Privacy Policy

Effective Date: October 29, 2025

---

1. Introduction

Quesma Poland Sp. z o.o. (“Quesma,” “we,” “our,” or “us”) operates the website quesma.com. This Privacy Policy explains how we collect, use, and protect information when you visit our website.

We are committed to protecting your privacy and being transparent about our data practices.

2. Who we are

Data controller: Quesma Poland Sp. z o.o. ul. Lindleya 16 02-013 Warszawa, Poland

Data protection officer: Jacek Migdal, CEO Email: [email protected]

3. Information we collect

3.1 Website analytics

We use Google Analytics to understand how visitors use our website. This helps us improve the user experience and identify which content is most valuable.

• Data collected:

  • Pages you visit and time spent on each page
  • Browser type, device type, and screen resolution
  • General geographic location (city and country level)
  • Referral source (where you came from)
  • Anonymized IP address

• Provider: Google LLC (United States)

• Purpose: Website performance analysis and improvement

• Legal basis: Legitimate interest (improving user experience)

• Data retention: 26 months (Google’s standard retention period)

• Privacy policy: https://policies.google.com/privacy

3.2 Content delivery and security

We use Cloudflare for content delivery, DNS services, and security protection (including bot protection and DDoS mitigation).

• Data collected:

  • IP addresses (for security and routing)
  • Request headers and metadata
  • Security threat data

• Provider: Cloudflare, Inc. (United States, with EU data centers)

• Purpose: Website performance, security, and availability

• Legal basis: Legitimate interest (security and performance)

• Data retention: Minimal, per Cloudflare’s policies

• Privacy policy: https://www.cloudflare.com/privacypolicy/

3.3 Newsletter subscriptions

If you subscribe to our newsletter, we collect your email address through our newsletter signup form.

• Data collected:

  • Email address
  • Subscription timestamp
  • Email open and click data (to improve content)

• Provider: Mailchimp (Intuit Inc., United States)

• Purpose: Sending blog updates and product announcements

• Legal basis: Consent (you explicitly subscribe)

• Data retention: Until you unsubscribe

• Privacy policy: https://www.intuit.com/privacy/statement/

3.4 Contact and external services

Our contact page provides:

• Email link ([email protected])
• Meeting scheduling (Cal.com) - external service, their privacy policy applies
• Social media links - external platforms, their policies apply

When you use these external services, their privacy policies govern data collection.

3.5 Cookies and local storage

Our website uses cookies and browser local storage for:

Type	Purpose	Duration
Google Analytics cookies	Track website usage	2 years
Theme preference	Remember dark/light mode choice	Persistent (local storage)

4. How we use your information

We use collected information to:

• Improve our website experience and performance
• Understand which blog content is most valuable
• Send newsletter updates (only if you subscribe)
• Protect our website from security threats
• Comply with legal obligations

We do not:

• Sell your information to third parties
• Use your data for targeted advertising outside our own communications
• Share your data except as described in this policy (Google Analytics, Cloudflare, Mailchimp)

5. Legal basis for processing (GDPR)

For users in the European Union, we process your data based on:

• Consent: Newsletter subscriptions (you explicitly provide your email)
• Legitimate Interest: Website analytics and security (improving user experience and protecting our site)

You have the right to withdraw consent or object to processing at any time.

6. Your rights

Under GDPR and other privacy laws, you have the right to:

• Access: Request what personal data we have about you
• Correction: Request corrections to inaccurate data
• Deletion: Request deletion of your data (“right to be forgotten”)
• Objection: Object to analytics tracking or other processing
• Portability: Receive your data in a portable format
• Withdraw consent: Unsubscribe from newsletters at any time
• Lodge a complaint: File a complaint with your data protection authority

To exercise these rights, contact us at: [email protected]

We will respond within 30 days as required by GDPR.

7. Data retention

We retain data for the following periods:

Data Type	Retention Period	Why
Google Analytics data	26 months	Google’s standard retention policy
Newsletter email addresses	Until you unsubscribe	Ongoing communication
Website access logs	30 days	Security and troubleshooting
Theme preferences	Indefinitely (local storage)	User convenience

8. International data transfers

Our website is hosted in Europe (Amsterdam/EU data centers via Cloudflare and NameCheap), but some third-party services are based in the United States:

• Google Analytics (Google LLC, United States)
• Mailchimp (Intuit Inc., United States)
• Cloudflare (United States company with EU data centers)

These transfers are protected by:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Privacy Shield successor frameworks (where applicable)

Each provider has GDPR-compliant data transfer mechanisms in place.

9. Data security

We implement appropriate technical and organizational measures to protect your data:

• HTTPS encryption for all website traffic (via Cloudflare)
• Secure hosting infrastructure in EU data centers
• Access controls limiting who can access collected data
• Regular security updates to our website and systems
• Confidentiality agreements for all team members

However, no internet transmission is 100% secure. We cannot guarantee absolute security but we take reasonable precautions.

10. Third-party services summary

Service	Purpose	Location	Privacy Policy
Google Analytics	Website analytics	United States	Link
Cloudflare	CDN, DNS, security	US/EU data centers	Link
Mailchimp	Newsletter management	United States	Link
Cal.com	Meeting scheduling (external link)	Various	Link

These services have their own privacy policies and data practices. We recommend reviewing them.

11. Changes to this policy

We may update this Privacy Policy occasionally to reflect:

• Changes in our data practices
• New features or services
• Legal or regulatory requirements

When we make changes, we will update the “Last Updated” date at the top.

12. Contact us

If you have any questions about this Privacy Policy or how we handle your data:

• Email: [email protected]
• General contact: [email protected]
• Data Protection Officer: Jacek Migdal, CEO
• Mail: Quesma Poland Sp. z o.o., ul. Lindleya 16, 02-013 Warszawa, Poland

Supervisory authority: For EU data protection concerns, you can contact the Personal Data Protection Office (UODO):

• Name: Urząd Ochrony Danych Osobowych
• Website: https://uodo.gov.pl/