1. Data Controller

The controller of your personal data is:

SentioLab sp. z o.o.
ul. Nowoursynowska 161 L
02-787 Warsaw, Poland
NIP (VAT): PL7010410720
KRS: 0000495860
REGON: 147082076
e-mail: kontakt@sentiolab.pl
phone: +48 509 400 567

In all matters regarding the protection of personal data, you can contact us at the above e-mail address or by phone.

2. Scope of collected data

2.1 Contact form

Through the contact form available on the sentiolab.pl website, we collect the following personal data:

• first and last name,
• phone number,
• e-mail address,
• message content (voluntary description of the case).

Providing data marked as required is necessary to establish contact and provide an answer. Providing other data is voluntary.

2.2 Data collected automatically

In connection with the use of the website, our servers may automatically record the following technical information:

• IP address of the device,
• browser type and version,
• operating system,
• date and time of the visit,
• referring website address (referer).

These data are recorded in server logs solely for technical and security purposes, are not assigned to specific users, and are not combined with data from the contact form.

3. Purposes and legal bases of processing

3.1 Handling contact inquiries

Purpose: responding to an inquiry sent via the contact form and possibly establishing and conducting commercial contact.
Legal basis: Art. 6(1)(a) GDPR (consent of the data subject, expressed by checking the box before sending the form) and Art. 6(1)(f) GDPR (legitimate interest of the controller consisting in the ability to respond to the sent inquiry).

3.2 Contact for commercial purposes

Purpose: telephone or e-mail contact to present an offer or discuss cooperation opportunities.
Legal basis: Art. 6(1)(a) GDPR (consent expressed by checking the appropriate box in the contact form).

3.3 Security and fraud prevention

Purpose: protecting the website and infrastructure against attacks, spam, and other abuses, including the use of rate limiting mechanisms and CSRF tokens.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest of the controller).

3.4 Fulfilling legal obligations

Purpose: archiving correspondence and documentation for the purposes of possible claims and obligations arising from legal provisions.
Legal basis: Art. 6(1)(c) GDPR (compliance with a legal obligation) and Art. 6(1)(f) GDPR (legitimate interest of the controller in terms of defense against claims).

4. Data retention period

We store personal data for the period necessary to achieve the purpose for which they were collected, and then for the time resulting from legal provisions or until the expiration of possible claims:

• Data from the contact form — until the end of communication and handling of the case, no longer than 3 years from the date of sending the inquiry, unless cooperation has been established and legal provisions require longer retention of documentation.
• Data processed on the basis of consent — until the consent is withdrawn by the data subject.
• Technical data (server logs) — for the time necessary to ensure system security, no longer than 12 months.

5. Data recipients

Your personal data may be transferred to the following categories of recipients:

• Hosting and IT infrastructure providers — entities providing website hosting and server support, acting as data processors on the basis of appropriate data processing agreements.
• E-mail service providers — data from the contact form are sent to the controller's mailboxes to provide an answer.
• Google LLC — the site uses the Google Fonts service, under which the user's browser may connect to Google servers to download fonts. This involves transferring the user's IP address to Google servers, which may be located outside the European Economic Area. Google LLC is certified under mechanisms ensuring an adequate level of data protection. More information: policies.google.com/privacy.

We do not sell, share, or transfer personal data to third parties for marketing purposes without your explicit consent. Data may be disclosed to state authorities only to the extent required by applicable law.

6. Rights of the data subject

Under the GDPR, you have the following rights:

• Right of access (Art. 15 GDPR) — the right to obtain information about what data we process about you.
• Right to rectification (Art. 16 GDPR) — the right to request the correction of incorrect or completion of incomplete data.
• Right to erasure (Art. 17 GDPR) — the right to request the deletion of data (the "right to be forgotten") in cases specified in the GDPR.
• Right to restriction of processing (Art. 18 GDPR) — the right to request the restriction of data processing in specific situations.
• Right to data portability (Art. 20 GDPR) — the right to receive data in a structured, commonly used format if the processing is based on consent or a contract and is carried out by automated means.
• Right to object (Art. 21 GDPR) — the right to object to data processing based on the legitimate interest of the controller.
• Right to withdraw consent — if the processing is based on consent, you have the right to withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise the above rights, please contact us at: kontakt@sentiolab.pl. We will respond without undue delay, no later than within one month of receiving the request.

You also have the right to lodge a complaint with a supervisory authority — the President of the Personal Data Protection Office (UODO) in Poland (ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl) — if you believe that the processing of your data violates the provisions of the GDPR.

7. Cookies and tracking technologies

7.1 What are cookies

Cookies are small text files saved on the user's device by the web browser during visits to the website. They are used to remember preferences, ensure the operation of technical functions, and analyze website usage.

7.2 Types of cookies used on sentiolab.pl

• Strictly necessary cookies — required for the proper functioning of the website and its security features (e.g., CSRF token protecting the contact form). Without these files, the website may not function properly. They do not require user consent.
• Session cookies — temporary files deleted after closing the browser, used to maintain the session while browsing the site.

7.3 Managing cookies

You can manage cookies through your web browser settings — including blocking or deleting cookies. However, please note that disabling necessary cookies may prevent the proper use of some website features, including the contact form.

Information on managing cookies in popular browsers:

• Google Chrome
• Mozilla Firefox
• Microsoft Edge
• Safari

8. Data security

We apply appropriate technical and organizational measures to protect personal data against unauthorized access, loss, disclosure, or destruction. In particular:

• communication with the website takes place using an encrypted HTTPS connection,
• the contact form is secured with a CSRF token preventing cross-site request forgery attacks,
• we use rate limiting mechanisms to prevent abuse,
• access to personal data is restricted to authorized persons bound by confidentiality obligations.

9. Changes to the Privacy Policy

We reserve the right to change this Privacy Policy in connection with changes in legal provisions, development of the website, or changes in the way data is processed. The current version of the document is always available at sentiolab.pl/en/privacy-policy.

In the event of significant changes, we will notify users by posting a clear notice on the homepage or in another appropriate manner.

Date of last update: May 2026

10. Contact regarding personal data

Please direct any questions, requests, or demands regarding the processing of personal data to us:

SentioLab sp. z o.o.
ul. Nowoursynowska 161 L, 02-787 Warsaw, Poland
NIP (VAT): PL7010410720 | KRS: 0000495860 | REGON: 147082076
e-mail: kontakt@sentiolab.pl
phone: +48 509 400 567