Skip to main content
Explore-IT

Privacy Policy

Last updated: 2026-05-15

This document describes how personal data is processed when you use the Explore-IT website (the “Service”), in particular:

  • storing and analysing server logs (without analytics cookies),
  • compiling aggregated traffic statistics (without analytics cookies),
  • booking meetings via a meeting booking system maintained by the Controller,
  • handling technical requests sent by e-mail,
  • remembering your language preference after you manually change the language.

1. Data Controller

The controller of your personal data is Explore-IT Adrian Zdankiewicz (sole proprietorship) (the “Controller”). Short name used in the Service: Explore-IT.

Privacy contact: kontakt@explore-it.pl
Postal address for correspondence: M. Konopnickiej 39/8, 84-240 Reda, Poland

The Controller has not appointed a Data Protection Officer (DPO).

2. What data we process and where it comes from

2A. Technical data (server logs)

When you use the Service, the server automatically records technical data in server logs, in particular:

  • IP address,
  • date and time of the request,
  • requested resource (URL) and method,
  • response status code,
  • client identifier (e.g. user-agent),
  • referrer address – if your browser sends it.

This data comes from your device and is generated automatically by the web server.

2B. Data related to meeting booking / conversation (a booking and conversation system maintained by the Controller)

If you use a link to book a meeting or to join a conversation as a guest, we may process:

  • name/organisation provided in the booking (optional),
  • e-mail address (required to handle the booking),
  • content of the additional information field for the meeting (in the form labelled “Share something that will help prepare for the meeting”, and in the saved calendar event it may appear as “Notes”) (optional),
  • technical metadata of the connection (e.g. room creation/activity time).

Important: please do not enter special categories of data (e.g. health data) or other information you do not want to share.

2C. Data related to a technical request / e-mail correspondence

If you use the technical request form or send us an e-mail about a technical issue, we may process:

  • your name,
  • your company name,
  • your e-mail address,
  • your phone number,
  • the description of the technical issue,
  • a link to the website or system,
  • information about urgency, budget, and interest in ongoing care - if you provide it,
  • the content of any follow-up correspondence related to the request.

To prevent data loss on accidental navigation away from the page, the form temporarily stores your typed input in the browser's sessionStorage — a local storage mechanism that operates only within the open browser tab. This data is never sent to any external service and is automatically cleared upon successful submission or when you close the tab.

The form sends data directly to the Controller's server at the moment you click the send button. An automatic confirmation is sent to the email address you provide.

2D. Spam protection (Cloudflare Turnstile)

The technical request form uses Cloudflare Turnstile to protect against automated submissions (bots). Turnstile verifies that the interaction is human without displaying a visible challenge in most cases.

As part of this service, Cloudflare may process technical data such as IP address, browser and device information, and behavioural signals. This data may be transferred to Cloudflare, Inc. (USA) under the terms set out in Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/.

Unlike traditional CAPTCHAs, Cloudflare Turnstile does not set analytics cookies or create advertising profiles.

Legal basis: Art. 6(1)(f) GDPR (the Controller's legitimate interest in protecting the form against automated spam and abuse).

2E. Traffic statistics (without analytics cookies)

We compile traffic statistics in a way that is as privacy-friendly as possible and that allows us to understand overall usage, the popularity of pages and the stability of the Service.

Within these statistics:

  • we do not use analytics cookies,
  • we do not create marketing profiles,
  • we do not collect data for cross-site tracking.

We also record anonymous interaction events (e.g. button clicks, calculator use) to understand how the Service is used — without any link to your identity.

Additionally, the statistics script configuration:

  • respects the “Do Not Track (DNT)” browser setting,
  • processes URL parameters (e.g. UTM tags) to analyze traffic sources, but produces only aggregated statistics without personal identification,
  • does not store URL fragments (the part after “#”).

3. Purposes and legal bases

3A. Security and administration of the Service (logs)

Purpose: ensuring the security of the Service, detecting abuse, troubleshooting, incident analysis and continuity of operation.
Legal basis: Article 6(1)(f) GDPR (the Controller’s legitimate interests).

3B. Traffic statistics (without analytics cookies)

Purpose: compiling aggregated visit statistics and assessing how the Service performs.
Legal basis: Article 6(1)(f) GDPR (the Controller’s legitimate interests in analysing and developing the Service).

3C. Meeting bookings / communication within a meeting

Purpose: enabling meeting booking and communication during a conversation.
Legal basis: Article 6(1)(b) GDPR (steps taken at your request prior to entering into a contract) and, for optional notes, Article 6(1)(f) GDPR (improving preparation for and the course of the meeting).

3D. Handling technical requests and related correspondence

Purpose: handling a technical request, replying to your message, assessing the scope of work, and preparing the next proposed step (for example a call, diagnosis, sprint, or implementation estimate).
Legal basis: Article 6(1)(b) GDPR (steps taken at your request prior to entering into a contract or performing a requested service) and Article 6(1)(f) GDPR (improving communication and keeping a record of arrangements).

3E. Remembering language preference (functional cookie)

Purpose: remembering the chosen interface language after you manually change it.
Legal basis: Article 6(1)(f) GDPR (the Controller’s legitimate interests in improving user convenience).

The cookie is set only after you take the action of changing the language.

4. Recipients of data

We may share data with:

  • providers of hosting and infrastructure services used to run the Service,
  • providers of the Controller’s domain e-mail service (to handle meeting-related and technical-request correspondence),
  • IT and security support providers (only to the extent necessary),
  • public authorities – where required by law.

We do not disclose data to third parties for their marketing purposes.

5. Transfers outside the EEA

As a rule, data is processed within the European Economic Area (EEA). We do not intend to transfer your data outside the EEA.
If, in the future, a transfer outside the EEA becomes necessary, we will ensure appropriate safeguards required by the GDPR (e.g. Standard Contractual Clauses).

6. Data retention periods

  • Server logs: we typically keep them for 60 days (log rotation). In the event of a security incident or the need to assert/defend claims, selected log fragments may be kept longer – until the matter is clarified or limitation periods expire.
  • Meeting booking data (name, e-mail, additional information/notes): we generally keep it for up to 3 months after the meeting date, unless you request deletion earlier or longer retention is necessary to establish/defend claims.
  • Technical request and e-mail correspondence data: we generally keep it for up to 12 months after conversations on that topic end, unless you request deletion earlier or longer retention is necessary to establish, pursue, or defend claims.
  • Guest conversations/rooms (conversation system): may be automatically deleted after a period of inactivity (depending on configuration; by default 28 days if settings have not been changed).

7. Your rights

You have the right to:

  • access your data,
  • rectify your data,
  • erase your data,
  • restrict processing,
  • data portability (where the legal basis is Article 6(1)(b) or 6(1)(a)),
  • object to processing (where the legal basis is Article 6(1)(f)).

You can send requests to the e-mail address indicated in section 1.

8. Right to object

If we process data based on Article 6(1)(f) GDPR, you may object on grounds relating to your particular situation.

9. Supervisory authority

You have the right to lodge a complaint with the supervisory authority: President of the Personal Data Protection Office (PUODO), Poland.

10. Is providing data mandatory?

  • Using the Service does not require you to provide data, except for technical data transmitted automatically (logs).
  • Providing an e-mail address is required to handle a meeting booking (if you use it).
  • Providing an e-mail address is also practically necessary if you want to send a technical request by e-mail and receive a reply.
  • The additional information field for the meeting (labelled “Share something that will help prepare for the meeting”, and in the event as “Notes”) is optional.

11. Automated decision-making and profiling

The Controller does not use automated decision-making, including profiling, that would produce legal effects concerning you or similarly significantly affect you.

12. Cookies and similar technologies

12.1. Cookies we use

We use only a functional cookie to remember language preference after you manually change the language:

  • Name: lang
  • Purpose: remembering the selected interface language
  • When it is set: only after you change the language
  • Retention: 12 months

We do not use analytics or marketing cookies.

12.2. How to manage cookies

You can delete cookies at any time or change how they are used in your browser settings.

13. Policy changes

We may update this policy (e.g. after changes to Service functionality or legal requirements). The current version is always published in the Service.