Printbox Privacy Policy

Publication date: August 7, 2025 .

Introduction

This Privacy Policy sets out the principles for the processing of personal data by Printbox Sp. z o.o., including the methods of its collection, use, and disclosure. The document also contains information about your rights in connection with the processing of your personal data. We encourage you to read this Policy carefully, as it is an essential source of information that will allow you to make informed decisions about sharing your data and exercising your rights under the applicable data protection regulations. If you have any questions or concerns regarding the processing of your personal data or the protection of your privacy, please contact us:

by email at: gdpr@getprintbox.com ;
by post at: Printbox Sp. z o.o. with its registered office at ul. Fabryczna 20A, 31-553 Kraków, Poland.

#1 Who is the controller of your personal data?

The controller of your personal data is Printbox Sp. z o.o. (hereinafter: Printbox), a limited liability company with its registered office in Kraków at ul. Fabryczna 20A, 31-553 Kraków, Poland, entered into the Register of Entrepreneurs of the National Court Register under KRS number: 0000484669, NIP (Tax Identification Number): 6762470210, with a share capital of PLN 108,500.00. Printbox acts as a data controller within the meaning of the GDPR in situations where it independently determines the purposes and means of processing personal data, in particular in connection with:

the use of our websites and the services provided through them by data subjects;
the processing of personal data for purposes related to the creation, maintenance, and improvement of our products and services;
the conduct of ongoing operational and marketing activities by applicable laws.

List of Printbox websites:

#2: On what basis, for what purpose, and for how long do we process your personal data?

Taking steps to conclude a contract (e.g., preparing an offer, negotiations)

Purposes of processing:

Analyzing inquiries, preparing cooperation proposals, and negotiating the terms of a future contract.
Maintaining contact with individuals representing potential clients, contractors, or business partners regarding discussions aimed at establishing cooperation.
Verifying identity, authorization to represent, and the intention to cooperate before commencing a contractual relationship.
Documenting the course of correspondence and pre-contractual arrangements, including for accountability purposes and to protect the controller's interests.

Legal basis:

Article 6(1)(b) of the GDPR – processing is necessary to take steps at the request of the data subject before entering into a contract (e.g., preparing an offer, determining the scope of services, negotiating terms).
Article 6(1)(f) of the GDPR – the controller's legitimate interest in conducting communication and preparing offers as part of the standard sales or pre-sales process, including with representatives of legal entities.

Storage period:

Data is processed for the period of commercial discussions or offer preparation, and then—if a contract is not concluded—for a maximum of 12 months from the last contact, unless the data subject has consented to further marketing contact.
If these actions result in the conclusion of a contract, the data will be subject to the rules and storage periods provided for the performance of the contract (e.g., for accounting, tax, complaint, or archival purposes).

Performance of contracts and provision of services

Purposes of processing:

Conclusion and performance of a contract with a client, contractor, or partner—including order fulfillment, service provision, payment processing, invoicing, handling complaints, and providing technical or substantive support.
Identifying the parties to the contract, conducting ongoing operational communication, and documenting arrangements during the contractual relationship.
Fulfilling obligations arising from legal provisions, including tax, accounting, and e-service regulations.
Ensuring accountability for actions related to the performance of the contract and the possible defense of rights and pursuit of claims arising from the contractual relationship.

Legal basis:

Article 6(1)(b) of the GDPR – processing is necessary for the performance of a contract to which the data subject is a party or to take steps before entering into a contract.
Article 6(1)(c) of the GDPR – to comply with legal obligations incumbent on the controller, particularly in the areas of tax, accounting, and complaint law.
Article 6(1)(f) of the GDPR – the controller's legitimate interest in ensuring the proper execution of the contractual relationship, communicating with representatives of the parties, and pursuing claims.

Storage period:

Personal data processed under Article 6(1)(b) of the GDPR (necessity for the performance of a contract) is stored for the entire duration of the contract and, after its termination, for the period of limitation of potential civil law claims related to its performance.
Data processed to fulfill the controller's legal obligations—under Article 6(1)(c) of the GDPR—is stored for the period required by the relevant legal provisions.
Data processed under Article 6(1)(f) of the GDPR (the controller's legitimate interest)—in particular to ensure continuity of contact with representatives of the parties, secure communication, establish facts, or defend against claims—is stored until the purpose is fulfilled or a practical objection is raised, but no longer than the limitation period for claims arising from the legal relationship.

Provision of the Newsletter service

Purposes of processing:

Sending requested information (the newsletter) to the provided email address, i.e., sending commercial information, news, promotions, events, and special offers.
Analyzing statistics on the effectiveness of our mailing campaigns (e.g., open rates, click-through rates) to optimize the content and form of the newsletter, and to ensure the accountability of our actions (e.g., the ability to demonstrate the fact and scope of consent).

Legal basis:

Article 6(1)(a) of the GDPR – voluntary consent given when subscribing to the newsletter.
Article 6(1)(f) of the GDPR – for the analysis of mailing campaign effectiveness (the controller's legitimate interest).

Storage period:

We process the data until you withdraw your consent (unsubscribe). After that, we may store it only to the extent necessary to demonstrate that the newsletter was sent lawfully (accountability).

Handling of correspondence (electronic, traditional)

Purposes of processing:

Receiving, recording, archiving, and responding to correspondence addressed to us—including inquiries, requests, complaints, notifications, and official and business correspondence.
Ensuring continuity of communication, including identifying the sender and documenting the course of contact.
Ensuring accountability of actions, in particular demonstrating facts related to compliance with legal and contractual obligations.

Legal basis:

Article 6(1)(f) of the GDPR – the controller's legitimate interest in conducting communication, handling inquiries, and documenting the course of contact.
Article 6(1)(c) of the GDPR – in the case of a legal obligation to store a specific type of correspondence (including within the framework of e-delivery).
Article 6(1)(b) of the GDPR – when the correspondence is conducted to take steps at the request of the data subject before entering into a contract or in connection with its performance.

Storage period:

Data is processed for the time necessary to respond and resolve the matter, and then for the period required by law or necessary to defend against potential claims.
For correspondence not subject to an archiving obligation, for a maximum of 12 months from the end of the contract, unless an objection to processing is raised earlier.

Management of social media profiles (e.g., Facebook, Instagram, LinkedIn)

Purposes of processing:

Maintaining the official profiles of Printbox Sp. z o.o. on social media to build and maintain the brand image, promote activities, and inform about news, events, and the offer of services and products.
Interacting with users, including responding to comments, private messages, and reacting to shared content.
Analyzing user activity (statistics, reach, campaign effectiveness) to optimize communication and tailor content to the audience.
Ensuring the accountability of communication and marketing activities, including the ability to demonstrate consents, interactions, or their absence in case of disputes.

Legal basis:

Article 6(1)(f) of the GDPR – the controller's legitimate interest in conducting branding and communication activities, analyzing the effectiveness of published content, and building relationships with users.
Article 6(1)(a) of the GDPR – voluntary consent expressed through a user's reaction to published content, sending a message, commenting, following a profile, or other action within a specific social media platform—to the extent that this interaction does not result from a contractual relationship or legal obligation.

Storage period:

Personal data is processed for the period of following our profiles, maintaining contact, or conducting communication, as well as for the duration of the availability of interactions (comments, messages) on the social media platform.
For marketing or analytical activities, for the duration of the processing purpose or until a practical objection is raised or consent is withdrawn.
Data may also be processed for a more extended period to the extent necessary to pursue or defend against claims (e.g., in case of violations, abuses, reports).

Conducting statistical analysis and optimizing websites/services

Purposes of processing:

Monitoring user activity on the website and within the services provided—based on aggregated, anonymized, or pseudonymized data—to understand how content and functionalities are used and to identify areas for improvement.
Conducting statistical analyses of user behavior, visit trends, and the performance of individual sections of the website or services—in a manner that does not require the identification of a specific natural person.
Improving technical solutions, functionalities, and content structure—based on conclusions from analyses, A/B tests, click maps, user paths, etc.
Ensuring the stable operation of the website and improving its security (e.g., detecting errors, abuses, patterns of automated activity).

Legal basis:

Article 6(1)(f) of the GDPR – the controller's legitimate interest in conducting branding and communication activities, analyzing the effectiveness of published content, and building relationships with users.
Article 6(1)(a) of the GDPR – the user's voluntary consent expressed by accepting the use of cookies and similar technologies for analytical, statistical, and optimization purposes (consent expressed via a consent banner or browser settings).

Storage period:

Statistical and technical data obtained from cookies or analytical tools are stored for the period specified in the settings of the respective tool or until consent for their use is withdrawn.
The storage period may vary depending on the technology used, the type of cookie, and the user's browser settings, but it does not exceed the purpose for which the data was collected.
In the case of anonymized data, processing may continue without time limits, as long as it is not possible to re-associate it with a specific person.

Handling inquiries via the contact form on websites

Purposes of processing:

Receiving and handling inquiries sent via the contact form, including providing answers, conducting correspondence, and resolving the issue presented.
Identifying the sender of the inquiry and maintaining continuity of communication with the person contacting us.
Ensuring documentation of communication for accountability, archival, or potential defense against claims.
In some cases, taking steps to conclude or perform a contract if the inquiry concerns an offer or cooperation.

Legal basis:

Article 6(1)(f) of the GDPR – the controller's legitimate interest in handling inquiries, communicating with persons interested in the offer or activities of Printbox Sp. z o.o., and maintaining a record of contacts.
Article 6(1)(b) of the GDPR – if the inquiry concerns actions aimed at concluding a contract or directly performing a service at the request of the data subject.

Storage period:

Data is processed for the time necessary to respond and resolve the matter, and then for the period required by law or necessary to secure potential claims.
For inquiries not related to further actions, the data may be deleted after 12 months from the last contact, unless the user has consented to further marketing communication or has objected to the processing.

Carrying out the recruitment process

Purposes of processing:

Assessing the qualifications, experience, and predispositions of candidates to select the appropriate person for employment or cooperation.
Conducting the application selection process, organizing job interviews, and contacting candidates for the recruitment process.
Ensuring compliance of the recruitment process with labor law or other relevant regulations (e.g., for positions requiring special qualifications or authorizations).
In the case of separate consent, processing data for future recruitment processes.

Legal basis:

Article 6(1)(c) of the GDPR – for data required by labor law provisions (e.g., Art. 22¹ § 1 of the Polish Labour Code, if the process concerns employment based on an employment contract).
Article 6(1)(b) of the GDPR – for processing data necessary to take steps at the candidate's request before concluding a contract (e.g., a civil law contract).
Article 6(1)(a) of the GDPR – the candidate's voluntary consent, in particular for processing data that goes beyond the scope required by law or for participation in future recruitments.
Article 6(1)(f) of the GDPR – the controller's legitimate interest in documenting the course of the recruitment process and protecting against potential claims (e.g., on grounds of discrimination).

Storage period:

Candidate data is processed for the duration of the given recruitment process, and after its completion, for a period of up to 6 months to secure potential claims.
If consent is given for participation in future recruitments, the data will be stored for no longer than 12 months or until the consent is withdrawn.

Conducting marketing and informational activities

Purposes of processing:

Sending commercial information, offers, news, event invitations, and content promoting the controller's products or services—via the chosen communication channel (e.g., email, phone, push notifications, instant messengers).
Personalizing marketing content based on the recipient's preferences, interaction history, or the nature of the relationship with the controller.
Conducting promotional and PR activities aimed at building brand awareness and relationships with clients or potential service recipients.
In the case of communication directed at representatives of legal entities, ensure contact within standard business relations (B2B).

Legal basis:

Article 6(1)(a) of the GDPR – voluntary consent of the data subject to receive marketing content and commercial information via the chosen communication channel (e.g., email, phone).
Article 6(1)(f) of the GDPR – the controller's legitimate interest in conducting direct marketing towards contractors or representatives of collective entities (B2B).
Article 6(1)(b) of the GDPR – to the extent that marketing communication is an element of the service provided (e.g., by the scope of the contract or regulations).

Storage period:

Data processed based on consent will be stored until it is withdrawn, but no longer than 24 months from the last contact with the controller (e.g., opening a message, clicking a link, participating in an event).
Data processed based on the controller's legitimate interest (e.g., B2B relations) will be processed for the duration of the commercial relationship or until a practical objection to processing for marketing purposes is raised.

Ensuring the security of IT services and systems and protection against abuse

Purposes of processing:

Monitoring and analyzing events in IT systems to detect and prevent security incidents (e.g., unauthorized access, DDoS attacks, hacking attempts).
Maintaining and updating technical security measures to minimize the risk of loss of confidentiality, integrity, or availability of data.

Legal basis:

Article 6(1)(f) of the GDPR – the controller's legitimate interest in ensuring the security of the service and IT system infrastructure, protecting personal data and resources against abuse, and preventing incidents.
Article 6(1)(b) of the GDPR – the necessity of processing data to provide IT services by a contract (e.g., maintaining the availability of IT systems, technical support).

Storage period:

Data and logs processed based on a legitimate interest (Article 6(f)) – until the interest ceases (e.g., the monitoring of a given event ends) or a practical objection is raised, but no longer than 3 years from their registration.

Contests, promotional campaigns, and lotteries

Purposes of processing:

Organizing and conducting contests, lotteries, and other promotional campaigns, including collecting entries, verifying compliance with participation conditions, drawing lots, and selecting winners.
Contacting participants—sending entry confirmations, notifications about the campaign's progress, results, and information on how to claim prizes.
Analyzing the effectiveness and popularity of promotional campaigns to optimize future campaigns.
Ensuring accountability and compliance with promotion regulations and legal provisions, including documenting drawings and public promises.

Legal basis:

Article 6(1)(f) of the GDPR – the controller's legitimate interest in organizing and settling contests and promotional campaigns based on a public promise.
Article 6(1)(b) of the GDPR – the necessity of processing data to fulfill the conditions of participation in a promotional lottery.
Article 6(1)(c) of the GDPR – fulfilling legal obligations incumbent on the controller, in particular tax obligations related to the awarding of high-value prizes, and obligations arising from the Act on Gambling Games, including documentation of lotteries and notifications to supervisory authorities.

Storage period:

Data of contest and promotional campaign participants processed based on legitimate interest (Article 6(1)(f) of the GDPR) is stored for the period necessary to complete the campaign and handle any complaints, and then until the statute of limitations for claims expires.
Data of promotional lottery participants processed based on a contract (Article 6(1)(b) of the GDPR) are stored until the fulfillment of obligations under the regulations and for the period necessary to secure potential claims.
Data processed to fulfill legal obligations (Article 6(1)(c)) – we store for the period required by law (e.g., tax documentation – 5 years, lottery documentation – by the Act on Gambling Games).

Customer satisfaction surveys

Purposes of processing:

Conducting satisfaction surveys after a service or transaction has been completed—to learn about customer opinions and assess the quality of the services provided.
Analyzing survey and feedback form results—including statistical processing of results and identifying areas for improvement.
Improving service processes, personalizing business relationships, and developing the service offer based on the actual needs of recipients.

Legal basis:

Article 6(1)(f) of the GDPR – the controller's legitimate interest in conducting customer opinion surveys to improve the quality of services provided, develop relationships, and implement quality standards.
Article 6(1)(a) of the GDPR – voluntary consent of the data subject—for surveys not directly related to a service, opinion surveys of potential customers, or the use of identifying data (e.g., a quote from an opinion with a signature).
Article 6(1)(b) of the GDPR – in situations where the survey is part of the performance of a contract (e.g., an evaluation survey as part of the service, a quality report within a contract).

Storage period:

Data processed based on legitimate interest (Article 6(1)(f) of the GDPR) is stored for the period necessary to analyze and use the results, no longer than 12 months from the end of the survey, unless the results are anonymized beforehand.
Data processed based on consent (Article 6(1)(a) of the GDPR) – until its withdrawal, no longer than 12 months from its granting, if the data has not been deleted earlier through anonymization.
If the survey is used as an element of a contract (Article 6(1)(b) of the GDPR), for the duration of the contract and the limitation period of claims.

Loyalty programs

Purposes of processing:

Registering participants in the loyalty program and managing their accounts to accumulate points, coupons, or other benefits resulting from participation.
Managing participant status, calculating and settling rewards, verifying compliance with the program's terms and conditions, and handling requests and complaints.
Sending communications related to the program (e.g., information about the balance, validity of points, offers available only to program members).
Analyzing participant activity and engagement to optimize the program, prevent abuse, and develop customer relationships.

Legal basis:

Article 6(1)(b) of the GDPR – the necessity of processing data to perform the contract entered into by joining the loyalty program (the terms and conditions as a contract).
Article 6(1)(f) of the GDPR – the controller's legitimate interest in: preventing abuse in the program, and conducting analyses and statistics for program development and audience segmentation.
Article 6(1)(a) of the GDPR – the participant's consent to receive marketing content related to the loyalty program via the chosen communication channel (e.g., email, SMS).

Storage period:

Participant data processed based on a contract (Article 6(1)(b) of the GDPR) are stored for the entire period of participation in the program and for the period necessary to handle any claims.
Data processed based on marketing consent (Article 6(1)(a) of the GDPR) – until the consent is withdrawn or the purpose of processing ceases, no longer than 24 months from the last marketing contact.
Data processed based on legitimate interest (Article 6(1)(f) of the GDPR) – for the duration of the program or until a practical objection to processing is raised.

Training, workshops, webinars

Purposes of processing:

Registering participants and managing applications for training, workshops, or webinars organized by Printbox.
Enabling participation in the event, providing organizational contact, and delivering materials related to the event.
Handling payments and issuing accounting documents (for paid events).
Documenting the course of the event (e.g., in the form of attendance lists, broadcast recordings) and its evaluation by participants.
Accountability to external entities (e.g., co-financing, grants, institutions controlling the quality of education).

Legal basis:

Article 6(1)(b) of the GDPR – processing of data is necessary for the performance of a contract or to take steps to conclude one (participation in training based on an application and regulations).
Article 6(1)(f) of the GDPR – the controller's legitimate interest in: organizing educational events, communicating with participants, and archiving data to document participation.
Article 6(1)(c) of the GDPR – for legal obligations concerning the issuance of accounting documents (invoices, bills), archiving accounting records, or reporting obligations (e.g., for EU projects).
Article 6(1)(a) of the GDPR – voluntary consent of the data subject—e.g., regarding the recording of participants' images (e.g., in video recordings, promotional materials) or the processing of data beyond what is necessary to provide the service.

Storage period:

Data processed for the event (Article 6(1)(b) of the GDPR) is stored for the period necessary to perform the contract and handle any claims.
Data processed based on legitimate interest (Article 6(1)(f) of the GDPR) – for a period not exceeding 3 years, unless further storage is necessary for project accountability or grantor requirements.
Data processed based on legal obligations (Article 6(1)(c) of the GDPR) – for the period required by law (e.g., accounting documents – 5 years, by the Accounting Act).
Data processed based on consent (Article 6(1)(a) of the GDPR) – until its withdrawal, but no longer than 24 months if the purpose was marketing communication or the publication of materials from the event.

#3 Scope and sources of collected personal data

We only collect personal data that is necessary for the purposes indicated. We obtain this data directly from you (e.g., when you provide it in a form or contact us), automatically (e.g., through cookies), and occasionally from third parties (e.g., social media, if you interact with us through them). Below are the categories of personal data we may process:

Identification and contact data: e.g., name and surname, email address, phone number, company name, job title, country of residence/registered office. Providing this data is voluntary, but necessary for us to respond to your inquiry, provide a service, or enter into a contract with you (e.g., a service agreement or a license agreement).
Data regarding the use of our website and services (technical data): information collected automatically about your visit to our websites, such as IP address and approximate device location (e.g., country or city determined based on the IP), browser and device type, operating system, unique online identifiers (e.g., cookie ID), pages visited, time spent on the site, entry source (e.g., the site from which you were redirected to our website), as well as information about your interaction with our content (e.g., clicks on links, opening our emails, etc.). This data is collected using cookies and similar technologies and is used by us to analyze website traffic, improve our services, and ensure security.
Transactional and commercial data: information related to interest in our services, history of contacts with us, inquiries, and in the case of customers—data about concluded contracts, purchased services/licenses, payments, etc. (to the extent it concerns a natural person, e.g., the owner of a sole proprietorship or a contact person at a business client).
Recruitment data: if you apply for a job at Printbox, we process the data contained in your application (CV, cover letter, etc.), such as information about professional experience, education, qualifications, skills, as well as contact details for recruitment purposes.
Other information you voluntarily provide to us: any other personal data you decide to disclose to us, e.g., in the content of a message sent to us, in contact form fields, or during a phone/video call. We will process such data only for the purpose for which you provided it.

Data Sources As a rule, we obtain data directly from you when you use our services or contact us. This data may come from channels such as: forms on the website, chats, newsletter subscriptions, email correspondence, phone calls, in-person or online meetings, and messages sent via social media, etc.

We automatically collect technical data necessary for the operation and optimization of the service, including:

cookies and similar technologies used to save preferences and analyze traffic;
server logs that record events such as IP addresses, access times, browser and operating system information, etc.

We less frequently obtain data from third parties, solely to supplement information or for verification:

Public sources (e.g., National Court Register (KRS), Central Registration and Information on Business (CEIDG)) – for data concerning business entities;
Social networks (e.g., LinkedIn) – when you establish business contact with us through these platforms;
Referring persons – if you have used a recommendation from a client or partner, we may receive basic contact details from them. In such a situation, we will inform you of this at the first contact.

We assure you that we do not purchase databases from data brokers or obtain information in a manner contrary to the law.

#4 What are your rights in connection with data processing?

The General Data Protection Regulation (GDPR) grants you several rights related to the processing of your personal data. As the controller of your data, we respect these rights and ensure you can exercise them.

Below is a list of your rights:

The right of access to data (Article 15 of the GDPR):

You have the right to obtain confirmation from us as to whether or not we are processing your personal data. If we are, you have the right to access it and receive information, including about the purposes of the processing, categories of data, recipients, the planned storage period, and your rights. You can also request a copy of the data.

The right to rectification (Article 16 of the GDPR):

If you notice that your personal data we hold is incorrect or incomplete, you have the right to request its immediate rectification or completion.

The right to erasure ('the right to be forgotten') (Article 17 of the GDPR): You have the right to request the erasure of your personal data if:

It is no longer necessary for the purposes for which it was collected or otherwise processed,
You have withdrawn the consent on which the processing was based (and there is no other legal ground for further processing),
You have objected to the processing (and there are no overriding legitimate grounds for the processing),
The data has been unlawfully processed,
The erasure is required to comply with a legal obligation.

Please remember that this right is not absolute and there are exceptions (e.g., when processing is necessary for the establishment, exercise, or defense of legal claims, or to comply with a legal obligation).

The right to restriction of processing (Article 18 of the GDPR): You have the right to request the restriction of the processing of your data in certain situations, e.g., when:

You contest the accuracy of the data (for a period enabling us to verify its accuracy),
The processing is unlawful, but you oppose the erasure of the data and request the restriction of its use instead,
We no longer need the data for the processing, but you require it for the establishment, exercise, or defense of legal claims,
You have objected to processing under Article 21(1) of the GDPR (pending the verification of whether our legitimate grounds override your grounds for objection).

The right to data portability (Article 20 of the GDPR):

If the processing is based on your consent or for the performance of a contract and is carried out by automated means, you have the right to receive the data you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, and to have the data transmitted directly from us to another controller, where technically feasible.

The right to object (Article 21 of the GDPR):

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on our legitimate interest (Article 6(1)(f) of the GDPR), including profiling. In such a case, we will cease to process your data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
Particularly important: If your personal data is processed for direct marketing purposes (including profiling to the extent that it is related to such direct marketing), you have the right to object at any time to such processing. This objection does not require justification. Upon receipt of an objection, we will immediately cease processing your data for this purpose.

The right to withdraw consent (Article 7(3) of the GDPR):

If the processing of your data is based on consent, you have the right to withdraw that consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You can withdraw your consent as easily as it was given (e.g., by clicking the link in a newsletter or by contacting us).

The right to complain with a supervisory authority (Article 77 of the GDPR):

If you believe that the processing of your personal data violates the provisions of the GDPR or other data protection laws, you have the right to complain with a supervisory authority responsible for data protection. In Poland, this authority is the President of the Personal Data Protection Office (PUODO). You can find the contact details for PUODO on the website: https://uodo.gov.pl/en/p/contact.

You can submit any requests related to the exercise of the above rights in the following ways:

in writing to the controller's correspondence address (with the note "Personal Data");
electronically (by email) to: gdpr@getprintbox.com .

The controller will endeavor to respond to your request promptly, no later than within one month, or to inform you of the need to extend this deadline (by a maximum of two additional months), along with an explanation of the reasons for the delay. In certain situations, the controller may ask for additional information to confirm your identity in order to verify your right to make the request. This is part of the adequate security measures aimed at ensuring that personal data is not disclosed to an unauthorized person.

#5 Who are or may be the recipients of your personal data?

Your personal data may be shared by us with other entities only by applicable law. We never sell personal data to third parties. The categories of entities to whom we may disclose your data are:

Companies from our group and affiliated companies: We are part of a structure in which we work closely with other entities to provide and develop our services. Your data may be shared with:

Printbox LLC (USA) – our subsidiary, to the extent necessary to serve customers from the USA or support our operations.
Phenomena Michał Czaicki Spółka Komandytowa – this company is a key technology partner responsible for the development and maintenance of the Printbox software.

Within our group and between affiliated entities, uniform, high standards of data protection apply, and transfers are based on joint controllership agreements and/or data processing agreements (DPAs).

External service providers (data processors): In our daily operations, we use the help of trusted subcontractors who may process your data on our behalf and at our direction. Such processors include, among others:

Hosting and IT infrastructure providers – we store data on the servers of external providers (e.g., cloud service providers). We enter into agreements with them that guarantee data confidentiality and security.
Analytical and marketing tool providers – e.g., Google (Google Analytics, Google Ads), Meta (Facebook Pixel), Hotjar, which support us in analysis and promotion. Where possible, we have concluded processing agreements with them (e.g., in the case of Google) or ensured that they operate under services that comply with the law. Please note that some of these entities may also act as independent controllers in a limited scope.

We utilize CRM, email, and relationship management system providers to manage our customer and contact database (CRM) and send mailings. This means your contact details may be stored on the servers of such a provider and processed to handle communication. We always choose providers who guarantee compliance with privacy protection requirements.

Communication and customer service tool providers: Entities providing systems for managing email, contact forms, and support ticket systems (helpdesk).
Payment processing partners – if you make a payment as part of our services, the payment-related data (e.g., card number, bank account details) is directly handled by our external payment provider. In such cases, they act as independent controllers of this financial data.
Accounting, legal, and audit firms – if necessary, we may share some of your data with our advisors (e.g., lawyers in the event of a legal dispute, auditors examining our compliance with regulations, an accounting office that processes our invoices with your data, etc.). Such sharing occurs only to the necessary extent and under appropriate agreements.
Other subcontractors as needed – e.g., a courier company (it will receive your address if we need to send you a contract or materials), SMS service providers (if we confirm something by SMS), document archiving companies, external developers, consultants (when implementing projects or providing services). In each case, the amount of data transferred is limited to the necessary minimum.

Independent data recipients: There are situations where the law requires or permits the disclosure of your data to other data controllers. Such recipients include:

Public authorities and law enforcement agencies: If authorized bodies (e.g., police, prosecutor's office, court, supervisory authority) request us to disclose data based on relevant legal provisions, we are obliged to provide it. In each case, we carefully verify the legal basis of the request and the scope of the information provided, ensuring security and proportionality.
Entities involved in corporate transactions: If in the future Printbox were to consider restructuring, merger, or sale of all or part of the company, your data could be transferred to a potential buyer/investor as part of a due diligence review, and then to the new owner of the company. In such a situation, the new entity will assume the obligations of the data controller and will be able to use the data for service continuity, but still by this Policy.

Your consent/Your instruction: In certain cases, you may ask us to transfer your data to a specific entity or give your consent for it. For example, if you ask us for a reference and agree for us to disclose your data to another client, we will do so. Or if, by using an integration of our services with another company's service, you authorize the flow of your data (e.g., logging in with a Google account), then the data is transferred with your consent and according to your intention.

We impose data protection requirements on all our data processors acting on our behalf—they must guarantee appropriate security measures, process data only for the purposes we specify and at our direction, and delete or return the data after the service is completed. We also ensure that we do not share any data in an unauthorized manner. We do not sell databases with email addresses, we do not share customer lists with marketing partners without a legal basis, and we do not disclose user information to other customers. Each recipient receives only the data that is necessary to achieve a specific purpose (minimization). If you have doubts about a particular recipient, you can always request information from us about whether and to whom we have transferred your data.

#6 Cookies and similar tracking technologies

Our websites use cookies and similar technologies (such as pixels, local storage, and monitoring scripts) to ensure their proper functioning, analyze traffic, and support marketing activities. Cookies are small text files saved on your device (computer, smartphone) when you visit a website. On subsequent visits, they allow the website to recognize your browser and, for example, remember your preferences.

Types of cookies we use:

Essential cookies: These are cookies necessary for the proper functioning of our website and services. They enable basic functions such as navigation or remembering your privacy settings (e.g., whether you have consented to cookies). Without these cookies, the website cannot function correctly.
Analytical/performance cookies: These allow us to collect aggregated information about how users use our websites—which subpages they visit, how much time they spend on them, and what features they click. Thanks to them, we can improve the structure and content of our services, as well as solve technical problems. We use, among others:

Google Analytics (Google LLC) - a popular analytical tool for analyzing website traffic statistics. The data we receive from Google Analytics is in the form of collective reports and statistics. It does not allow us to link information to a specific user directly. Typical information we analyze includes, for example: general data about users' operating systems and web browsers, the popularity of individual subpages of our service, the average time spent on the site and its subpages, user navigation paths on the site, general information about traffic sources to the site (e.g., search engines, other sites), approximate geographical location (e.g., at the country or city level), etc. The processing of data in connection with the use of Google Analytics cookies is based on your voluntary consent (Article 6(1)(a) of the GDPR), which you express through our cookie consent management mechanism (cookie banner). We emphasize that we have implemented privacy protection measures when using Google Analytics—e.g., the IP address anonymization function, so that the user's IP address is shortened before being saved (this limits the possibility of identification). Remember that you have control over cookies. You can withdraw your consent to the use of Google Analytics cookies at any time by changing the settings in our cookie consent management mechanism. Additionally, most web browsers offer configuration options that allow you to manage cookies, including blocking or deleting them. Google also provides information on the possibility of opting out of data collection by Google Analytics (e.g., through special browser add-ons). We recommend that you familiarize yourself with Google's official resources on this matter. More information on how Google uses data when you use its partners' sites and apps, as well as on privacy protection in Google services, can be found in the company's publicly available information materials (e.g., in its privacy policy).
Hotjar (Hotjar Ltd) - an analytical and feedback tool that helps us understand how users navigate our site. Hotjar can anonymously record mouse clicks, cursor movements, page scrolling, and interactions with selected interface elements. This helps identify usability problems with the service and optimize the content layout. Hotjar also collects information about the user's device (device type, browser, approximate geographical location at the country level). Hotjar does not save any content typed into forms and does not record the screen in a way that would allow your personal data to be known. There is a mechanism for automatically skipping text fields (entered characters are masked). Data from Hotjar is stored on servers in the European Union (AWS region eu-west-1, Ireland). You can also object to tracking by Hotjar in a simple way—this tool honors the "Do Not Track" signal in your browser. You can also opt out of being tracked by Hotjar on all sites that use it by visiting the Hotjar opt-out page: https://www.hotjar.com/policies/do-not-track/ . For more information on how Hotjar processes data, please visit their privacy page: https://www.hotjar.com/legal/policies/privacy/

Advertising/marketing cookies We set these cookies or our advertising partners (third parties) to track user activity and display personalized ads for our products on other websites (so-called behavioral advertising, retargeting). In other words, if you have visited our site and shown interest in specific content or a product, thanks to these cookies, you may later see our advertisement—e.g., on Facebook, Instagram, in Google search results, or on Google Display Network partner sites—tailored to your interests. We use, among others:

Meta (Facebook/Instagram) Pixel – a piece of code (tracking pixel) provided by Meta Platforms, Inc., embedded on our websites. The Pixel saves cookies on your device that identify you on Facebook/Instagram services (if you have an account there). It informs us whether you have visited our site and what actions you have taken on it (e.g., whether you filled out a contact form). We may also transfer encrypted (hashed) lists of email addresses or other identifiers of our customers or subscribers (if they have given appropriate consent) to Meta to create custom audiences. This allows Meta to find these people on its platforms and target ads to them or create lookalike audiences.

Based on data from the Pixel, we can target our ads to you on Facebook/Instagram (so-called retargeting) and create anonymous statistics on the effectiveness of these ads (e.g., we learn how many people, after clicking on an ad, came to our site and performed a specific action). We do not receive any of your personal data from your profile from Meta—we only receive aggregated reports. However, the Pixel itself transmits certain information about your device and behavior (the address of the visited page, cookie ID, IP address, browser information, etc.) to Meta, which Meta can link to data from your Facebook/Instagram account and also use for its purposes. As a result, Meta also acts here to a certain extent as a separate data controller that uses the data for its purposes. More information can be found in Facebook's privacy policy. In EU countries, we use the Pixel only with your express consent (consent for marketing cookies). This consent is voluntary—you can withdraw it at any time. After withdrawing consent, the Pixel will be deactivated in your browser, and we will no longer track your activities or target personalized ads to you. More information on data processing by Meta can be found in the Meta Privacy Policy and the Meta Cookie Policy.

Google Ads – our sites may use Google Ads remarketing code, which saves cookies that allow us to display our ads to you on the Google Display Network (e.g., on YouTube, in the Google search engine, or on Google AdSense partner sites) based on your activity on our sites. For example, if you visited a specific product page on our site, the remarketing cookie may cause you to see an ad for that product while browsing another website. This mechanism, like the Pixel, is activated in the EU only with your consent for marketing cookies.
LinkedIn Insight Tag – on our websites, we may use the LinkedIn Insight Tag—a piece of JavaScript code provided by LinkedIn that enables conversion tracking, audience creation, and analysis of the effectiveness of advertising campaigns conducted on the LinkedIn platform. The Insight Tag saves cookies in the user's browser that allow us to identify visitors to our site as LinkedIn users (if they have an account there) and monitor their interactions with our site. The data collected includes, among other things: pages visited, URL, browser type, IP address, device information, and a timestamp. This data is then sent to LinkedIn and can be used to create personalized advertising campaigns and analyze the effectiveness of our marketing activities. The Insight Tag is activated only after obtaining your express consent for marketing cookies. You can withdraw this consent at any time through our cookie consent management mechanism. For more information on cookies related to LinkedIn, please see their Policy: https://www.linkedin.com/legal/cookie-policy .
Mailchimp – on our websites, we may use tracking features offered by the Mailchimp platform, used for managing newsletters, analyzing the effectiveness of email dispatches, and monitoring further user interactions with our site after clicking on a link from a message. Mailchimp may save cookies in the user's browser and use so-called "web beacons" (tracking pixels) embedded in the content of emails. Thanks to these technologies, it is possible to track information such as: the fact that a message was opened, a link was clicked, the date and time of the interaction, IP address, browser type, device data, and the path of movement on the site after coming from the newsletter. The collected data is sent to Mailchimp and used for analytical purposes—e.g., to report on campaign effectiveness, create recipient segments, and automate marketing. We do not receive any data from Mailchimp that would allow user identification if they have not previously consented to subscribe to the newsletter. Mailchimp may process user data on servers located in the United States—the data transfer is based on standard contractual clauses and certification under the EU–U.S. Data Privacy Framework. Mailchimp technologies are activated only after obtaining your express consent for marketing cookies. You can withdraw this consent at any time through our cookie consent management mechanism. Additionally, you can unsubscribe from the newsletter by clicking the "Unsubscribe" link available in every message. More information on data and cookie processing by Mailchimp can be found in their privacy policy: Global Privacy Statement | Intuit
Other advertising tools – depending on our marketing campaigns, we may periodically use other advertising platforms (such as LinkedIn Ads, Twitter Ads, etc.) that operate on a similar principle—by placing a relevant advertising script/pixel and associated cookies on our site. If new external advertising tools are implemented, we will update our privacy/cookie policy and inform users about the appearance of new cookies.

First-party cookies These are cookies set directly by our websites. They are primarily used for the proper functioning of the site and for collecting basic information about how users use the site. Thanks to these cookies, it is possible, for example, to remember preferences, maintain a logged-in user's session, and analyze basic statistics about visits and traffic on the site. Unlike third-party cookies, first-party cookies are not used to track the user outside our site.

Other tracking technologies In addition to traditional cookies, our websites may also use other tracking technologies that allow for the analysis of how the site is used, the optimization of its operation, and the conduct of marketing activities. These technologies do not always rely on saving information in the browser in the form of cookies—they may operate based on mechanisms such as localStorage, pixel tags (tracking pixels), browser fingerprinting, or the analysis of IP addresses for approximate user geolocation. Some of these solutions allow for the identification of visitors even when they do not provide their contact details or express clear preferences for browsing the site. In this regard, we use, among others:

RB2B - Identification of visiting companies (for users from the USA) - to better understand which companies may be interested in our services, and to support our marketing and sales activities aimed at markets outside the European Economic Area (EEA), we may use RB2B, which allows for the identification of companies visiting our websites. RB2B is not based solely on classic cookies. Still, it uses extended tracking technologies, such as: browser fingerprinting (analysis of unique features of device and software configuration), local identifiers (localStorage), reading of IP address (with approximate geographical location, e.g., at the country or city level), data about browser type, operating system, screen resolution, time zone, interface language, etc., behavioral and probabilistic matching techniques. This data may be used to: create so-called marketing leads (identification of companies that have visited our site), send leads to our CRM system to initiate marketing activities (e.g., email campaigns), personalize content and offers targeted to companies recognized based on user behavior. RB2B may also use identification data from other sources, e.g., from the Retention.com partner network or external campaigns. The company declares compliance of its activities with the GDPR, and the processing is based on your express consent for marketing cookies, given via our cookie banner. If you do not provide your consent, the RB2B technology will not be activated in your browser, and the data will not be collected or analyzed. More information on how RB2B works, the scope of data collected, and the processing principles can be found in the service provider's privacy policy: https://www.rb2b.com/privacy-policy

#7 Cookie storage period

Cookies can be session-based (deleted automatically when you close your browser) or persistent (they remain on your device for a specified period or until you manually delete them). On our site, we use both session and persistent cookies. Essential and preference cookies are usually session or short-term, while analytical and marketing cookies may remain active for longer. For example, standard Google Analytics cookies (_ga) can stay on your device for up to 2 years, and user data in statistics can be stored for up to 14 months (according to the default data retention settings in GA). In turn, some Google advertising cookies (e.g., Google Ads remarketing cookies) can remain valid for up to 540 days if not deleted by the user earlier. Detailed information about the lifespan of individual cookies can be checked in the settings of the cookie management banner available on our sites or in your browser settings.

#8 Managing cookies

You have control over the cookies used by our websites. Below are ways to manage cookies and tracking preferences:

Cookie banner / Preference center: On your first visit to our site, we display a cookie banner where you can accept or reject individual categories of cookies (except for essential ones, which are always active). You can change your choices at any time—click on the link to the cookie settings (e.g., "Privacy Preferences" or a shield icon) available on our site and adjust your consents there.
Browser settings: You can also manage cookies at the level of your web browser. Most browsers allow you to delete already saved cookies, block the saving of new cookies, and set preferences for selected websites. However, please remember that by blocking all cookies (including essential ones), you may lose access to some features of our site or cause it to function incorrectly. You can find instructions for managing cookies in the documentation or help section of the browser you use. For convenience, here are a few examples:

in Google Chrome: menu ⟶ Settings ⟶ Privacy and security ⟶ Cookies and other site data (where you can clear browsing data and set blocking rules).
in Safari (macOS): Safari menu ⟶ Preferences ⟶ Privacy (options for cookies).
in Mozilla Firefox: menu ☰ ⟶ Settings ⟶ Privacy & Security ⟶ "Cookies and Site Data" section (where you can clear and manage cookies).

"Do Not Track" mechanism: Our site honors "Do Not Track" signals sent by the browser. If you have enabled this option in your browser, our service will recognize this signal and will not track you for analytical or marketing purposes. The "Do Not Track" setting works globally, meaning external analytical/advertising tools (such as the Hotjar above) should also stop tracking your activity. You can check or enable this setting in your browser's options (usually in the Privacy section).
Opt-out from third-party providers: Regardless of the above methods, you can also use the opt-out options offered directly by some of our external partners. For example: To turn off personalized Google ads (remarketing), visit the Google Ads Settings page: https://adssettings.google.com/ and change the ad personalization settings for your Google account.

To opt out of behavioral advertising on Facebook/Instagram – go to the ad settings on your Facebook account (Settings & Privacy ⟶ Settings ⟶ Ads) and change the settings for ads or use the YourAdChoices option available at aboutads.info/choices.
For Hotjar – as mentioned above, a global opt-out option is available. You can visit the official Hotjar page dedicated to opting out of tracking (Hotjar Do Not Track / Opt-out) and, with one click, turn off the collection of data about your visits by Hotjar on all sites that use this tool.

Please remember that changing cookie settings or withdrawing consents does not automatically delete existing cookies from your device. You can always delete cookies yourself through your browser's options. If you have any questions or problems related to cookies on our site, please contact us—we will be happy to help.

#9 Do we transfer your data to third countries?

Printbox operates internationally, so your personal data may be transferred to countries outside the European Economic Area (EEA). This applies in particular to:

Transferring data within our group – e.g., to Printbox LLC in the USA (serving customers from the USA, technical support);
Using services from providers outside the EEA – many of our IT tools are provided by companies based in the USA or with servers there (e.g., Google, Meta/Facebook, Microsoft, etc.);
Situations where you are outside the EEA and use our services (e.g., you are in the USA and send us data – then the data naturally comes to us from a third country).
EU law requires that such a data transfer ensures a level of data protection adequate to that in Europe. Therefore:

If the European Commission has recognized a given country as providing an adequate level of data protection (has an adequacy decision), then we base the transfer on this decision. For example, Israel or Japan has such a decision.
In the case of the USA: As of July 2023, there is an adequacy decision for the EU-US Data Privacy Framework (a framework for data transfer to the USA). Some of our providers may be certified under this program, which means that a transfer to them is permissible as if it were within the EEA. We check the status of our providers on an ongoing basis.
If a country does not have an adequacy decision (which applies, among others, to the USA for non-certified entities, as well as other countries like India, Brazil, etc.), we use appropriate contractual safeguards, primarily the Standard Contractual Clauses (SCCs) approved by the European Commission (by Article 46 of the GDPR). SCCs oblige the data recipient outside the EEA to protect data by EU standards. In addition, where necessary, we implement additional protective measures, e.g., data encryption, limiting the scope of data transferred, and strict access policies.
In the case of transfers within the Printbox group (Poland <-> USA), we also use appropriate mechanisms (e.g., we have signed a data processing agreement with Standard Contractual Clauses between Printbox Sp. z o.o. and Printbox LLC). Thanks to this, even data transferred to the USA remains protected by this agreement.
In special situations, we may base the transfer on an exception provided for in Article 49 of the GDPR (e.g., when the transfer is necessary for the performance of a contract with you or for the establishment or defense of legal claims) – however, we primarily try to rely on the safeguards mentioned above.

#10 Profiling, behavioral advertising, and automated decision-making

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict that person's preferences, interests, behavior, location, etc. At Printbox, certain activities may be considered profiling. Still, we do not make decisions about you that produce legal effects or similarly significantly affect you based solely on automated processing (by Article 22 of the GDPR). This means that we do not entrust algorithms with decisions that would affect your rights or opportunities (e.g., we do not use automatic refusal to conclude a contract without human intervention).

To what extent do we use profiling: Mainly for marketing and analytical purposes, as described in the previous sections. Examples:

We analyze your behavior on the website (e.g., which subpages you visit, which materials you download) to infer which products or topics may be of interest to you. Based on this, we can customize the content of the newsletter or offer sent to you (e.g., if you frequently read about photobooks, we may provide you with a case study of a client from the photobook industry).
If you have consented to advertising cookies, tools such as the Facebook Pixel or Google Ads will profile you within their platforms – e.g., they will assign you to a group of people interested in e-commerce software – which will result in you being shown relevant ads.
We use customer segmentation in our CRM – e.g., we distinguish between active and inactive customers, potential (leads), and contracted ones – to tailor our commercial communication to them accordingly.

Your rights about profiling: You have the right to object at any time to the processing of your data for direct marketing purposes, including profiling to the extent that it is related to such marketing (Article 21(2) of the GDPR). If you object, we will stop such profiling and/or sending you marketing. Furthermore, suppose you believe that profiling based on our legitimate interest violates your legitimate rights or interests. In that case, you can also object for these reasons (Article 21(1) of the GDPR) – we will consider your objection unless we can demonstrate compelling legitimate grounds that override your interests.

Behavioral (targeted) advertising: As mentioned, as part of our marketing activities, we use ads targeted to users' interests. This is done through partners such as Google or Meta, who use cookies and online identifiers to match advertising content to your internet user profile. We ensure that these ads relate exclusively to our services and products (we do not share your data with other companies to advertise unrelated products to you). You can opt out of behavioral advertising from us at any time – instructions can be found in Section 8.

#11 How do we protect your personal data?

We make every effort to ensure the security of your personal data and protect it from accidental or unlawful destruction, loss, modification, unauthorized disclosure, or access. Printbox has implemented appropriate technical, physical, and organizational measures by applicable laws and industry standards to protect the data we process. We use, among other things, modern IT infrastructure security solutions (firewalls, intrusion detection systems), encryption of data transmission (HTTPS/SSL protocol for connections to our website), regular software updates, and system monitoring for vulnerabilities. We store personal data on secure servers, in professional data centers that meet high protection standards.

Access to your personal data is granted only to authorized persons for whom it is necessary to perform their duties – our employees or trusted subcontractors. All of them are obliged to maintain confidentiality and comply with Printbox's internal security policies. We regularly train our staff on data protection and apply the principle of access minimization (each person sees only the data needed for their role). Furthermore, we have procedures in place for security incidents (including potential data breaches) – in the event of such an incident, we will take immediate steps to resolve it and minimize its effects, and if required, we will notify the relevant authorities and data subjects (by Articles 33–34 of the GDPR). Despite the measures taken, please remember that no system guarantees 100% security. The Internet as a communication environment carries some risk – e.g., when sending information via email or online forms, you should be cautious (especially when using a public Wi-Fi network). Printbox continuously improves its security measures to meet emerging threats, but cannot entirely rule out, for example, the effects of highly sophisticated attacks. However, we assure you that within our capabilities, we apply industry best practices to keep your data safe with us. If you have additional questions about the security of your data, we encourage you to contact us: gdpr@getprintbox.com .

#12 System logs

System logs are automatically created records of events on our servers that note basic information about how users use our websites. When you visit any Printbox website, our IT system may automatically save data in the logs such as: the IP address of your device, the date and time of the visit, the URL of the requested page (the specific HTTP request), information about your browser and operating system (the so-called User-Agent header sent by your browser), and possibly other technical data, e.g., the referring page address (referrer), application errors, etc. This information is collected automatically by the server in the background – this happens for all users visiting the site, regardless of whether they are logged in or not.

System logs are used mainly for administrative and security purposes. Thanks to them, we can, for example, monitor the correct operation of the site, diagnose technical problems (by analyzing error entries), and also protect our IT systems – logs allow us to detect abuse (e.g., hacking attempts, DDoS attacks) and analyze any incidents. The legal basis for processing data in the logs is our legitimate interest (Article 6(1)(f) of the GDPR) in ensuring the security and proper functioning of the service. We do not use data from server logs to identify specific individuals or for marketing purposes. These records are primarily for IT administrators, and access to them is strictly limited.

How long do we store logs? We store the data contained in server logs for a limited time, by the principle of minimization. We usually delete or anonymize logs after a maximum of 36 months from their registration. More extended storage of logs may occur exceptionally – e.g., if log entries are needed for evidentiary purposes in connection with an ongoing investigation or defense against claims (in such a case, we may retain selected logs until the matter is clarified or the proceedings are legally concluded). After the storage period expires, the logs are securely deleted or anonymized. Information from the logs, as technical data, is not disclosed to unauthorized entities. It may only be transferred to authorized bodies (e.g., police, prosecutor's office) based on legal provisions or used by us to protect our rights (by applicable law) legally.

#13 Can the Privacy Policy change?

The law and the scope of our business may change, so from time to time we update this Privacy Policy to keep it up to date with current regulations and our practices. At the top of the document, you will find the publication/last update date.

In the event of significant changes (e.g., changes in processing purposes, introduction of new services that significantly affect how data is processed, or changes regarding your rights), we will take additional steps to notify you. This may include sending an email notification (if we have your email address in our database) or displaying a clear notice on our website during your next visit.

We encourage you to periodically review the Privacy Policy to be aware of how we protect your data. Your continued use of our sites and services after the updates are implemented will mean acceptance of the new content of the Policy (unless the law requires separate consent in a specific case). To ensure complete transparency, all archived versions of the privacy policy are available below.