Privacy Policy

1. Data Controller

The controller of personal data is Arteon, registered in gmina Czernichów, Zagacie, ul. Jaśminowa 36, 32-070, Poland.

Tax ID (NIP): 9442284430, REGON: 528888241

Contact: kontakt@arteonagency.pl, phone: +48 516 466 255.

2. Scope of Collected Data

• data submitted via the contact form (first name, last name, email, message content),
• technical data collected automatically (IP address, device information, cookies),
• analytical data from Google Analytics 4, Ahrefs Web Analytics, Vercel Analytics and Vercel Speed Insights,
• analytical data from Metricool (visit statistics, traffic sources),
• data collected by Google AdSense for the purpose of displaying ads (advertising identifiers, advertising cookies, ad interaction data),
• server and security event logs (e.g. timestamps, IP address, request headers).

3. Purposes and Legal Bases of Processing

1. Customer contact - responding to enquiries from the contact form (Art. 6(1)(b) and (f) GDPR).
2. Marketing and analytics - site statistics, content optimisation (Art. 6(1)(f) GDPR).
3. Service delivery - preparing offers, contracts, invoices (Art. 6(1)(b) GDPR).
4. Legal obligations - e.g. retention of accounting documentation (Art. 6(1)(c) GDPR).
5. Security and claims - maintaining logs, preventing abuse, establishing/pursuing/defending claims (Art. 6(1)(f) GDPR).
6. Displaying ads - displaying interest-based advertisements via Google AdSense (Art. 6(1)(a) GDPR - user consent given via the cookie banner).

4. Cookies

The website uses cookies for the following purposes:

• ensuring proper website functionality,
• traffic analysis (Google Analytics 4, Ahrefs Web Analytics, Vercel Analytics, Metricool),
• marketing purposes,
• displaying interest-based ads (Google AdSense / DoubleClick).

Google AdSense may use DoubleClick cookies to serve ads based on a user's previous visits to our website or other websites. Third-party providers (including Google) use these cookies to serve ads based on browsing history.

You can opt out of personalised ads at Google Ads Settings or at aboutads.info.

The website uses Google Consent Mode v2. This means that Google analytics and advertising scripts do not collect data until the user gives consent via the cookie banner.

You can manage cookies in your browser settings. Restricting cookies may affect some website features.

5. Data Recipients

Data may be shared with entities that support us in providing services, such as:

• hosting/application providers (e.g. Vercel),
• analytics tool providers (Google Ireland Ltd., Ahrefs Pte. Ltd., Vercel Inc., Metricool S.L.),
• advertising service providers (Google Ireland Ltd. - Google AdSense),
• accounting office, payment processors or legal entities - if necessary.

All recipients process data in accordance with GDPR based on appropriate agreements.

6. Data Processing Agreement (DPA)

Upon request, we enter into a data processing agreement (DPA) when we process data on behalf of a client (e.g. as part of website maintenance, tool or system configuration).

7. Data Transfers Outside the EEA

Google and Vercel may process data outside the European Economic Area. Appropriate legal safeguards are applied (including Standard Contractual Clauses approved by the European Commission) and, where possible, technical measures (pseudonymisation, minimisation).

8. Data Retention Period

• Contact form data - up to 12 months after the end of correspondence.
• Client data - for the period required by law (accounting documentation).
• Analytical data - in accordance with Google Analytics policy (e.g. 26 months).
• Logs - for the period necessary for security and accountability (generally up to 12 months, unless regulations provide otherwise).

9. Your Rights

You have the right to:

• access your data and receive a copy,
• rectification of data,
• erasure of data,
• restriction of processing,
• data portability,
• object to processing (including marketing),
• lodge a complaint with the President of the Personal Data Protection Office (UODO, Poland).

10. Voluntary Provision of Data

Providing personal data is voluntary but necessary for contact or service delivery.

11. Security Measures

We apply technical and organisational measures to protect personal data against unauthorised access, loss or destruction.

12. Policy Changes

This privacy policy may be updated to reflect changes in legislation or technology. The current version is always available on this page.