Privacy Policy

This Privacy Policy describes how personal data is processed and protected for visitors of the www.pbix.pl website and users of services offered by the Controller — in particular trainings, consulting and educational materials.

The document is based on Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation, „GDPR"), the Polish Personal Data Protection Act of 10 May 2018, the Polish Act on Providing Services by Electronic Means of 18 July 2002, and the Polish Electronic Communications Act of 12 July 2024.

• Controller — the entity that determines the purposes and means of processing personal data, identified in §2.
• Personal data — any information relating to an identified or identifiable natural person.
• Processing — any operation performed on personal data (collection, storage, modification, disclosure, deletion, etc.).
• GDPR — Regulation (EU) 2016/679 of 27 April 2016.
• Website — the www.pbix.pl website together with its subdomains.
• User — a natural person using the Website or the Controller's services.
• Cookies — small data files stored on the User's device while using the Website.
• Consent — a freely given, specific, informed and unambiguous indication of the data subject's wishes accepting the processing of their personal data.

The Controller of your personal data is Radosław Sobczak, conducting sole-proprietor business under the name Radosław Sobczak Data Analysis, registered in Inowrocław, Poland, Tax ID (NIP): 5562743281, Statistical ID (REGON): 522321088, .

Contact for data protection matters: kontakt@pbix.pl.

• Responding to enquiries / contact requests — Art. 6(1)(b) GDPR (steps taken at the data subject's request prior to entering into a contract).
• Performance of a training or consulting contract — Art. 6(1)(b) GDPR (contract performance).
• Sending educational materials (lead magnet, level-test result) — Art. 6(1)(a) GDPR (consent).
• Issuing invoices and keeping accounting records — Art. 6(1)(c) GDPR in conjunction with the Polish Accounting Act and the VAT Act.
• Marketing of the Controller's own services to existing customers — Art. 6(1)(f) GDPR (legitimate interest in maintaining a business relationship).
• Marketing of the Controller's own services to non-customers (newsletter, educational materials, commercial communication) — Art. 6(1)(a) GDPR (consent), in conjunction with Art. 398 of the Polish Electronic Communications Act and Art. 10(2) of the Polish Act on Providing Services by Electronic Means.
• Establishing, exercising or defending legal claims — Art. 6(1)(f) GDPR (legitimate interest).
• Statistics, traffic analysis and Website improvement (analytics cookies) — Art. 6(1)(a) GDPR (consent).
• Remarketing (marketing cookies — Meta Pixel, LinkedIn Insight, Google Ads) — Art. 6(1)(a) GDPR (consent).
• Ensuring the security of the Website and preventing abuse — Art. 6(1)(f) GDPR (legitimate interest).

Depending on the form of contact and your activity on the Website, the Controller may process:

• first and last name,
• email address,
• phone number (if provided),
• company name and invoicing details (Tax ID, address) — in the event of a contract,
• contents of correspondence and enquiries,
• answers given in the level test (if you choose to take it),
• technical data: IP address, browser identifier and version, operating system, information on how the Website is used — collected through cookies only after your consent (except for strictly necessary cookies).

Providing data is voluntary; however, failure to provide it may prevent the delivery of a specific service — for example responding to your enquiry or entering into a training contract.

• Data from contact forms and pre-sale correspondence — up to 3 years from the last contact, unless a contract is concluded.
• Data related to a training contract and accounting records — for the period required by tax and accounting law, i.e. 5 years from the end of the calendar year in which the tax obligation arose.
• Newsletter or other marketing communication data — until consent is withdrawn.
• Data processed to establish or defend legal claims — for the limitation period under the Polish Civil Code.
• Analytics and marketing data (cookies) — according to the parameters of the given file, no longer than 13 months; you may delete them at any time in your browser settings.

Your data may be entrusted to processors under Art. 28 GDPR or shared with other controllers only to the extent necessary and lawful:

• Vercel Inc. (USA) — Website hosting,
• Microsoft Corporation / Microsoft Ireland Operations Ltd. — Microsoft 365 services (mail, MS Forms — level test),
• Google LLC / Google Ireland Ltd. — Google Tag Manager and Google Analytics (subject to consent for analytics cookies),
• Meta Platforms Ireland Ltd. — Meta Pixel (subject to consent for marketing cookies),
• LinkedIn Ireland Unlimited Company — LinkedIn Insight Tag (subject to consent for marketing cookies),
• Public authorities, courts and law-enforcement bodies — only to the extent required by applicable law.

Some recipients (including Vercel, Google, Meta, LinkedIn, Microsoft) process data in third countries outside the EEA, mainly in the USA. Transfers are made under Chapter V GDPR, in particular on the basis of:

• Standard Contractual Clauses approved by the European Commission (SCC) — Art. 46(2)(c) GDPR,
• Commission Implementing Decision (EU) 2023/1795 on the adequate protection ensured by the EU–US Data Privacy Framework — for entities certified under the DPF.

You may obtain a copy of the safeguards applied by contacting kontakt@pbix.pl.

Under the GDPR you have the right to:

• access your data and obtain a copy (Art. 15 GDPR),
• rectification of inaccurate data (Art. 16 GDPR),
• erasure of data — the „right to be forgotten" (Art. 17 GDPR),
• restriction of processing (Art. 18 GDPR),
• data portability (Art. 20 GDPR),
• object to processing based on the Controller's legitimate interest (Art. 21 GDPR),
• withdraw consent at any time — without affecting the lawfulness of processing carried out before withdrawal (Art. 7(3) GDPR),
• lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office (Prezes UODO), ul. Stawki 2, 00-193 Warsaw, Poland (Art. 77 GDPR).

To exercise the above rights, write to kontakt@pbix.pl. The Controller will respond no later than one month after receiving the request, with a possible extension of up to two further months in justified cases (Art. 12(3) GDPR).

The Website uses three categories of cookies:

• Strictly necessary — required for the basic operation of the Website (e.g. storing the cookie-consent choice, session). They do not require consent — basis: Art. 173(3)(2) of the Polish Electronic Communications Act.
• Analytics — Google Tag Manager, Google Analytics. They help us understand how Users interact with the Website. They require consent.
• Marketing — Meta Pixel, LinkedIn Insight Tag. They allow tailored advertising on other websites. They require consent.

You give consent for each category in the banner shown on your first visit. You may change your choice at any time by clicking „Cookie settings" in the footer of the Website, or delete cookies in your browser settings.

Your data is not subject to automated decision-making producing legal effects concerning you or similarly significantly affecting you (Art. 22 GDPR).

Marketing and analytics cookies may be used for profiling for advertising purposes (e.g. tailoring communications); however, this does not result in automated decisions affecting your legal or financial situation. You have the right to object to such profiling at any time.

The Controller applies technical and organisational measures appropriate to the risks and the category of data protected, in particular:

• encryption of connections at the transport layer (HTTPS/TLS),
• limiting access to systems to authorised persons,
• regular backups and infrastructure monitoring,
• concluding data-processing agreements (Art. 28 GDPR) with processors,
• verifying providers for GDPR compliance.

In the event of a personal-data breach, the Controller follows the procedure under Art. 33–34 GDPR, including — where required — notifying the President of UODO and the data subjects.

This Privacy Policy may be updated due to changes in law, technology or the Controller's business model. Material changes will be communicated visibly on the Website.

Matters not covered by this Policy are governed by the GDPR, the Polish Personal Data Protection Act, the Polish Act on Providing Services by Electronic Means, and the Polish Electronic Communications Act.

Effective from: 28 April 2026.

In case of any discrepancy between the Polish and English versions, the Polish version prevails.