Explore-IT

Privacy Policy

Last updated: 2026-03-13

This document describes how personal data is processed when you use the Explore-IT website (the “Service”), in particular:

  • storing and analysing server logs (without analytics cookies),
  • compiling aggregated traffic statistics (without analytics cookies),
  • booking meetings via a meeting booking system maintained by the Controller,
  • remembering your language preference after you manually change the language.

1. Data Controller

The controller of your personal data is Explore-IT Adrian Zdankiewicz (sole proprietorship) (the “Controller”). Short name used in the Service: Explore-IT.

Privacy contact: kontakt@explore-it.pl
Postal address for correspondence: M. Konopnickiej 39/8, 84-240 Reda, Poland

The Controller has not appointed a Data Protection Officer (DPO).

2. What data we process and where it comes from

2A. Technical data (server logs)

When you use the Service, the server automatically records technical data in server logs, in particular:

  • IP address,
  • date and time of the request,
  • requested resource (URL) and method,
  • response status code,
  • client identifier (e.g. user-agent),
  • referrer address – if your browser sends it.

This data comes from your device and is generated automatically by the web server.

2B. Data related to meeting booking / conversation (a booking and conversation system maintained by the Controller)

If you use a link to book a meeting or to join a conversation as a guest, we may process:

  • name/organisation provided in the booking (optional),
  • e-mail address (required to handle the booking),
  • content of the additional information field for the meeting (in the form labelled “Share something that will help prepare for the meeting”, and in the saved calendar event it may appear as “Notes”) (optional),
  • technical metadata of the connection (e.g. room creation/activity time).

Important: please do not enter special categories of data (e.g. health data) or other information you do not want to share.

2C. Traffic statistics (without analytics cookies)

We compile traffic statistics in a way that is as privacy-friendly as possible and that allows us to understand overall usage, the popularity of pages and the stability of the Service.

Within these statistics:

  • we do not use analytics cookies,
  • we do not create marketing profiles,
  • we do not collect data for cross-site tracking.

Additionally, the statistics script configuration:

  • respects the “Do Not Track (DNT)” browser setting,
  • processes URL parameters (e.g. UTM tags) to analyze traffic sources, but produces only aggregated statistics without personal identification,
  • does not store URL fragments (the part after “#”).

3. Purposes and legal bases

3A. Security and administration of the Service (logs)

Purpose: ensuring the security of the Service, detecting abuse, troubleshooting, incident analysis and continuity of operation.
Legal basis: Article 6(1)(f) GDPR (the Controller’s legitimate interests).

3B. Traffic statistics (without analytics cookies)

Purpose: compiling aggregated visit statistics and assessing how the Service performs.
Legal basis: Article 6(1)(f) GDPR (the Controller’s legitimate interests in analysing and developing the Service).

3C. Meeting bookings / communication within a meeting

Purpose: enabling meeting booking and communication during a conversation.
Legal basis: Article 6(1)(b) GDPR (steps taken at your request prior to entering into a contract) and, for optional notes, Article 6(1)(f) GDPR (improving preparation for and the course of the meeting).

3D. Remembering language preference (functional cookie)

Purpose: remembering the chosen interface language after you manually change it.
Legal basis: Article 6(1)(f) GDPR (the Controller’s legitimate interests in improving user convenience).

The cookie is set only after you take the action of changing the language.

4. Recipients of data

We may share data with:

  • providers of hosting and infrastructure services used to run the Service,
  • providers of the Controller’s domain e-mail service (to handle meeting-related correspondence),
  • IT and security support providers (only to the extent necessary),
  • public authorities – where required by law.

We do not disclose data to third parties for their marketing purposes.

5. Transfers outside the EEA

As a rule, data is processed within the European Economic Area (EEA). We do not intend to transfer your data outside the EEA.
If, in the future, a transfer outside the EEA becomes necessary, we will ensure appropriate safeguards required by the GDPR (e.g. Standard Contractual Clauses).

6. Data retention periods

  • Server logs: we typically keep them for 60 days (log rotation). In the event of a security incident or the need to assert/defend claims, selected log fragments may be kept longer – until the matter is clarified or limitation periods expire.
  • Meeting booking data (name, e-mail, additional information/notes): we generally keep it for up to 3 months after the meeting date, unless you request deletion earlier or longer retention is necessary to establish/defend claims.
  • Guest conversations/rooms (conversation system): may be automatically deleted after a period of inactivity (depending on configuration; by default 28 days if settings have not been changed).

7. Your rights

You have the right to:

  • access your data,
  • rectify your data,
  • erase your data,
  • restrict processing,
  • data portability (where the legal basis is Article 6(1)(b) or 6(1)(a)),
  • object to processing (where the legal basis is Article 6(1)(f)).

You can send requests to the e-mail address indicated in section 1.

8. Right to object

If we process data based on Article 6(1)(f) GDPR, you may object on grounds relating to your particular situation.

9. Supervisory authority

You have the right to lodge a complaint with the supervisory authority: President of the Personal Data Protection Office (PUODO), Poland.

10. Is providing data mandatory?

  • Using the Service does not require you to provide data, except for technical data transmitted automatically (logs).
  • Providing an e-mail address is required to handle a meeting booking (if you use it).
  • The additional information field for the meeting (labelled “Share something that will help prepare for the meeting”, and in the event as “Notes”) is optional.

11. Automated decision-making and profiling

The Controller does not use automated decision-making, including profiling, that would produce legal effects concerning you or similarly significantly affect you.

12. Cookies and similar technologies

12.1. Cookies we use

We use only a functional cookie to remember language preference after you manually change the language:

  • Name: lang
  • Purpose: remembering the selected interface language
  • When it is set: only after you change the language
  • Retention: 12 months

We do not use analytics or marketing cookies.

12.2. How to manage cookies

You can delete cookies at any time or change how they are used in your browser settings.

13. Policy changes

We may update this policy (e.g. after changes to Service functionality or legal requirements). The current version is always published in the Service.