Privacy Policy

This Privacy Policy describes how personal data is processed in connection with the use of squidrise.com.

§1 General Provisions

1. This Privacy Policy sets out the rules for processing personal data by Grajfka Jakub Antonowicz, NIP: 5223192950, with its registered office in Pierwoszyno, ul. Perłowa 4a/2, 81-198 Pierwoszyno (hereinafter: the "Provider"), in connection with the operation of the website squidrise.com (hereinafter: the "Service").

2. The purpose of this Privacy Policy is to ensure the protection of users' personal data in accordance with applicable law, including the GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data.

3. This Privacy Policy explains what data is collected, for what purposes, on what legal basis it is processed, and what rights users of the Service have in relation to their personal data.

4. The Controller implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or other risks.

§2 Definitions

1. Personal Data – any information relating to an identified or identifiable natural person (data subject).

2. Processing – any operation or set of operations performed on personal data, such as collection, storage, organization, modification, review, use, disclosure, or deletion.

3. Data Controller – the entity responsible for processing personal data of Service users, namely Grajfka Jakub Antonowicz.

4. Processors – external entities or individuals to whom the Controller entrusts the processing of personal data for specific purposes, such as website hosting, order fulfillment, analytics, or marketing.

§3 Scope of Processed Data

1. When using the Service, the Controller may process the following categories of personal data:

  • Identification data – first name, last name, tax identification number (in the case of business clients).
  • Contact data – e-mail address, phone number, correspondence address.
  • Transactional data – information about orders, such as selected services, order dates, prices, and deadlines.
  • Technical data – IP address, browser type, operating system, cookies.
  • Communication data – inquiries, complaints, and other information provided during communication with the Provider.

§4 Purposes and Legal Bases for Data Processing

1. Personal data is processed for the following purposes:

  • Performance of a contract – processing necessary to conclude and perform a contract, including order handling, invoicing, and communication regarding services (Art. 6(1)(b) GDPR).
  • Direct marketing – sending newsletters, promotional offers, and information about services based on user consent (Art. 6(1)(a) GDPR).
  • Legal obligations – storing accounting and tax documentation as required by law (Art. 6(1)(c) GDPR).
  • Legitimate interests – protection against claims, Service development, analytics, optimization, and security (Art. 6(1)(f) GDPR).

§5 Data Retention Period

1. Personal data is stored for the following periods:

  • Order-related data – for the duration of the contract and as required by tax and accounting laws (at least 5 years).
  • Communication data – until the matter is resolved.
  • Marketing data – until consent is withdrawn.
  • Technical and analytical data – for up to 24 months from collection.

§6 Sharing of Personal Data

1. Personal data may be shared with external entities supporting the Controller, including:

  • Hosting providers – for data storage.
  • Analytics and marketing tool providers – to monitor website traffic.
  • Accounting services – to fulfill legal obligations.
  • Courier companies – in case of services involving physical delivery.

§7 Transfer of Data Outside the EEA

1. Personal data may be transferred to entities outside the European Economic Area (EEA), such as the United States, when using tools like Google or Meta.

2. Such transfers are secured in accordance with applicable law, including through the use of standard contractual clauses approved by the European Commission.

§8 User Rights

1. Users have the following rights regarding their personal data:

  • Right of access – to obtain information about processed data and purposes.
  • Right to rectification – to correct inaccurate or outdated data.
  • Right to erasure – to request deletion of data in certain cases.
  • Right to restriction – to limit processing under specific conditions.
  • Right to data portability – to receive data in electronic format or transfer it to another controller.
  • Right to withdraw consent – at any time if processing is based on consent.

2. To exercise your rights, contact the Controller at: office@squidrise.com.

§9 Data Protection

1. The Controller applies appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or modification.

2. These measures include, in particular, data encryption, firewalls, regular software updates, and access control mechanisms.

§10 Changes to the Privacy Policy

1. The Controller reserves the right to amend this Privacy Policy due to Service development, technological progress, legal changes, or expansion of services.

2. In case of significant changes, users will be informed via email or through a notice on the Service.

3. This Privacy Policy is effective as of April 15, 2026.

Scroll to Top