PRIVACY POLICY

Last Updated: July 16, 2025

§ 1. General provisions

The joint controllers of the personal data of all customers of the MTA Group companies are:

  • MTA Digital sp. z o.o.
    ul. Święty Marcin 29/8, Poznań 61-806
    KRS: 0000561985, NIP: 7831727441, REGON: 36172305500000
    Represented by: Jakub Krystkowiak - President of the Management Board
  • MTA Performance sp. z o.o.
    ul. Święty Marcin 29/8, Poznań 61-806
    KRS: 0000784788, NIP: 7010922437, REGON: 383274210
    Represented by: Mateusz Mikołajczyk – President of the Management Board
  • Anchor.Team sp. z o.o.
    ul. Święty Marcin 29/8, Poznań 61-806
    KRS: 0000969275, NIP: 7831856345, REGON: 521897892
    Represented by: Wiktor Jachec, President of the Management Board
  • Force of Nature Europe sp. z o.o.
    ul. Święty Marcin 29/8, Poznań 61-806
    KRS: 0001050399, NIP: 7831885358, REGON: 525999520
    Represented by: Jacek Matuszewski, Member of the Management Board
  • Zero Fluff Digital sp. z o.o.
    ul. Świętego Marcin 29/8, Poznań 61-806
    KRS: 0001174081, NIP: 7831930082, REGON: 541841870
    Represented by: Jacek Matuszewski – Member of the Management Board
  • SharkPress Agency sp. z o.o.
    ul. Świętego Marcina 29/8, Poznań 61-806
    KRS: 0001181847, NIP: 7831932253, REGON: 542142080
    Represented by: Wiktor Jacheć – President of the Management Board

Hereinafter referred to as "Joint Controllers of personal data".

Contact Person for Personal Data Protection:

Mateusz Mikołajczyk
Email: gdpr@mta.digital
Mailing Address: Mateusz Mikołajczyk, ul. Święty Marcin 29/8, 61-806 Poznań
In person: MTA Digital sp. z o.o., ul. Bolesława Prusa 6/3, 60-819 Poznań

§ 2. Basis for processing, purposes, source, and storage of personal data

We obtain personal data directly from you – you provide it to us, for example, when concluding contracts, as part of the performance of contracts on your behalf, and when contacting us via the contact form. In order to provide you with the most transparent information possible, we have grouped them according to the purpose of processing your personal data.

Conclusion and performance of a contract for services

Purpose:Provision of marketing/promotional/SEO/lead generation services/website development.
Legal Basis:Article 6(1)(b) GDPR - necessary for performance of a contract.
Storage Period:Duration of service provision and until expiry of claims.
Scope:Email, name, address, phone, bank details. For entrepreneurs: company name, NIP.

Business Operations & Contractor Cooperation

Legal Basis:Article 6(1)(b) GDPR - contract performance.
Storage Period:Duration of business relationship or expiry of claims.
Scope:Name, company name, NIP, address, phone, email.

Contact via Contact Forms

Legal Basis:Article 6(1)(a) GDPR (consent), Article 6(1)(b) GDPR (pre-contractual steps), or Article 6(1)(f) GDPR (legitimate interest).
Storage Period:Until consent withdrawal.
Scope:First name, last name, email address.

Website Statistics

Legal Basis:Article 6(1)(f) GDPR (legitimate interest).
Storage Period:Duration of cookie storage (max 50 months).
Scope:Behavioral data, location data, age/gender (demographics), IP address, user identifiers.

Legal Claims & Accounting

Legal Basis:Article 6(1)(f) GDPR (legitimate interest) and Article 6(1)(c) GDPR (legal obligation).
Storage Period:Limitation period for claims (Civil Code); 5 years for accounting data.
Scope:Name, company details, NIP, REGON, PESEL, financial data, claim-related data.

Newsletter Delivery

Legal Basis:Article 6(1)(a) GDPR (consent).
Storage Period:Until consent withdrawal.
Scope:First name, last name, email address.

Social Media Accounts

Legal Basis:Article 6(1)(f) GDPR (legitimate interest).
Storage Period:Duration of user interaction.
Scope:Name, nickname, image (public social media data).

IT Services

Legal Basis:Article 6(1)(f) GDPR (legitimate interest).
Storage Period:Duration of cookie storage or necessary for primary purpose.
Scope:Cookie data, communication data, IT support data.

§ 3. Data sharing

The administrator ensures that all personal data collected is used to fulfill obligations towards users. This information will not be disclosed to third parties, except where data subjects have given prior explicit consent or legal obligation exists.

Data recipients may include:

  • Service providers (Technical/IT): Google (Ireland, Asia Pacific, Australia), Autenti, Asana, Web INnovative Software, Home.pl, OVH, Notion Labs, ZIELINAMEDIA, Loom, Pipedrive, ClickUp.
  • Accounting/Legal/Consulting: MSRR Szymańska sp. z o.o. sp.k., Krafton Accounting XON sp. z o.o. sp.k.
  • Transport/Delivery: Couriers for order identification.

International Transfers: Data may be transferred to third countries (outside EEA) to entities like Google LLC and Meta Platforms, Inc. We ensure appropriate safeguards (Standard Contractual Clauses, Data Privacy Framework).

§ 4. User rights

  • Right to access, rectification, restriction, erasure, or transfer (Articles 15-21 GDPR).
  • Right to withdraw consent at any time.
  • Right to lodge a complaint with a supervisory authority (UODO).
  • Right to object to processing based on legitimate interest.
  • Right to object to direct marketing.

To exercise these rights, contact us at: gdpr@mta.digital

§ 5. Right to lodge a complaint

If processing violates the law, you may lodge a complaint with the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw (or ul. Moniuszki 1A).

§ 6. Cookies

Cookies are IT data stored on your device to improve website functionality and tailor services.

Types of Cookies used:

TypeCharacteristics
EssentialNecessary for basic website functions (navigation, security).
PreferenceRemember settings like language or region.
StatisticalAnonymous usage data to improve website performance.
MarketingTrack users to display relevant ads.

You can manage cookie settings in your browser. For detailed information on specific cookies and third-party providers (like Cookiebot), please refer to the full policy text or your browser settings.