Privacy Policy

Last updated: February 2026

1. Data Controller

The data controller responsible for your personal data is:

• Business name: InfoSecFlow Mateusz Borowski
• Tax identification number (NIP): 8311620631
• Contact email: [email protected]

2. What Data We Collect

We collect personal data only when you voluntarily provide it to us. This includes:

• Contact information - name, email address, and any details you include when reaching out via email or contact forms.
• Service-related information - project details, technical requirements, and organizational information shared during service engagements.

This website does not use cookies for tracking or analytics purposes. We do not use third-party analytics tools such as Google Analytics. We do not embed third-party tracking pixels or social media widgets.

3. How We Use Your Data

We process personal data for the following purposes:

• Responding to inquiries - when you contact us, we use your information to reply and discuss potential engagements.
• Providing services - personal data shared during service delivery is processed as necessary to fulfill our contractual obligations.
• Legal obligations - we may process data to comply with tax, accounting, and other legal requirements under Polish and EU law.

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process personal data based on:

• Article 6(1)(b) - processing necessary for the performance of a contract or pre-contractual measures taken at your request.
• Article 6(1)(c) - processing necessary to comply with a legal obligation (e.g., tax regulations).
• Article 6(1)(f) - processing necessary for our legitimate interests, such as responding to inquiries and improving our services.

5. Data Sharing

We do not sell, rent, or trade your personal data. We may share data with:

• Service providers - hosting providers and email services that help us operate this website and communicate with you, under appropriate data processing agreements.
• Legal and regulatory authorities - when required by law.

6. Data Retention

We retain personal data for as long as necessary to fulfill the purposes described above. Specifically:

• Contact inquiries are retained for up to 12 months after the last communication, unless a service agreement is entered into.
• Service-related data is retained for the duration of the engagement and for the period required by applicable tax and accounting regulations (typically 5 years after the end of the fiscal year).

7. Your Rights

Under GDPR, you have the right to:

• Access your personal data and obtain a copy.
• Rectify inaccurate or incomplete data.
• Erase your data (right to be forgotten), subject to legal retention obligations.
• Restrict processing in certain circumstances.
• Object to processing based on legitimate interests.
• Data portability - receive your data in a structured, machine-readable format.
• Lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, UODO) if you believe your data is being processed unlawfully.

To exercise any of these rights, contact us at [email protected].

8. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. As a cybersecurity consultancy, we take data protection seriously and apply industry best practices to our own operations.

9. International Transfers

Your data is processed within the European Economic Area (EEA). If any processing requires transfer outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.

11. Contact

If you have questions about this Privacy Policy or your personal data, please contact us at [email protected].