Privacy Policy

The controller of your personal data within the meaning of Article 4(7) GDPR is Norbert Nowacki, conducting sole-proprietor business activity, based in Słupsk, Poland, Tax ID (NIP): 8392975165, registered in the Polish Central Register and Information on Economic Activity (CEIDG). Full registration data is publicly available by NIP in the CEIDG search at aplikacja.ceidg.gov.pl.

EventApp (eventapp.pl) is a product of the Controller.

Contact for data protection matters: kontakt@codapi.pl, tel. +48 503 033 023.

We process only data that you provide to us yourself or that is collected automatically while you use the website:

• Contact form — your e-mail address and the message content.
• Technical and analytical data (only after you consent to analytics/marketing cookies) — IP address, browser identifiers, device information, pages visited, and traffic source (UTM parameters).
• Cookies — including a first-party cookie storing your consent decision (cookie_consent).

We do not collect special categories of data (Art. 9 GDPR) or data relating to criminal convictions (Art. 10 GDPR).

We process your data for the following purposes:

• Responding to inquiries submitted through the contact form and sales-related communication — based on Art. 6(1)(b) GDPR (steps prior to entering into a contract at your request) and Art. 6(1)(f) (legitimate interest of the Controller in handling correspondence).
• Website analytics and measuring advertising effectiveness — based on Art. 6(1)(a) GDPR (your voluntary consent expressed through the cookie banner).
• Compliance with legal obligations (including tax and accounting), if the inquiry results in a contract — based on Art. 6(1)(c) GDPR.

The website uses cookies and third-party tools. Marketing and analytics cookies are disabled by default — they are activated only after you grant consent through the cookie banner. We use Google Consent Mode v2, which enforces your choice across all supported tools.

We use:

• First-party cookie — cookie_consent (stores your consent decision; valid for 12 months).
• Google Tag Manager (Google Ireland Ltd., data may be transferred to Google LLC in the USA) — manages loading of analytics and advertising tags.
• Meta Pixel (Meta Platforms Ireland Ltd., data may be transferred to Meta Platforms, Inc. in the USA) — measures conversions (Lead event after form submission) and page views.
• UTM parameters — stored in browser memory to attribute your inquiry to its marketing source.

You can withdraw consent at any time by removing the cookie_consent cookie in your browser settings — the banner will reappear and allow you to change your choice.

We use trusted providers who process data solely on our instructions and under data-processing agreements compliant with Art. 28 GDPR:

• MailerSend (MailerSend, UAB, Lithuania) — e-mail delivery for contact-form messages.
• Vercel Inc. (USA) — hosting of the eventapp.pl website.
• Google Ireland Ltd. — Google Tag Manager (activated only with your consent).
• Meta Platforms Ireland Ltd. — Meta Pixel (activated only with your consent).

Your data is not sold, traded, or disclosed to third parties for marketing purposes.

Because some of our providers are based in or operate infrastructure in the United States (Vercel, Google, Meta), your data may be transferred outside the European Economic Area. Such transfers take place under appropriate safeguards:

• Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses (SCCs).
• Commission Implementing Decision (EU) 2023/1795 of 10 July 2023 on the adequate level of protection under the EU–US Data Privacy Framework — for providers with active DPF certification.

You may obtain a copy of the applied safeguards by contacting us at kontakt@codapi.pl.

We retain your data only for as long as necessary for the purpose for which it was collected:

• Contact-form messages — up to 3 years from the last contact (Polish statute of limitations for business claims under Art. 118 of the Civil Code).
• Tax and accounting data (if the inquiry led to a contract and an invoice) — 5 years from the end of the tax year in which the tax obligation arose.
• Cookies — for the validity period set by each provider (from session to 24 months).
• Analytics data — according to the settings of the analytics tools, for which you may withdraw consent at any time.

Under the GDPR you have the following rights:

• Right of access to your data and to receive a copy of it (Art. 15 GDPR).
• Right to rectification of inaccurate or incomplete data (Art. 16 GDPR).
• Right to erasure — “right to be forgotten” (Art. 17 GDPR).
• Right to restrict processing (Art. 18 GDPR).
• Right to data portability (Art. 20 GDPR).
• Right to object to processing, including profiling (Art. 21 GDPR).
• Right to withdraw consent at any time — without affecting the lawfulness of processing carried out before withdrawal (Art. 7(3) GDPR).
• Right to lodge a complaint with the supervisory authority — the President of the Polish Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl.

To exercise any of these rights, write to kontakt@codapi.pl. We respond without undue delay, at the latest within one month of receiving the request.

We have implemented appropriate technical and organisational measures to protect your data against unauthorised access, loss, or alteration:

• Encryption of website traffic via HTTPS/TLS.
• Data minimisation — we collect only what is truly necessary.
• Access to data restricted to authorised persons only.
• Contact-form messages delivered through an authenticated provider (MailerSend).

This privacy policy may be updated to ensure compliance with applicable law and to reflect changes in our practices. The current version is always available at /polityka-prywatnosci. We will notify you of material changes in a visible way on the website.