This Privacy Policy describes how Yihubu (operating at yihubu.info, address: Al. Marsz. Józefa Piłsudskiego 7, Łódź, Poland, contact: [email protected]) processes personal data in connection with your use of this website. We are committed to protecting your privacy and handling your data transparently and in accordance with applicable law.
This policy is written to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and the Polish Act of 10 May 2018 on the Protection of Personal Data (Ustawa o ochronie danych osobowych), which implements GDPR in Poland.
1. Who is the data controller
The data controller for personal data processed through this website is Yihubu, Al. Marsz. Józefa Piłsudskiego 7, Łódź, Poland. You may contact us at [email protected] or by post at the address above with any data protection queries.
2. What personal data we collect and why
We collect personal data only when you actively provide it to us. This website does not require registration or account creation. The situations in which we may receive personal data are:
Contact enquiries. When you use the contact form or send an email to [email protected], we receive your name, email address, any phone number you provide, and the content of your message. This data is used solely to respond to your enquiry. The legal basis for this processing is Article 6(1)(b) GDPR (processing necessary for the performance of a contract or to take steps at the request of the data subject prior to entering into a contract) and/or Article 6(1)(f) GDPR (legitimate interests — specifically, our legitimate interest in responding to communications addressed to us).
Cookies and technical data. When you browse this website, certain technical data is processed automatically, including your IP address, browser type, operating system, referring URL, and pages visited. This is described in detail in our Cookie Policy. The legal basis for necessary cookies is Article 6(1)(f) GDPR (legitimate interests in operating a functional website). For non-essential cookies, the legal basis is Article 6(1)(a) GDPR (your consent).
3. How long we keep your data
Contact enquiry data is retained for as long as necessary to address your enquiry and for a reasonable period thereafter in case of follow-up. We do not retain contact data for longer than 12 months from the date of last correspondence unless there is a specific reason to do so (for example, an ongoing legal matter).
Technical and cookie data is retained in accordance with the periods set out in our Cookie Policy. Server log data is typically retained for no more than 90 days.
4. Who we share your data with
We do not sell, rent, or trade personal data. We may share data with:
Hosting and infrastructure providers who process data on our behalf under appropriate data processing agreements. These providers are located within the European Economic Area or in countries with an adequacy decision from the European Commission.
Email service providers used to receive and manage email correspondence. These providers act as data processors under our instruction.
We do not share data with third parties for marketing purposes. We do not engage in profiling or automated decision-making that produces legal or similarly significant effects.
5. International transfers
Where personal data is transferred outside the European Economic Area, we ensure that appropriate safeguards are in place in accordance with Chapter V of GDPR. This may include reliance on adequacy decisions, Standard Contractual Clauses approved by the European Commission, or other lawful transfer mechanisms.
6. Your rights
Under GDPR, you have the following rights in relation to your personal data:
Right of access — you may request a copy of the personal data we hold about you (Article 15 GDPR).
Right to rectification — you may ask us to correct inaccurate data (Article 16 GDPR).
Right to erasure — in certain circumstances, you may request that we delete your data (Article 17 GDPR).
Right to restriction — you may ask us to restrict processing in certain circumstances (Article 18 GDPR).
Right to data portability — where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format (Article 20 GDPR).
Right to object — you may object to processing based on legitimate interests (Article 21 GDPR).
Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, contact us at [email protected]. We will respond within one month as required by Article 12 GDPR. You also have the right to lodge a complaint with the Polish supervisory authority: Urząd Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warsaw, www.uodo.gov.pl.
7. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. These measures are reviewed and updated as necessary. No method of electronic transmission or storage is completely secure; we cannot guarantee absolute security but we take our obligations seriously.
8. Children's data
This website is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently received data from a child, please contact us and we will delete it promptly.
9. Changes to this policy
We may update this Privacy Policy from time to time. The date at the top of this page reflects the most recent revision. Continued use of the website after changes are posted constitutes acceptance of the revised policy. For significant changes, we will provide more prominent notice.