PRIVACY POLICY OF POL.IE SERVICE

(This Privacy Policy defines the rules for processing and protecting personal data of Users of the pol.ie service, operated by Mateusz Twardy, email: info@pol.ie. Using the service means acceptance of the following provisions.)

1. Definitions

Administrator - the natural person operating the pol.ie service, i.e. Mateusz Twardy, email: info@pol.ie.

Service - the website pol.ie, serving to present Polish businesses operating in Ireland, with functionality for adding business entries via email and newsletter subscription.

User - any natural person, legal entity or organizational unit that visits the Service, uses the newsletter subscription form or sends by email data about a business to be included in the Service.

Personal data - any information relating to an identified or identifiable natural person, processed in the Service (in particular: name, surname, email address, postal address, phone number, company name, tax identification numbers if provided).

Newsletter - a periodic bulletin sent by email to persons who have given consent, containing information about new businesses in the database, news and other materials related to the activities of Polish enterprises in Ireland.

Cookies - small text files saved on Users' devices when visiting the Service, used for proper functioning of the Service, traffic analysis and User preferences.

2. Personal Data Administrator

The administrator of your personal data is:

Mateusz Twardy

Email: info@pol.ie

3. Purposes and Legal Bases for Data Processing

Below we describe what data we collect, for what purpose and on what legal basis they are processed.

Newsletter consent

By subscribing to the newsletter, the User consents to receiving commercial information by electronic means. Consent is voluntary and can be withdrawn at any time (unsubscribe link is included in every message or by contacting the Administrator by email).

Adding business entries

To add or modify business data, the User sends an email to info@pol.ie with relevant information (email-based "submission form"). The Administrator verifies the submitted information (whether the business exists, whether data is complete) and decides on publication.

The legal basis for processing business data is Article 6(1)(b) GDPR (service performance) and (f) GDPR (legitimate interest - maintaining an information database). When the submitter provides their contact details, the legal basis for processing personal data is either Article 6(1)(b) (e.g. for verification purposes) or (a) (if the submitter has given separate consent for further processing).

Statistical analysis (Google Analytics) / cookies

The Service may use analytical tools that collect anonymous traffic data. This data is used solely for statistical analysis and service quality improvement, without personal identification.

The full list of cookies used and their purposes can be found in the Cookies Policy (section 10).

4. Data Recipients

Entities processing data on behalf of the Administrator

• Hosting service providers (e.g. server)
• Newsletter delivery tools (e.g. Mailchimp, Sendinblue or other platform)
• Analytical tools providers (e.g. Google)
• Email service providers (e.g. Gmail, Outlook)

Recipients who may receive data by law

Authorized state authorities (e.g. Police, Tax Office, Data Protection Authority) if they submit a valid request for data disclosure.

Publication of business data

Only business-related data (name, address, phone, business email) is made publicly available in the Service. We do not publish sensitive data or private owner contacts without explicit consent.

5. User Rights

Under GDPR, the User has the right to:

• Access data - right to obtain confirmation whether their data is being processed and receive a copy
• Rectification - if data is incomplete or incorrect, the User has the right to correct it
• Erasure ("right to be forgotten") - in cases specified in Article 17 GDPR (e.g. data is no longer necessary, consent withdrawn, unlawful processing)
• Restriction of processing - in cases specified in Article 18 GDPR (e.g. contesting data accuracy)
• Object to processing - if processing is based on legitimate interest (Article 6(1)(f) GDPR)
• Data portability - right to receive structured format data (e.g. CSV) and transfer to another controller
• Withdraw consent - at any time for consent-based processing (e.g. newsletter)
• Lodge a complaint with the Data Protection Authority (ul. Stawki 2, 00-193 Warsaw; www.uodo.gov.pl) if you believe processing violates GDPR

6. Data Retention Periods

Newsletter

Data (email, name) is stored until consent is withdrawn.

Business data

Published business information is stored for the entire operation period of the Service until removal is requested.

Submitter contact details

Stored for maximum 6 months from entry acceptance/rejection, unless separate consent is given for longer retention.

System logs and analytical data

Telemetry data (e.g. IP, browser type, access time) is stored for maximum 3 months, then anonymized or deleted.

Other contact data (e.g. forms)

If User submits inquiry (e.g. via contact form), data is deleted maximum 6 months after correspondence ends, unless User requests earlier deletion.

7. Data Sharing

Newsletter delivery

User email is shared with newsletter delivery provider (currently ConvertKit/Kit).

Data is shared solely for delivery purposes, third parties cannot use it otherwise. The Administrator verifies GDPR compliance (EU-based or adequate safeguards).

IT service providers

The Administrator may commission specific work (server administration, backups, tech support) to third parties. Each processor only processes data under processing agreement per Article 28 GDPR.

State authorities

Data may be shared with authorized bodies (e.g. Police, Tax Office) upon valid legal request.

Business data disclosure

Business data (name, address, phone, email, website) is publicly available upon entry publication. Users voluntarily provide this content when submitting.

8. Data Transfers Outside EEA

The Administrator does not intend to transfer personal data outside the European Economic Area (EEA).

If part of the service (e.g. server, mailing platform) is provided from outside EEA, the Administrator ensures either:

1. Transfer only to countries with adequacy decision by European Commission, or
2. The provider signs standard contractual clauses or implements other adequate safeguards (e.g. Privacy Shield if applicable).

9. Data Security

The Administrator has implemented appropriate technical and organizational measures to protect personal data against:

• unauthorized access,
• loss, destruction or damage,
• leakage,
• unauthorized modification.

For storing mailing and analytical data, we use password-protected servers with firewall and regular software updates.

Sensitive data (e.g. admin panel access) is encrypted.

Only Administrator-authorized persons with confidentiality obligations have data access.

10. Cookies Policy

What are cookies?

Cookies are small text files saved on User devices when visiting the Service, used for:

• maintaining user session (after login),
• remembering preferences (e.g. language, display settings),
• collecting anonymous statistical data (e.g. via Google Analytics),
• displaying personalized ads (if implemented in future).

Types of cookies used

• Session cookies - deleted automatically after closing browser. Used e.g. for maintaining user session.
• Persistent cookies - remain on device for set period (e.g. 30, 90 days) enabling preference memory.
• Analytical cookies - used for anonymous traffic statistics (e.g. visit count, traffic sources). We use Google Analytics or other GDPR-compliant tools.
• Marketing/advertising cookies (if implemented) - used for personalized ads.

Managing cookies

Users can change cookie settings via browser, including complete blocking or selective deletion. Some Service features may then be limited or unavailable.

Example instructions for popular browsers:

• Google Chrome: Settings → Privacy and security → Cookies and site data → See all site data and permissions → Remove or block
• Mozilla Firefox: Options → Privacy & Security → Cookies and Site Data → Manage Data
• Microsoft Edge: Settings → Cookies and site permissions → Cookies and site data → See all cookies and site data
• Safari: Preferences → Privacy → Manage Website Data

Newsletter cookies

Links to external services (e.g. mailing platform) may use their own cookies. Details are in the provider's Privacy and Cookies Policy (e.g. Mailchimp, Sendinblue).

11. Privacy Policy Changes

The Administrator reserves the right to change this Privacy Policy at any time, particularly due to legal updates or Service functionality changes.

Users will be notified of significant changes at least 14 days before new provisions take effect, via email to the newsletter subscription address.

Continued use of the Service after 14 days from change notification means acceptance of the new version.

12. Final Provisions

This Privacy Policy enters into force on 01.06.2025 and remains valid until revoked or replaced.

For matters not regulated herein, the following apply:

1. Regulation (EU) 2016/679 of 27 April 2016 on personal data protection (GDPR),
2. Polish Personal Data Protection Act of 10 May 2018,
3. Polish Electronic Services Act of 18 July 2002.

For questions regarding personal data protection, please contact: info@pol.ie.

Summary of key User rights regarding their data:

• right to access data content,
• right to rectify/incomplete data,
• right to erasure ("right to be forgotten") in specified cases,
• right to restriction of processing,
• right to data portability,
• right to object (e.g. to traffic analysis based on legitimate interest),
• right to withdraw consent (for consent-based processing),
• right to lodge complaint with Data Protection Authority if processing violates law.

Thank you for reviewing our Privacy Policy. For additional questions or concerns, contact us at info@pol.ie.