Back to homepage § Doc 02 · Privacy Policy

Privacy Policy

Issued by
HANZA Agnieszka Rostocka
Version
v. 1.0
Last updated
27.04.2026
Status
Draft — pending legal review

We treat your personal data as our own. We collect the minimum, store it securely, and never sell it. This document explains the details in line with the GDPR.

Machine translation. Documents in languages other than Polish are AI-translated drafts. The Polish version is authoritative until reviewed by a regional legal professional. In case of discrepancy, the Polish version prevails.

§ 1 Data controller

The controller of your personal data is HANZA Agnieszka Rostocka, a sole proprietorship registered in the Polish Central Register and Information on Economic Activity (CEIDG), with its registered office at ul. Monte Cassino 34/2, 70-465 Szczecin, Poland, tax ID (NIP): 852-254-27-38, business registration number (REGON): 52284649000000 (hereinafter: the “Controller” or “we”).

Hanse Studio is a brand operated by HANZA Agnieszka Rostocka. All legal obligations, including the protection of personal data, are fulfilled by the Controller.

§ 2 Contacting the Controller

For matters related to personal data processing, you can contact us using one of the addresses below:

  • E-mail: [email protected]
  • Postal address: HANZA Agnieszka Rostocka, ul. Monte Cassino 34/2, 70-465 Szczecin, Poland

§ 3 Purposes and legal bases of processing

We process your personal data for the following purposes and on the following legal bases:

Purpose of processingLegal basis (GDPR)
Responding to enquiries sent via the contact form or e-mailArt. 6(1)(f) — legitimate interest of the Controller (correspondence handling)
Conclusion and performance of a web development services contractArt. 6(1)(b) — necessity for performance of a contract
Issuing invoices and bookkeepingArt. 6(1)(c) — legal obligation (Polish Accounting Act, VAT Act)
Marketing of our own services (e.g. case studies after client consent)Art. 6(1)(a) — consent of the data subject
Pursuing claims or defending against claimsArt. 6(1)(f) — legitimate interest of the Controller

§ 4 Categories of data collected

Depending on the purpose of processing, we collect:

  • Identification data: first name, surname, company name
  • Contact data: e-mail address, phone number (optional), company address
  • Invoicing data: tax ID, registered address
  • Correspondence content: messages sent via the contact form or e-mail
  • Technical data: IP address, session ID, browser information (collected automatically by the server and Cloudflare)

§ 5 Recipients of data

Your data may be entrusted to the following categories of recipients on the basis of data processing agreements (Art. 28 GDPR):

  • Hetzner Online GmbH (Germany) — provider of server infrastructure (website and database hosting)
  • Cloudflare, Inc. (USA) — provider of CDN and DDoS protection services; data transfer to the USA takes place on the basis of standard contractual clauses approved by the European Commission (SCCs) and within the Data Privacy Framework
  • The accounting office serving HANZA Agnieszka Rostocka — for invoicing purposes
  • A law firm — in the event of the need to defend or pursue claims
  • Payment service providers (e.g. Przelewy24, Stripe) — when payments are involved

§ 6 Transfer of data to third countries

Some of the services we use (e.g. Cloudflare) involve the transfer of data to the USA. The transfer takes place on the basis of:

  • standard contractual clauses adopted by the European Commission (SCCs),
  • certification of the recipient under the EU-U.S. Data Privacy Framework.

You may request a copy of the safeguards we apply in connection with transfers to third countries by contacting us at [email protected].

§ 7 Data retention period

We store your data for the period necessary to fulfil the purpose of processing:

  • Pre-contract correspondence (enquiries): up to 12 months from the last contact
  • Client data (contracts, projects): for the duration of the cooperation + 5 years after its end (statute of limitations for claims)
  • Invoices and accounting documents: 5 years from the end of the financial year (VAT Act, Accounting Act)
  • Data processed on the basis of consent: until consent is withdrawn

§ 8 Your rights

Under the GDPR you have the following rights:

  • Right of access to data — you may request information about what data concerning you we process
  • Right to rectification — you may request correction of inaccurate data
  • Right to erasure (“right to be forgotten”) — in specified cases
  • Right to restrict processing — in specified cases
  • Right to data portability — for data processed on the basis of a contract or consent
  • Right to object — to processing based on legitimate interest
  • Right to withdraw consent — where the basis for processing is consent; withdrawal does not affect the lawfulness of processing prior to withdrawal
  • Right to lodge a complaint with the President of the Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warsaw, Poland

To exercise your rights, write to [email protected]. We respond within 30 days of receiving the request.

§ 9 Cookies

The website uses cookies. Detailed information on the cookies used can be found in the Cookies Policy.

§ 10 Changes to the Privacy Policy

We reserve the right to amend this Privacy Policy. Significant changes are communicated by publishing a new version on the website and, where possible, by e-mail to the persons concerned.

The date of the last update is indicated at the beginning of the document.

§ 11 Final provisions

Matters not regulated by this Policy are governed by the GDPR and the Polish Act of 10 May 2018 on the protection of personal data (Journal of Laws 2018, item 1000 as amended).

Signed in the Hanseatic port,
HANSE STUDIO · HANZA AGNIESZKA ROSTOCKA

Scroll to Top