail in the Cookie Policy. You can manage your cookie preferences at any time through the cookie consent panel accessible on the website.

Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure, in accordance with Article 32 of the GDPR. These include access controls, encryption in transit (HTTPS), and regular review of security practices.

Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page reflects the most recent revision. Continued use of the website after changes are published constitutes acknowledgment of the updated policy.