27web studio web development
PL EN

Privacy Policy

1. General information

This Privacy Policy explains how personal data is processed and how cookies and similar technologies are used in connection with the use of the 27web website available at https://27web.pl.

The data controller is:

27web Bartosz Szygulski
ul. Gustawa Sommera 21/5
87-500 Rypin
VAT number: 8921463779
Email: info@27web.pl

The controller exercises due care to ensure that personal data is processed in accordance with applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

2. Scope and purposes of processing

Personal data is processed only to the extent necessary to achieve specific purposes.

Data may in particular be processed for the following purposes:

  • handling correspondence sent via the contact form,
  • replying to enquiries,
  • conducting communication related to the controller’s offer, collaboration, or services,
  • ensuring the proper operation of the website,
  • analyzing website traffic and usage statistics,
  • fulfilling legal obligations incumbent on the controller,
  • establishing, pursuing, or defending legal claims.

3. Contact form

When using the contact form, the user provides data voluntarily, in particular:

  • name,
  • email address,
  • message content.

Providing this data is voluntary but necessary to send the message and receive a response.

Data submitted through the contact form is used solely to handle the enquiry and conduct correspondence. Messages sent through the form are delivered only to the controller’s email inbox and are not stored in the website system or forwarded to an external CRM.

4. Legal bases for processing

Personal data is processed on the basis of:

  • Article 6(1)(a) GDPR — consent, where consent is required,
  • Article 6(1)(b) GDPR — where processing is necessary to take steps prior to entering into a contract or to perform a contract,
  • Article 6(1)(c) GDPR — where processing is necessary to comply with a legal obligation,
  • Article 6(1)(f) GDPR — the controller’s legitimate interest, including handling correspondence, securing the website, analyzing statistics, and protecting against claims.

5. Data recipients

Personal data may be shared with entities cooperating with the controller only to the extent necessary to achieve the purposes of processing, in particular:

  • the hosting provider LH.pl,
  • providers of analytics and technical services,
  • entities providing website security and performance infrastructure,
  • providers involved in the operation of Google tools,
  • legal or accounting service providers, where necessary.

The controller does not sell users’ personal data.

6. Transfers outside the European Economic Area

Due to the use of certain technology providers, in particular Google and Cloudflare, data may be transferred outside the European Economic Area.

In such cases, the controller relies only on mechanisms compliant with applicable law, including standard contractual clauses or other lawful transfer mechanisms under the GDPR.

7. Data retention period

Personal data is retained for the period necessary to achieve the purpose for which it was collected, and then for the period required by law or necessary to secure potential legal claims.

In practice, this means that:

  • correspondence data is retained for as long as needed to handle the matter and continue communication,
  • data processed on the basis of consent is retained until consent is withdrawn,
  • data related to legal obligations is retained for the period resulting from applicable law.

8. Rights of the data subject

Every person whose data is processed has the right to:

  • access their data,
  • rectify their data,
  • erase their data,
  • restrict processing,
  • object to processing,
  • data portability,
  • withdraw consent at any time where consent is the basis for processing,
  • lodge a complaint with the President of the Personal Data Protection Office.

For matters related to personal data processing, contact: info@27web.pl.

9. Cookies and similar technologies

The website uses cookies and similar technologies in order to:

  • ensure proper website operation,
  • remember user preferences,
  • analyze website traffic,
  • manage user consent.

On the first visit, the user receives information about the use of cookies and can manage their preferences. The website uses its own consent management mechanism that respects the user’s choice and is prepared for Consent Mode v2.

Consent can be changed or withdrawn at any time. Detailed information about the cookies used is available on the Cookies page.

10. Google Analytics

The website uses Google Analytics 4, an analytics service provided by Google.

Google Analytics helps analyze how the website is used, including page views, time spent on the site, device type, and visit source.

The tool operates with respect for user consent and with mechanisms that limit the scope of processed data, including IP anonymization.

Analytics data is processed only after obtaining the required consent, where such consent is necessary.

11. Google Search Console

The controller uses Google Search Console to monitor visibility in Google search results, diagnose technical issues, and improve the quality of the website.

This tool is not used for the direct identification of website visitors, but it may involve the processing of technical and statistical data related to website performance.

12. Rank Math and SEO-related technologies

The website uses the Rank Math plugin to support technical SEO. The plugin is not used for visitor marketing, but it may process technical data required for website operation and metadata generation.

13. Polylang

The website uses the Polylang plugin to handle language versions. The plugin may use technical cookies or similar mechanisms to remember the user’s preferred language.

14. Cloudflare

The website uses Cloudflare services to improve security, performance, and availability. Cloudflare may process technical user data such as IP address, request headers, or traffic-related information in order to protect the website against abuse and optimize content delivery.

Due to the security configuration, including Bot Fight Mode and WAF rules, technical traffic protection mechanisms and related security cookies may be used.

15. Hosting and email

The website and the controller’s email are hosted by LH.pl. Therefore, data transmitted via the contact form and email correspondence may be processed by the hosting and email provider to the extent necessary to provide these services.

16. Newsletter and mailing

The controller does not operate a newsletter sign-up form on the website. Mailing may be sent only to the controller’s own clients and contacts obtained outside the website, in accordance with applicable law.

17. Data security

The controller applies appropriate technical and organizational measures to protect personal data against loss, destruction, unauthorized disclosure, or access by unauthorized persons.

18. Changes to the Privacy Policy

This Privacy Policy may be updated in the event of legal, technical, or organizational changes related to the functioning of the website or the way personal data is processed.

The current version is always published on this website.