§ 1 General Information

1. This Privacy and Cookie Policy outlines the principles for processing personal data and using cookies and other tracking technologies in connection with the use of the website www.profitova.com (hereinafter referred to as the "Service").  

   
   

2. The administrator of personal data processed through the Service is PROFITOVA GROUP PROSTA SPÓŁKA AKCYJNA, headquartered at: ul. Rozmarynowa 8E / 2, 81-198 Mosty, Poland, entered in the National Court Register under KRS number: 0001168039, NIP: 5871751723, REGON: 541478493 (hereinafter referred to as the "Administrator").

3. Contact with the Administrator regarding personal data protection issues is possible at the email address: invest@profitova.com.

4. The Administrator makes every effort to protect the interests of the data subjects and particularly ensures that the data collected are processed lawfully; collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes; relevant and adequate in relation to the purposes for which they are processed and stored in a form that allows identification of the individuals concerned, no longer than is necessary to achieve the processing purpose.  

5. This policy is in accordance with the provisions of the Regulation of the European Parliament and Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons in relation to the processing of personal data and on the free movement of such data, and the repeal of Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the "GDPR".

§ 2 Types of Collected Personal Data  

1. When using the Service, the Administrator may collect the following personal data: a) Data provided voluntarily by users in forms (contact, consultation): * Name and surname, * Email address, * Phone number. b) Data collected automatically during visits to the Service (through cookies and other technologies): * IP address, * Approximate geolocation data, * Demographic data (e.g. age, gender - if provided by analytical tools), * Information about the interaction with the Service (e.g. clicks, visited subpages, time spent on the site, navigation manner, recordings of user sessions), * Information about the user's terminal device (e.g. type of browser, operating system), * Source of visits to the Service.

§ 3 Methods of Data Collection

1. Personal data is collected: a) Directly from the user – by filling out forms available on the Service (contact form, consultation form). Providing this data is voluntary but necessary to achieve the purpose for which the form was made available (e.g. replying to an inquiry, scheduling a consultation). b) Automatically – while using the Service, through cookies and similar tracking technologies (more information in § 8).

§ 4 Purposes and Legal Bases for Data Processing

1. User personal data is processed for the following purposes and on the following legal bases: a) Handling inquiries and requests for consultation submitted through forms: Data provided in forms (first name, last name, email, phone) are processed to respond to inquiries or process consultation requests. The legal basis for processing is: * Art. 6 para. 1 (f) GDPR (legitimate interest of the Administrator consisting of communication with users of the Service and responding to their inquiries), or * Art. 6 para. 1 (b) GDPR (taking action at the request of the data subject prior to entering into a contract – if the inquiry or consultation is aimed at establishing cooperation). b) Analytical and statistical purposes: Data collected automatically (IP address, geolocation, demographic data, interactions with the service, device data) are processed to analyze traffic on the Service, understand user behaviors, optimize the operation of the Service, and generate statistics. The legal basis for processing is Art. 6 para. 1 (a) GDPR (user consent expressed through cookie settings). c) Marketing purposes: Automatically collected data may be used for marketing purposes, including remarketing (displaying ads to users who visited the Service on other websites). The legal basis for processing is Art. 6 para. 1 (a) GDPR (user consent expressed through cookie settings). d) Ensuring the security of the Service: IP addresses and other technical data may be processed to ensure the security of IT infrastructure and detect abuse. The legal basis is Art. 6 para. 1 (f) GDPR (legitimate interest of the Administrator).  

§ 5 Recipients of Personal Data and Data Transfer Outside the EEA

1. User personal data may be disclosed to the following categories of recipients: a) Providers of technical and analytical services that enable the operation of the Service and analysis of traffic (e.g. hosting providers, analytical and marketing tool providers). b) Providers of social media platforms (Facebook, Instagram, LinkedIn), if their plugins or pixels are integrated into the Service. c) Entities authorized under applicable law (e.g. courts, law enforcement authorities). d) Other entities, if this is necessary to achieve the processing purposes and the user has consented to this or if it follows from legal provisions.

2. The Administrator uses tools provided by entities based outside the European Economic Area (EEA), particularly in the United States (e.g. Google LLC, Microsoft Corporation, Meta Platforms Inc., LinkedIn Corporation).

3. The transfer of data outside the EEA is carried out with appropriate safeguards, primarily through: a) the use of standard contractual clauses issued by the European Commission, b) the participation of these entities in programs ensuring an adequate level of protection approved by the European Commission (e.g. EU-U.S. Data Privacy Framework), c) cooperation with entities processing personal data in countries for which a decision of the European Commission has been issued indicating an adequate level of protection.  

   § 6 Data Retention Period

1. Personal data will be stored for the time necessary to achieve the purposes for which they were collected: a) Data from contact/consultation forms: for the time necessary to conduct correspondence, respond, provide a consultation service, and after that for the time required by law or until any claims become time-barred. If the user requests deletion of data, it will be deleted unless legal provisions require their further storage. b) Data processed based on consent (analytical, marketing purposes): until the user withdraws consent or until the data is no longer needed to achieve the purpose (e.g. data from cookies according to their lifetime - see § 8). c) Data processed based on legitimate interest: until an effective objection is raised by the user or this interest ceases.

§ 7 Rights of Data Subjects

1. In connection with the processing of personal data by the Administrator, users have the following rights under the GDPR: a) The right of access to the content of their data (Art. 15 GDPR) – to obtain information about the processed data and receive copies of them. b) The right to rectification (correcting) their data (Art. 16 GDPR) – to request the correction of inaccurate data or the completion of incomplete data. c) The right to erasure of data (“right to be forgotten”) (Art. 17 GDPR) – to request the deletion of data if there is no legal basis for processing them. d) The right to restrict processing of data (Art. 18 GDPR) – to request restriction of processing of data in specific cases (e.g. when the accuracy of the data is contested). e) The right to data portability (Art. 20 GDPR) – to receive the provided data in a structured, commonly used, machine-readable format and to send it to another administrator (applicable to data processed on the basis of consent or contract in an automated manner). f) The right to object (Art. 21 GDPR) – to lodge an objection against processing based on the legitimate interest of the Administrator (Art. 6 para. 1 (f) GDPR), including profiling. In the case of objections to direct marketing, the objection is always effective. g) The right to withdraw consent (Art. 7 para. 3 GDPR) – to withdraw consent to processing data at any time, if processing is based on consent (this does not affect the lawfulness of processing carried out prior to the withdrawal of consent). Consent for cookies can be withdrawn by changing browser settings or using the cookie consent management tool (if available in the Service). h) The right to lodge a complaint with a supervisory authority – the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw), if the user believes that the processing of their personal data violates GDPR provisions.  

   
   

2. To exercise their rights, the user should contact the Administrator at the email address: invest@profitova.com. A response will be provided within the timeframe provided by the GDPR (generally within a month).

§ 8 Cookie Policy

1. What are cookies? Cookies are small text files saved on the user's terminal device (computer, tablet, smartphone) when browsing websites. They typically contain the name of the site from which they come, the time of their storage, and a unique number.  

   
   

2. Purpose of using cookies: The Administrator uses cookies and similar technologies for: a) Analytical and statistical purposes: Collecting anonymous, aggregated statistics about how the Service is used, which helps to understand user preferences and improve the structure and content of the Service. Tools collect data about visits, sources of traffic, viewed pages, time spent on the site, approximate location, demographic data, and Microsoft Clarity additionally allows analysis of behaviors through heatmaps and recordings of user sessions. b) Marketing purposes: Using data for remarketing activities and displaying users with tailored ads in the advertising network and on other platforms. Cookies may also be used to track the effectiveness of advertising campaigns. c) Integration with social media: LinkedIn, Facebook, Instagram. d) Functional/Technical: Necessary for the proper functioning of certain features of the Service, e.g. remembering the user's preferences regarding consent to cookies.

3. Types of cookies used: a) Session cookies: Temporary files stored on the user's device until logging out, leaving the website, or closing the browser. b) Persistent cookies: Stored on the user's device for the time specified in the cookie parameters or until deleted by the user. c) First-party cookies: Placed directly by the Administrator of the Service. d) Third-party cookies: Placed by external entities whose components have been integrated into the Service (e.g. Google, Microsoft, Meta, LinkedIn). The Administrator does not have full control over cookies from these entities – it is recommended to read their privacy policies: * Google: https://policies.google.com/privacy?hl=en * Microsoft: https://privacy.microsoft.com/en-us/privacystatement * Meta (Facebook, Instagram): https://www.facebook.com/privacy/policy/ * LinkedIn: https://www.linkedin.com/legal/privacy-policy  

   
   

4. Legal basis for the use of cookies: a) In the case of cookies necessary for the operation of the Service (if such are used), the legal basis is Art. 6 para. 1 (f) GDPR (legitimate interest of the Administrator). b) In the case of all other cookies (analytical, marketing, third-party), the legal basis is Art. 6 para. 1 (a) GDPR (user consent), expressed voluntarily via the banner/management tool for cookies on the first visit to the Service.
   
   

5. Managing cookies and withdrawing consent: a) The user can at any time withdraw or change their consent to the use of cookies by using the consent management tool or by changing the settings of their web browser. b) Most web browsers, by default, allow saving cookies on the terminal device. The user can independently change the browser settings to block cookies (all or selected) or to receive information about each time they are sent to the device. Instructions on how to manage cookies are available in the settings of the respective browser. c) It should be noted that limiting or disabling the use of cookies may affect some functionalities of the Service, particularly those requiring consent. Disabling analytical and marketing cookies will not prevent the use of the Service but will limit the Administrator's ability to collect data.

§ 9 Security of Personal Data

1. The Administrator implements technical and organizational measures to ensure the protection of processed personal data appropriate to the risks and categories of data subject to protection, and in particular secures data against disclosure to unauthorized persons, seizure by unauthorized persons, processing in violation of applicable regulations, and modification, loss, damage, or destruction.  

   
   

2. Communication between the user's device and the Administrator's server during the collection of personal data is encrypted using an SSL certificate.

3. The Administrator uses the services of trusted providers (e.g. Google) who ensure appropriate security standards for data storage.

§ 10 Profiling and Automated Decision-Making

1. User personal data is not subject to profiling resulting in decisions that have legal effects concerning them or similarly significantly affect them within the meaning of the GDPR. Automatically collected data may be used for marketing purposes (remarketing), which may be considered a form of profiling, however, this is based on user consent and does not lead to automated decision-making with significant effects.

§ 11 Changes to the Privacy Policy

1. The Administrator reserves the right to make changes to this Privacy and Cookie Policy.  

   
   

2. Any changes will be published here (on this page).

3. Changes take effect on the date of their publication in the Service. It is advisable to regularly check the content of the Policy.

§ 12 Final Provisions

1. In matters not regulated by this Privacy Policy, the provisions of the GDPR and other relevant provisions of Polish law apply.  

   
   

2. This policy is in effect from April 15, 2025