Privacy Policy

Last updated: 16.05.2023

We are ATENBI Sp. z o. o., based in Warsaw (address: ul. Plac Stanisława Małachowskiego 2, 00-066;
registration: District Court for the capital city of Warsaw in Warsaw XII Commercial Department of the
National Court Register, NCR/KRS number: 894682; tax ID number/NIP: 5252859842; share capital: PLN
12,000.00). We are the controller of your personal data, no matter your nationality, citizenship, or current
residence – as long as you remain a living person. If you want to contact us about your privacy and specifically
about our processing of your personal data, you can use this e-mail address: – we have not
appointed a data protection officer since our core activities neither require regular and systematic monitoring of
data subjects on a large scale nor consist of large-scale processing of special categories of personal data and data
relating to criminal convictions or offences; nor are we a public authority or entity.

Due to the processing of your personal data in connection with our business activities, we are subject to privacy
laws, including Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on
the protection of natural persons with regard to the processing of personal data and on the free movement of such
data, and repealing Directive 95/46/EC (General Data Protection Regulation; “GDPR”). In this privacy policy
(“Privacy Policy”), we will tell you what personal data we process, for which purposes and on which basis,
whom we share it with, and we will draw your attention to the rights that the GDPR grants to data subjects such
as yourself. We will carry out our duty to inform also elsewhere, especially on our website
( and relevant subpages; collectively, the “Website”), providing you with specific and
appropriate notices.

Before we take a further dive into this Privacy Policy, we should apprise you of two basic definitions that will
help us all navigate on the high seas of the GDPR. First, the concept of personal data includes information about
an identified or identifiable natural person, such as, for example: name, surname, identification number, location
data, Internet identifier. Secondly, the processing of personal data is, in principle, any activity which is
performed on personal data, whether or not by automatic means – for example, the collection, storage, recording,
organization, alteration, consultation, use, disclosure, restriction, erasure or destruction. By the way, we kindly
ask you not to provide us at all, and in particular through the Website, with information defined by the GDPR as
special categories of personal data including information about race or ethnic origin, political opinions, religious
or philosophical beliefs, trade union membership, information about physical or mental health, genetic data,
biometric data, information about sexual life or sexual orientation and criminal history.

We generally process only the personal information that you have provided us with, whether by contacting us via
instant messengers integrated with our Website, appropriate form on the Website, or email, or by leaving
comments in the forum section of our blog, or by subscribing to our newsletter. Our processing of your personal
data serves quite obvious purposes, which you define yourself or may recognize without any problems – for
example, we reply to your questions and, at your request, send you our commercial offer or information
(newsletter, etc.). Should we contemplate processing your personal data for a purpose other than that for which
they were originally obtained, we will let you know and try our best to obtain your consent for the processing for
the new purpose. Likewise, if we obtain your personal data from third parties, we will provide you with the
relevant information within a reasonable period after obtaining your personal data or at the latest at the time of
our first communication with you.

If we ask for your consent to the processing of your personal data, we will make sure your agreement is free,
properly informed, specific and unambiguous, and that you are aware that you may withdraw your consent to
further processing of your personal data at any time. This may not always be a checkbox, but we will never take
your consent for granted until you have given us a clear indication that you agree to our processing of your
personal data. In other cases, our processing of your personal data may be based on the premise that it is
necessary for the performance of a contract between us or to take action, at your request, prior to the conclusion
of our contract. It may also be the case that a comparison of your interests or fundamental rights and freedoms
with our or third parties’ interests will enable us to lawfully process your personal data, whether for the purpose
of direct marketing or to ensure network and information security – we will inform you of the prevailing
interests of ours or third parties.

In any case, we will provide you with adequate information explaining the basis and purposes of our processing
of your personal data whenever we collect such data. Regardless of whether the basis for our processing of your
personal data is consent, contract, legitimate interest or any other ground that legitimizes such processing, we
will make sure that the scope of your personal data collected or otherwise processed is as small as possible,
unless you decide to provide us with personal data in a larger amount or for a longer period than necessary. For
example, if you would like to make an appointment for a free consultation, we will only ask you for personal
data that are necessary to carry out the consultation – that is, your name, email address. Unless we proceed to the
stage of preparation, conclusion, or performance of the contract or unless you give us your consent to the
processing of your personal data for a specific purpose, your personal data processed in connection with the
consultation will be deleted from our information systems or data filing systems or anonymized.

Furthermore, we would like to draw your attention to your rights to request access to your personal data, to
rectify, erase or limit the processing, and to object to the processing, including your absolute right to object to
the processing for the purposes of direct marketing, and to the transfer of data. At this point, however, we must
highlight that while access to personal data, including the right to obtain a copy of the data, as well as the
possibility of rectifying such data are almost unlimited, the right to erase personal data (the right to be forgotten)
is subject to limitations and cannot be performed if the processing is necessary for us to establish, pursue, or
defend my claims. Similarly, your request to receive personal data in a structured, commonly used and machine-
readable format or to transmit personal data to another controller will be satisfied only in respect of personal data
provided by you and processed by us by automated means on the basis of consent or contract. In any case, you
have the right to lodge a complaint with the supervisory authority.

As long as your personal data are processed by us, they will be processed using appropriate technical and
organizational means, including appropriate staff and encryption mechanisms, in order to meet the requirements
of the GDPR and to protect your rights. If we decide to entrust the processing of your personal data to third
parties – and we will do so in the case of using external IT resources, cloud applications or services, and the like
– we will cherry-pick only the processors providing sufficient guarantees for the implementation of appropriate
technical and organizational measures to ensure that the processing meets the requirements of the GDPR and
protects your rights. The list of current processors includes: Google LLC, Facebook Inc., Hotjar Ltd, OVH Sp. z
o.o. – for full and updated version of the list, please contact us at .
The Website uses cookies and similar technologies (collectively, „Cookies”), which you can however disable by
using the settings of your web browser. You can learn more about the Cookies we use courtesy of Cookiebot. In
order to reach you with our marketing messages outside the Website (remarketing) we use the services of
external suppliers, such as Google or Facebook. To this end, external suppliers install, for example, an
appropriate code or pixel to download information about your activity on the Website. We use the data
concerning your activity, such as search history, clicks, visits, history and your activities related to our e-mail
communication with you, to create your profile, corresponding to your interests and preferences. Then, to the so
created profile we customize the marketing information about our services which may be of interest to you. In
conclusion, we would just like to point out that we prefer the service providers and other recipients of your
personal data who process data in the European Economic Area; although we do not intend to transfer your
personal data to a third country, if that were to happen, we will select a country or the recipients who provide an
adequate level of protection.

The Website may contain active links to other websites on the Internet, managed by entities not related to us, in
accordance with the rules adopted autonomously and sometimes not respecting the requirements of the GDPR.
We recommend that you read the relevant privacy policies before using those sites.

This Privacy Policy is effective as of the date stated at the top. ATENBI may change it from time to time. You
must refer back to this Privacy Policy on a regular basis.