Logo

    Privacy Policy

    1. Introduction

    This Privacy Policy describes how The Widlarz Group sp. z o.o., with a registered office in Krakow, ul. Szlak 77/222, 31-153 Krakow, entered into register of entrepreneurs of the National Court Register by District Court Krakow-Śródmieście in Kraków, XI Commercial Division of the National Court Register under KRS no.: 0000948896, Tax Id. No. (NIP): 6762610444, Industry Id. No. (REGON): 521042593, represented by: Bartłomiej Widlarz ("We," "Us," "Our") handles information. It is divided into two parts:

    • The data we collect from our Clients for business relationship purposes (where we act as a Data Controller).
    • The data we process on behalf of our Clients through our Services (where we act as a Data Processor).

    2. Information We Process

    A. As a Data Controller (Client Information):

    To manage our business relationship with you ("Client"), we collect your name, email address, company information, and payment details. We use this to provide our Services, process payments, and communicate with you.

    B. As a Data Processor (End-User Data):

    On behalf of our Clients, our Software collects the following data points from our Client's end-users. Under GDPR, this is Personal Data.

    • Device and Application Data: Device ID, App ID.
    • Usage Statistics: Total Impressions, Total Downloads, Total Users, and the same statistics broken down per plugin.
    • Time-Based Data: Timestamps and Hourly breakdown of usage.

    3. How We Use Information

    A. Use of Client Information (as Controller):

    We use your information to administer your account, provide customer support, and comply with legal obligations.

    Legal Basis for Processing (for Clients):

    We process your personal data on the following legal bases:

    • Performance of a contract – to provide the Services you request (Article 6(1)(b) GDPR);
    • Legal obligation – to comply with accounting and tax regulations (Article 6(1)(c) GDPR);
    • Legitimate interest – to maintain business relationships, ensure service security, and prevent fraud (Article 6(1)(f) GDPR);
    • Consent – for marketing communications and analytics cookies, where applicable (Article 6(1)(a) GDPR).

    B. Use of End-User Data (as Processor):

    We process End-User Data only on behalf of and as instructed by our Client (the Data Controller). The purpose is determined by our Client but is generally for analytics, optimization, technical monitoring, and business intelligence to help them understand and improve their application's performance and user experience. We do not use this End-User Data for our own purposes.

    4. Data Sharing and Subprocessors

    We do not sell personal data. To provide our Services, we partner with key third-party service providers who act as our subprocessors. It is important for you to understand that your data will be processed by these companies. Our primary subprocessors include:

    • Fly.io: We use Fly.io for our core application and database hosting. They process all End-User Data we collect and the Client Information we manage.
    • Google Firebase: We use Firebase for user authentication (Firebase Auth). This service processes and stores the credentials and associated personal data of end-users who sign up or log in to our Clients' applications.
    • Cloudflare: We use Cloudflare for domain connection, security (SSL), and as a content delivery network. Cloudflare processes network traffic data, which includes End-User IP addresses and other request details, to protect and accelerate our service.

    5. Data Subject Rights

    Clients: You have the right to access, correct, or delete your own account information.

    End-Users: As we are a Data Processor, any individual wishing to exercise their data protection rights (e.g., access, deletion) regarding data collected via the Software must direct their request to our Client (the Data Controller). We will provide reasonable assistance to our Clients to help them respond to such requests, as detailed in our DPA.

    6. International Data Transfers

    As a company based in Poland, we adhere to the GDPR. However, to provide our services, we utilize a global infrastructure, which means that personal data we process may be transferred to, stored, and processed in countries outside of the European Economic Area (EEA), most notably the United States.

    We have a legal basis for these transfers and ensure your data remains protected to the standards required by EU law. The safeguards we rely on for each subprocessor are:

    • Fly.io: Data hosted on Fly.io is stored and processed in the United States. Fly.io complies with the EU-U.S. Data Privacy Framework (DPF), which is an approved mechanism for transferring personal data from the EU to the U.S.
    • Cloudflare: Cloudflare processes data globally and primarily stores information in the United States and the EEA. For transfers to the U.S., Cloudflare also adheres to the EU-U.S. Data Privacy Framework (DPF) and may use Standard Contractual Clauses (SCCs) for other transfers.
    • Google Firebase: As a Google service, data processed by Firebase is transferred to Google's global servers, which are primarily in the United States. Google complies with the EU-U.S. Data Privacy Framework and also offers Standard Contractual Clauses (SCCs) to ensure data is protected.

    7. Data Security and Retention

    We implement appropriate technical and organizational measures to protect data. We retain Client Information for the duration of our business relationship and for up to five (5) years thereafter, in accordance with accounting and tax record-keeping obligations. We retain End-User Data for the period instructed by our Client, as defined in the DPA. After the retention period, personal data is securely deleted or anonymized unless further retention is required by law.

    8. Cookies and Analytics

    Our website uses cookies and similar technologies to improve user experience, analyze website traffic, and measure the effectiveness of our marketing campaigns.

    We use Cookiebot by Usercentrics as our Consent Management Platform (CMP) to manage cookie preferences and store user consent logs in accordance with the GDPR and the ePrivacy Directive. Some cookies are essential for the website to function properly, while others (such as analytics or marketing cookies) require your prior consent. We use Google Analytics 4 (GA4) with IP anonymization enabled. Google Analytics helps us understand how visitors use our site by collecting aggregated data such as page views, session duration, and referring URLs.

    The data may be transferred to and processed by Google LLC in the United States under the EU–U.S. Data Privacy Framework. The legal basis for using analytics cookies is your consent (Article 6(1)(a) GDPR). You can manage your cookie preferences at any time through the cookie banner displayed on our website. For more information on how Google processes data, please visit: https://policies.google.com/privacy.

    9. Contact Us

    For privacy inquiries, please contact our Data Protection Lead at hi@thewidlarzgroup.com (please include 'Data Protection' in the subject line).

    Last updated: 2025-10-07