Legal

Privacy Policy

Last updated: June 10, 2026 Wersja polska
This Privacy Policy explains how AIOA collects, uses, and protects your personal data when you visit aioa.pl or use our contact form. We comply with the EU General Data Protection Regulation (GDPR / RODO).

1. Data Controller

The controller of your personal data is:

AIOA
ul. Floriana Ceynowy 4A/1
80-321 Gdańsk, Poland
Phone: +48 58 690 45 00
E-mail: info@aioa.pl

2. Data We Collect

Contact form

When you submit our contact form we collect:

  • Name and surname (or company name)
  • E-mail address
  • Phone number (optional)
  • Message content
  • Date and time of submission

Automatic data (server logs)

Our hosting provider (OVH, France) automatically records standard server log data: IP address, browser type, operating system, referring URL, pages visited, and timestamp. Logs are retained for up to 30 days for security purposes.

Cookie data

See Section 4 for full details.

3. Purposes & Legal Basis

PurposeLegal basis (GDPR Art. 6)
Responding to your inquiry via the contact formArt. 6(1)(b) — pre-contractual measures
Compliance with legal obligationsArt. 6(1)(c) — legal obligation
Website traffic analysis (anonymous)Art. 6(1)(a) — consent (cookie banner)
Ensuring website security and preventing abuseArt. 6(1)(f) — legitimate interest

We do not use your data for automated decision-making or profiling.

4. Cookies

Our website uses the following categories of cookies:

TypeName / ProviderPurposeDuration
Essentialaioa_cookieStores your cookie consent choice12 months
EssentialPHP sessionCSRF protection (contact form security)Session
SecurityCloudflare TurnstileBot protection on the contact formSession / 30 min

We do not currently use analytics or marketing cookies. If this changes, we will update this page and ask for your consent again.

You can manage or delete cookies at any time through your browser settings. Disabling essential cookies may affect the contact form functionality.

5. Data Sharing

We do not sell, rent, or trade your personal data. We may share data only with:

  • OVH SAS (hosting provider, EU) — server infrastructure and data storage
  • Cloudflare, Inc. — bot protection service (Turnstile); processes only the session data needed to verify form submissions
  • Public authorities — only if required by applicable law

All processors are bound by data processing agreements and apply appropriate safeguards.

6. Retention

  • Contact form messages are retained for 24 months from the date of submission, then deleted or anonymised.
  • Server logs are retained for up to 30 days.
  • Cookie consent record is stored in your browser for 12 months.

7. Your Rights

Under GDPR you have the right to:

  • Access — obtain a copy of the personal data we hold about you
  • Rectification — have inaccurate data corrected
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — limit processing in certain circumstances
  • Portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interests
  • Withdraw consent — at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at info@aioa.pl. We will respond within 30 days. You also have the right to lodge a complaint with the Polish supervisory authority: Urząd Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl.

8. Security

We implement appropriate technical and organisational measures to protect your data, including:

  • HTTPS encryption (TLS) for all data in transit
  • CSRF token protection on all forms
  • Parameterised SQL queries to prevent injection attacks
  • Access limited to authorised personnel only
  • Regular security reviews of the application

9. Contact

For any questions about this Privacy Policy or to exercise your rights:

AIOA
E-mail: info@aioa.pl
Phone: +48 58 690 45 00
ul. Floriana Ceynowy 4A/1, 80-321 Gdańsk, Poland