Privacy Policy – E-Trout

1. Data controller and contact

The controller of your personal data is [CONTROLLER NAME], operating under the business name E-Trout (hereinafter the “Controller”), with its registered office at: [REGISTERED ADDRESS], VAT No.: [NIP], REGON: [REGON].

Data protection contact: [DPO_EMAIL], phone [PHONE]. If a Data Protection Officer (DPO) has been appointed, DPO contact details: [DPO_EMAIL].

This policy applies to the website e-trout.com and its subpages.

2. Scope and categories of data

Identification and contact data (e.g., name, surname, e-mail, phone) – if you provide it yourself, e.g., via a form.
Usage data (events, clicks, session duration, IP address, browser headers, device identifiers) – collected automatically in logs or via cookies/pixels, if you consent.
Transactional/billing data – only if you use paid services (where applicable).
Correspondence and operational notes – when you contact us (e-mail, phone, contact form).

3. Purposes of processing, legal bases and retention periods

Purpose	Legal basis (GDPR)	Retention
Handling enquiries via form and e-mail	Art. 6(1)(b) (steps at your request prior to a contract) or Art. 6(1)(f) (legitimate interest in communication)	Up to 12 months from case closure; if cooperation follows – until limitation periods expire
Contract performance / service delivery	Art. 6(1)(b) (contract) and Art. 6(1)(c) (legal obligations, e.g., accounting)	For the duration of the contract, and thereafter until tax/accounting periods expire (typically 5–6 years)
Establishment, exercise or defence of claims	Art. 6(1)(f) (Controller’s legitimate interest)	Until the expiry of limitation periods for claims
Direct marketing of own services (e.g., newsletter)	Art. 6(1)(a) (consent) or Art. 6(1)(f) (legitimate interest – if B2B and permitted by law)	Until consent is withdrawn / objection is raised or until the campaign ends
Traffic analysis and statistics (cookies/analytics)	Art. 6(1)(a) (consent to cookies/analytics)	Up to 26 months or shorter – per tool/analytics settings
Security and abuse prevention (logs, site protection)	Art. 6(1)(f) (legitimate interest – ensuring security)	Up to 12 months (logs), unless laws or evidentiary needs require longer

Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

4. Data recipients and processors

Your data may be shared with entities processing it on our behalf, including:

Hosting/server: [HOSTING PROVIDER, e.g., OVHcloud] – website and e-mail hosting.
Analytics/marketing tools: [e.g., Google Analytics / others, if used] – only with your cookie consent.
Communication and support: [e.g., e-mail system, CRM, form platforms], if used.
Accounting/legal/IT: advisors and service providers – where necessary.

All processors engaged by us enter into data processing agreements (Art. 28 GDPR) and process data solely on our instructions.

5. Transfers of data outside the EEA

If we use tools provided by vendors located outside the European Economic Area (e.g., cloud services), data may be transferred outside the EEA. In such cases, we ensure appropriate safeguards, in particular the Standard Contractual Clauses (SCCs) adopted by the European Commission, or other mechanisms provided for under the GDPR. For details, please contact us.

6. Your rights

Right of access (Art. 15 GDPR),
Right to rectification (Art. 16 GDPR),
Right to erasure – “right to be forgotten” (Art. 17 GDPR),
Right to restriction of processing (Art. 18 GDPR),
Right to data portability (Art. 20 GDPR),
Right to object (Art. 21 GDPR), including to direct marketing,
Right to withdraw consent at any time (where processing is based on consent),
Right to lodge a complaint with a supervisory authority – President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl.

7. Cookies and similar technologies

7.1. What are cookies?

Cookies are small files stored on your device that can be read by our server or third-party servers (e.g., analytics tools). We also use similar technologies (local storage, pixels).

7.2. Which cookies do we use?

Category	Description	Example lifetime
Essential	Required for the website to function (e.g., remembering cookie consent, load balancing).	up to 12 months
Analytics	Help us understand how you use the site (anonymous statistics). Enabled only with your consent.	up to 26 months
Functional/Preferences	Remember your settings (e.g., language, resolution).	up to 12 months
Marketing	Enable tailored content/remarketing (if used) – only with consent.	per provider settings

7.3. Consent management

On your first visit we display a cookie banner where you can accept all categories, reject them, or customise your choices. You can change your preferences at any time via the “Cookie settings” link in the site footer.

If you haven’t implemented a banner yet, add the link/reference here or update this section once the panel is available.

7.4. Google Fonts

The site may use external fonts from Google Fonts. Downloading fonts from Google’s servers may involve processing your IP address and technical browser data by Google (usually without cookies). If you prefer not to use external hosting, you can install the fonts locally.

7.5. How to disable cookies in your browser?

You can change your browser settings to delete/block cookies. Note that disabling essential cookies may impair your ability to use the site.

8. Server logs & security

Using the site entails sending requests to the server, which records technical data in logs (including IP address, timestamps, browser/OS information). Logs are used for administration and security purposes and are kept for no longer than 12 months, unless laws require otherwise.

We implement technical and organisational measures appropriate to the risks, including TLS encryption (HTTPS), firewalls, backups and access control.

9. Marketing, profiling and social media

As a rule, we do not conduct automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you. If we deploy marketing tools (e.g., an advertising pixel), we will do so only on the basis of your consent and in compliance with applicable laws, and this policy will be updated accordingly.

10. Changes to this policy

This privacy policy may be updated, e.g., in case of changes in laws, technologies, or services used on the site. The new version will be published here and marked with the current date.

11. Contact

For data protection matters, please contact us:

E-mail: [DATA_EMAIL]
Postal address: [REGISTERED ADDRESS]
Phone: [PHONE]