Privacy policy

How do we process your personal data? –”RODO” information clause

The Controller of your personal data – is Cryptotech Prosta Spółka Akcyjna with its registered office in Kraków 30-644, at Puszkarska 7h, NIP [tax identification no.]: 6772182381, REGON [statistical no.]: 356357350, entered in the Register of Entrepreneurs of the National Court Register, maintained by the District Court for Kraków – Śródmieście in Kraków, 11th Division of the National Court Register, under the KRS no. 0001010424, hereinafter referred to as the Controller.

The Controller can be contacted in the following way:

          1. by phone: 012 2609292,
          2. by e-mail


The Controller uses personal data for the following purposes:

      1. to conclude and perform the contract – for the duration of the contract and for needs of settlements after it has been terminated (legal basis: Article 6(1)(b) RODO [GDPR], abbreviated as “performance of the contract”);
      2. to perform legal obligations the Controller is responsible for (legal basis Article 6(1)(c), e.g.:
        • issuing and storing invoices and accounting documents,
        • responding to letters and inquiries within the time and form prescribed by the binding law,
      3. achieving, by the Controller, its legitimate goals (monitoring of the facility for security purposes, marketing of the products or services we offer, asserting claims), in accordance with Article 6(1)(f) of the RODO,
      4. sending marketing messages, providing technical assistance, providing commercial information regarding the Controller, including staying in casual contact (i.e. Christmas cards, product offers, phone calls, cooperation offers, information about services provided, products, events, etc.) – the legal basis for the processing of the personal data in such a case is Article 6(1)(a) and (f) of the RODO, i.e. the consent of the data subject (provided that the data subject has given such a consent) or the legitimate interest of the Controller.

Filling in the form requires the user to provide certain personal data. The provision of personal data is optional, but failure to provide the data indicated as necessary will make it impossible, for example, to process a request sent via the contact form. If the data processing is necessary for the performance of a contract which the data subject is a party to or in order to take action at the request of the data subject prior to entering into a contract, the provision of the required data is necessary. Giving consent to commercial information by means of electronic communication is voluntary.


Duration of processing and storage of personal data:

      1. for the duration of the fulfillment of obligations, such as the issuing of an invoice (legal basis: Article 6(1)(c) RODO; abbreviated as “legal obligation”);
      2. for the period for which regulations impose the obligation to store the data, e.g. for tax purposes (legal basis: Article 6(1)(c) RODO) or
      3. for the period during which the Controller may suffer legal consequences for failing to comply with an obligation, such as the imposition of a fine by public authorities or the controller’s contractors (legal basis: Article 6(1)(f) of the RODO; abbreviated as “legitimate interest”);
      4. for the duration of the contract (legal basis: performance of the contract), and thereafter for the period after which claims under the contract become statute-barred, and in case the Controller pursues claims or notifies competent authorities – for the duration of such proceedings (legal basis: the Controller’s legitimate interest Article 6(1)(f) RODO);
      5. establishing, defending and pursuing claims, which includes, among other things, the sale of the Controller’s claims under a contract to another entity – for the period after which claims under the contract become time-barred (legal basis: the Controller’s legitimate interest Article 6(1)(f) RODO);
      6. direct marketing – for the duration of the contract (legal basis: the Controller’s legitimate interest Article 6(1)(f) RODO);
      7. preparation of compilations, analyses and statistics for the Controller’s internal needs; this includes, in particular, reporting, marketing research, service development planning – for the duration of the contract, and then – no longer than the period after which the statute of limitations for claims arising from the contract expires (legal basis: the Controller’s legitimate interest Article 6(1)(f) RODO);
      8. verification of payment credibility for the period necessary to make such assessment when entering into, renewing or extending this or a subsequent contract, and to process related claims (legal basis: performance of the agreement Article 6(1)(b) of the RODO); this also applies to data obtained by the Controller from other sources;

In order to conclude a contract or to prepare an offer the Controller requires certain data (if you do not provide the data no contract will be concluded and no offer will be made). In addition, the Controller may request optional data that does not affect the conclusion of the contract (if the Controller does not receive the data, it will not be able to, for example, call the contact number, monitor the performance of the contract, or make an inquiry). The provision of data at the conclusion of a contract is not required by law.

To whom does the Controller transfer your data?

Your personal data is transferred to:

1. entities that process data on behalf of the Controller participating in the performance of the Controller’s activities:

            • operating the Controller’s ICT systems or providing the Controller with ICT tools,
            • subcontractors supporting the Controller,
            • entities providing consulting, advisory, auditing, legal, tax and accounting assistance to the Controller, acting on behalf of the Controller;

2. other data controllers processing data on their own behalf:

            • entities conducting postal or courier services;
            • entities engaged in payment activities (banks, payment institutions);
            • entities that cooperate with the Controller in handling of accounting, fiscal and legal matters – to the extent that they become the data controller;

Your personal data may be obtained by us directly from you (during a visit to a branch, through forms on the website, by phone or in writing). It may also be obtained from other entities if you have given your consent.

Will your data be transferred outside the European Economic Area (EEA)?

Currently, the Controller has no plans to transfer data outside the EEA (which includes the European Union, Norway, Liechtenstein and Iceland).

Automatic decision-making

The Controller does not make automatic decisions that have a significant effect on you.

Your entitlements

You may submit a request to the Controller (regarding personal data) for:

            1. adjustment(correction) of the data;
            2. deletion of the data processed unjustifiably or published on the Controller’s websites
            3. restriction of processing (withholding of data operations or non-deletion of data – according to the request);
            4. access to the data (to obtain the information on the data processed by the Controller and to obtain a copy of the data);
            5. transfer of the data to another data controller or to you (to the extent referred to in Article 20 of the RODO).

You may exercise these rights by sending a request by mail or electronically to the Controller’s address. To ensure that you are entitled to make a request, the Controller may ask you to provide additional information to authenticate the requester. The scope of each of these rights and the situations in which you may exercise them are established by law. Which right you can exercise will depend, for example, on the legal basis for the Controller’s use of the data and the goal of processing.

Right to object

Notwithstanding the above rights, you may at any time object to the processing of your data (including profiling) for direct marketing purposes. Upon acceptance of your request in this regard, the Controller is obliged to stop processing your data for this purpose. In certain situations, you may object at any time to the processing of your personal data (including profiling) by the Controller if the basis for the use of the data is the Controller’s legitimate interest or the public interest. In such a situation, after considering your request, the Controller will not be able to process the personal data covered by the objection on this basis, unless the Controller can demonstrate that there are:

        1. valid legitimate grounds for processing which are deemed by law to override your interests, rights and freedoms; or
        2. grounds for establishing, asserting or defending claims.



If the Controller’s use of your personal data is not necessary for the performance of a contract or legal obligation, or does not constitute a legitimate interest of the Controller, the Controller may ask you to consent to certain uses of your data. You may withdraw your consent at any time (this will not affect the lawfulness of the use of your data prior to the withdrawal of such consent).


You have the right to lodge a complaint with the President of the Office for the Protection of Personal Data if you consider that the processing of your personal data is in breach of the law.


Cookies are small text files that are placed on your computer’s hard drive to identify your computer to our servers. If your browser is configured to accept cookies, we will use cookies to recognize your computer when you visit the site so that we can provide a more personalized and streamlined service and improve the quality of the site. You can configure your browser to block cookies.

Google Analytics

Monitoring your activity on the website – your personal data will be processed by automated means (including profiling), but this will not have any legal effect on you. Profiling of personal data involves the processing of data (including by automated means) to predict personal preferences and interests. Google Analytics 4 does not collect or store customers’ IP addresses.

The entity uses Google Analytics 4, a service provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA), to help it analyze how users use the Company’s website. Google Analytics uses cookies that are stored on your computer to analyze your use of the site. The information obtained by the cookies about your use of the site is usually transmitted to Google’s servers and stored there.

Users can disable all cookies or delete selected ones by appropriate settings in their browsers. However, please note that if you do this, you may not be able to use the full functionality of this website. You may also refuse the use of cookies by selecting the appropriate settings on your browser, including your IP address, to prevent Google from processing the information generated by the cookie about your use of the website (including your IP address):

Data is stored in an encrypted, performance-optimized format rather than in a traditional file system or database. It is distributed across multiple physical and logical volumes for redundancy, ease of access, and protection from outside interference.

Data from all Google users (consumers, businesses, and even Google itself) is distributed across a shared infrastructure of many homogeneous computers located in Google’s data centers.

Google Analytics also provides secure transmission of its JavaScript libraries and measurement data. Google Analytics uses HTTP Strict Transport Security (HSTS) by default, which instructs browsers that support SSL-protected HTTP (HTTPS) to use this encryption protocol for all communications between users, sites and Google Analytics servers.

We use Google Analytics 4 to analyze the use of the website and to improve it on a regular basis. With the statistics we get, we can improve our offer and make it more interesting for the user. The legal basis for the use of Google Analytics is Article 6(1)(f) RODO.

Google’s privacy policy can be found at this link: Please note that Google may change this policy from time to time, so please check back for the latest version.

How we protect data

The Controller shall apply appropriate technical and organizational measures to ensure the security of the protection of the processed personal data, appropriate to the risks and the categories of data protected.

The Service is secured with security measures to protect the Personal Data processed by us against alteration, destruction, unauthorized access and disclosure or acquisition and loss, as well as processing in violation of the rules of conduct for the processing of personal data.

Only a limited number of company employees authorized by the data Controller have access to process users’ personal data.


Any questions relating to the processing and protection of personal data of System Users and the use of cookies, including those relating to this “Privacy Policy”, should be addressed to the Data Controller.

The User may also contact us in order to obtain information on whether and to what extent the Controller processes the User’s data, on the purposes and means of processing the Service User’s personal data, as well as in connection with the User’s wish to exercise his/her rights under Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

Changes in the policy

This Policy is effective as of the effective date set forth above. We may change this Policy from time to time, and if we do, we will post any changes on this page. Your continued use of our site after we have posted changes will mean that you agree to the revised Policy.