Privacy policy

dated 14th June, 2023


(1) Your personal data is processed by Space Ads spółka z o. o. with its registered office in Warsaw (address: ul. Plac Bankowy 2, 00-095 Warsaw, Poland; registration: District Court for the capital city of Warsaw in Warsaw, company/reg. no.: 1011955;  tax ID number: PL 5252938464; share capital: PLN 10 000; the “Controller”) in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; the “GDPR”) and with other applicable data protection laws.

(2) The Controller has not appointed a data protection officer; You, as the Data Subject, may contact the Controller in matters relating to the processing of your Personal Data and in order to exercise the rights provided for in the GDPR or other applicable provisions of the law on the protection of personal data at the following e-mail address:  (the “Point of Contact”).


(3) The processing carried out by the Controller may involve certain data, the provision of which is necessary for:

a. communication by way of a contact form (first and last name, e-mail address, unstructured data in the message content); and

b. subscription to a newsletter (name, e-mail address); and

c. creation of an account or preparation and conclusion of an agreement for consultations, audits or other services provided by the Controller, at your request (first and last name, physical and email address, telephone number, tax ID number);

as well as other information relating to You as an identified or identifiable natural person (“Personal Data”) that you decide to disclose, transfer or otherwise freely and knowingly make available to the Controller. In addition, the Controller may use your Personal Data (d) for marketing purposes (first and last name, physical and email address, telephone number, tax ID number).

(4) As a general rule, your Personal Data will be processed on the basis of consent, contract, legal obligation, or legitimate interests.

(5) If the legal basis for processing is consent (Article 6.1.a of the GDPR), the Controller will ensure that Your consent to processing is freely given, specific, informed, and unambiguous, and the request for consent – presented in a manner which is clearly distinguishable from other matters, in an intelligible and easily accessible form, using clear and plain language. The Controller will inform You, before obtaining your consent and hereby informs You, that you have the right to withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

(6) If the legal basis for processing is a contract (Article 6.1.b of the GDPR), the Controller will process your Personal Data to the extent necessary for the performance of a contract to which You are a party, or in order to take steps at Your request prior to entering into a contract. The processing of your Personal Data may also take place in order to comply with legal obligations incumbent on the Controller, resulting in particular from tax and accounting regulations (Article 6.1.c of the GDPR).

(7) The Controller may process your Personal Data for the purpose of direct marketing (including, sending you an offer or invitation to events, workshops, and training in a letter) to counteract fraud, abuse and damage to computer systems and electronic communication systems or for the purpose of investigating and defense against possible claims (Article 6.1.f of the GDPR).


(8) The Controller may use external service providers (e.g., accounting offices) and their resources to conduct activities that involve your Personal Data. In this way, your Personal Data may be disclosed and – as a result – also processed by entities controlling, managing, or acting for (a) OVH and Amazon – as long as they provide us with a hosting service, (b) Google, Facebook and HotJar – as long as they provide us with analytics, (c) Google, Facebook,, and OneSignal – as long as we use their marketing tools, (d) Callpage – as long as we use their widget connecting You to our consultant, and (e) Paypal and PayU – if You wish to pay through them.

(9) The above-mentioned recipients of your Personal Data represent illustrative categories of entities, units, and persons to whom the Controller may disclose your Personal Data – the Controller will provide the most up-to-date list of recipients of your Personal Data at your request, submitted by e-mail to the Point of Contact or in writing to the Controller’s physical address.


(10) Subject to the restrictions resulting from the Privacy Protection Regulations, You have the right to access, rectify, delete, transfer, limit the processing of your Personal Data, as well as to object to the processing, in particular, through the Point of Contact.

(11) The Controller, without undue delay – and in any event within one month of receipt of the request – will provide you with information on actions taken at your request. Where necessary, that period may be extended by two further months due to the complexity or number of the requests.

(12) If your request concerning your rights is submitted by electronic means, the feedback will be provided to You, if possible, in the same way, unless otherwise requested by You.

(13) You can lodge a complaint with a competent supervisory authority, which – in Poland – is the President of the Personal Data Protection Office.


(14) The legal basis for the processing and the exercising of your rights determine the period for which your Personal Data will be stored. For example, the Controller will stop processing your Personal Data after you have withdrawn your consent or if a contract to which You are a party is fully performed.

(15) As a general rule, the provision of Personal Data is voluntary; the Controller will not make decisions based solely on automated processing, including profiling, which produces legal effects concerning You or similarly significantly affect You.


(16) The Controller runs a website at URL  (the “Website”) and may use certain IT data (in particular text files) on the Website, stored on a computer or mobile device or obtained from a computer or mobile device, containing the name of the website on which they were collected, storage time on the computer or mobile device, and unique identifier (“Cookies”).

(17) Cookies are used to adapt the content of the Website to your preferences, as well as to optimize the use of the Website and increase the user experience. Cookies enable:

a. identification of the computer or mobile device in order to display websites tailored to your individual needs; and

b. creation of reports that make it easier to understand how You use the Website – and, as a result, that help the Controller to improve the Website, its structure and content, as well as advertisements that lead to the Website; and

c. maintaining the session (after logging in), so You do not have to re-enter your login and password on each webpage; and

d. personalized marketing communication.

(18) The Controller uses, among else, the strictly necessary cookies that enable the use of services offered via the Website, e.g., authorization Cookies are used for functions that require authorization on the Website. Detailed information on the Cookies and their use can be found in the

(19) You can change your cookie settings at any time. The Controller informs You that any restrictions on the use of Cookies may affect some of the functions available on the Website. Cookies placed on a computer or mobile device may also be used by advertisers and the Controller’s partners.


(20) The Controller may change this privacy policy at any time. This privacy policy was last updated on a date set forth at the top of this document. If the Controller make any changes to this privacy policy that materially change the way your Personal Data is processed, it will highlight this information on the Website.