Privacy policy
Last updated: 15 June 2026
This policy explains what personal data we collect through this website, for what purpose and on what legal basis, and what rights you have.
Data controller
The controller of your personal data is:
HOLODEC sp. z o.o.
al. J. Piłsudskiego 17/4, 35-074 Rzeszów, Poland
NIP: 5170429905 · REGON: 523363189 · KRS: 0000996406
Data protection contact: hello@holodec.pl
What data we collect, why, and on what basis
Contact form
Scope: name, email address, type of enquiry and — optionally — rough timeline and budget, plus your message. Purpose: to respond to your enquiry and potentially work together. Legal basis: Article 6(1)(f) GDPR (our legitimate interest in responding to enquiries) and Article 6(1)(b) GDPR (steps prior to entering a contract, where the enquiry is aimed at that).
Email correspondence
Scope: the data you provide in your message. Purpose: handling correspondence and your enquiry. Legal basis: Article 6(1)(f) GDPR.
Server logs
Scope: IP address, date and time of the request, browser type, requested resources. Purpose: ensuring the security and proper operation of the site. Legal basis: Article 6(1)(f) GDPR.
Statistics and analytics (Google Analytics)
Scope: data about how you use the site collected via cookies (e.g. an identifier, events, traffic source). Purpose: analysing traffic and improving the site. Legal basis: Article 6(1)(a) GDPR — your consent given in the consent banner. You can withdraw consent at any time.
Cookies
The site uses cookies necessary for it to function and — with your consent — analytics cookies (Google Analytics). Analytics cookies are not set until you give consent in the consent banner powered by CookieYes. You can change or withdraw your consent at any time in the cookie settings. A detailed list of cookies is available in the consent banner.
Data recipients
Your data may be entrusted to trusted processors acting on our behalf:
- Google (Google Cloud / Google Workspace) — website hosting and email.
- Google (Google Analytics) — traffic statistics and analytics.
- CookieYes — running the consent banner and storing consent records.
We do not sell your data.
Transfers outside the European Economic Area (EEA)
Some data may be transferred outside the EEA, subject to appropriate safeguards:
- Hosting and email (Google): data is stored in a European Union region. For any access from the US, the transfer relies on Google's certification under the EU-US Data Privacy Framework and the Standard Contractual Clauses (SCCs).
- Google Analytics: data may be transferred to Google LLC in the US on the same basis (Data Privacy Framework / SCCs).
- CookieYes: consent records are processed under a data processing agreement; for processing under the EU GDPR, the competent supervisory authority of the exporter is the Irish Data Protection Commission (DPC).
Retention period
We keep data no longer than necessary:
- Form enquiries and correspondence — for as long as needed to handle the matter, then until any potential claims become time-barred.
- Server logs — for the period needed to ensure security, after which they are deleted or anonymised.
- Analytics data and consent records — in line with Google Analytics and consent banner settings; cookie consent is renewed at least every 12 months.
Your rights
In connection with this processing, you have the right to:
- access your data,
- rectify your data,
- erase your data,
- restrict processing,
- data portability,
- object to processing based on legitimate interest.
Where data is processed based on consent, you may withdraw it at any time, without affecting the lawfulness of processing before withdrawal.
To exercise your rights, email us at: hello@holodec.pl
Complaint to a supervisory authority
If you believe your data is being processed unlawfully, you have the right to lodge a complaint with the President of the Polish Personal Data Protection Office (UODO), ul. Stanisława Moniuszki 1A, 00-014 Warsaw, Poland.
Users in Australia
If you use our site from Australia: your data may be disclosed to overseas recipients (including in the US and the EU) as described in this policy. We take reasonable steps to ensure those recipients handle the data in line with applicable law. You may lodge a privacy complaint with the Office of the Australian Information Commissioner (OAIC).
Providing your data is voluntary
Providing your data is voluntary but necessary for us to respond to your enquiry. You may leave the optional fields (timeline, budget) blank.
Automated decisions and profiling
We do not make decisions about you based solely on automated processing, and we do not profile you in a way that produces legal effects concerning you.
Security
We apply appropriate technical and organisational measures to protect your data, including encryption of data in transit (TLS) and access controls.
Scope of this policy
This policy concerns the data of people who visit this website and contact us. Data processed within the software we build for our clients is governed by separate agreements — in that context we usually act as a processor on behalf of the client, who is the controller.
Children's data
Our website is not directed at children, and we do not knowingly collect data from anyone under the age of 18.
Changes to this policy
We may update this policy. The current version, together with the date of the last update, is always available on this page.