1. Data Controller
The controller of your personal data is:
AIOA
ul. Floriana Ceynowy 4A/1
80-321 Gdańsk, Poland
Phone: +48 58 690 45 00
E-mail: info@aioa.pl
2. Data We Collect
Contact form
When you submit our contact form we collect:
- Name and surname (or company name)
- E-mail address
- Phone number (optional)
- Message content
- Date and time of submission
Automatic data (server logs)
Our hosting provider (OVH, France) automatically records standard server log data: IP address, browser type, operating system, referring URL, pages visited, and timestamp. Logs are retained for up to 30 days for security purposes.
Cookie data
See Section 4 for full details.
3. Purposes & Legal Basis
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Responding to your inquiry via the contact form | Art. 6(1)(b) — pre-contractual measures |
| Compliance with legal obligations | Art. 6(1)(c) — legal obligation |
| Website traffic analysis (anonymous) | Art. 6(1)(a) — consent (cookie banner) |
| Ensuring website security and preventing abuse | Art. 6(1)(f) — legitimate interest |
We do not use your data for automated decision-making or profiling.
4. Cookies
Our website uses the following categories of cookies:
| Type | Name / Provider | Purpose | Duration |
|---|---|---|---|
| Essential | aioa_cookie | Stores your cookie consent choice | 12 months |
| Essential | PHP session | CSRF protection (contact form security) | Session |
| Security | Cloudflare Turnstile | Bot protection on the contact form | Session / 30 min |
We do not currently use analytics or marketing cookies. If this changes, we will update this page and ask for your consent again.
You can manage or delete cookies at any time through your browser settings. Disabling essential cookies may affect the contact form functionality.
5. Data Sharing
We do not sell, rent, or trade your personal data. We may share data only with:
- OVH SAS (hosting provider, EU) — server infrastructure and data storage
- Cloudflare, Inc. — bot protection service (Turnstile); processes only the session data needed to verify form submissions
- Public authorities — only if required by applicable law
All processors are bound by data processing agreements and apply appropriate safeguards.
6. Retention
- Contact form messages are retained for 24 months from the date of submission, then deleted or anonymised.
- Server logs are retained for up to 30 days.
- Cookie consent record is stored in your browser for 12 months.
7. Your Rights
Under GDPR you have the right to:
- Access — obtain a copy of the personal data we hold about you
- Rectification — have inaccurate data corrected
- Erasure — request deletion of your data ("right to be forgotten")
- Restriction — limit processing in certain circumstances
- Portability — receive your data in a structured, machine-readable format
- Object — object to processing based on legitimate interests
- Withdraw consent — at any time, without affecting the lawfulness of prior processing
To exercise any of these rights, contact us at info@aioa.pl. We will respond within 30 days. You also have the right to lodge a complaint with the Polish supervisory authority: Urząd Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl.
8. Security
We implement appropriate technical and organisational measures to protect your data, including:
- HTTPS encryption (TLS) for all data in transit
- CSRF token protection on all forms
- Parameterised SQL queries to prevent injection attacks
- Access limited to authorised personnel only
- Regular security reviews of the application
9. Contact
For any questions about this Privacy Policy or to exercise your rights:
AIOA
E-mail: info@aioa.pl
Phone: +48 58 690 45 00
ul. Floriana Ceynowy 4A/1, 80-321 Gdańsk, Poland