Privacy Policy
This Privacy Policy describes how Wuwehu (operating at wuwehu.info, Stanisława Kossutha 9, Katowice, Poland) collects, processes, and protects personal data. It applies to all visitors and users of this website and is written in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, "GDPR") and the Polish Act of 10 May 2018 on the Protection of Personal Data (Ustawa z dnia 10 maja 2018 r. o ochronie danych osobowych).
1. Data Controller
The controller of your personal data is Wuwehu, with its principal place of business at Stanisława Kossutha 9, Katowice, Poland. For all matters relating to data protection, you may contact us at:
- Email: [email protected]
- Phone: +48 662 024 923
- Postal address: Stanisława Kossutha 9, Katowice, Poland
2. Categories of Personal Data Collected
We collect only the personal data that is necessary for the purposes described in this policy. The following table summarises the categories of data, the source of collection, and the purpose for which each category is used.
| Category of Data | Source | Purpose | Legal Basis (GDPR Art. 6) |
|---|---|---|---|
| Name and email address | Contact and enquiry forms on this website | Responding to enquiries and communications | Art. 6(1)(b) — performance of pre-contractual steps; Art. 6(1)(f) — legitimate interests |
| Message content | Contact and enquiry forms on this website | Understanding and responding to the nature of the enquiry | Art. 6(1)(b) — pre-contractual steps |
| IP address and browser data | Web server logs (automatic) | Security monitoring, abuse prevention, and technical diagnostics | Art. 6(1)(f) — legitimate interests |
| Cookie preference data | Cookie consent interaction | Recording and honouring your consent choices | Art. 6(1)(c) — legal obligation; Art. 6(1)(a) — consent |
3. Purposes and Legal Bases for Processing
We process personal data only where we have an identified legal basis under Article 6 of the GDPR. The primary purposes are:
- Responding to enquiries: When you submit a contact form, we use your name and email address to reply. The legal basis is Article 6(1)(b) GDPR (pre-contractual steps) and, where applicable, Article 6(1)(f) (our legitimate interest in communicating with prospective programme participants).
- Security and technical operation: Server logs containing IP addresses are processed to maintain the security and stable operation of this website. The legal basis is Article 6(1)(f) GDPR.
- Cookie consent compliance: We store a record of your cookie consent decision to comply with the Act of 16 July 2004 — Telecommunications Law (Prawo telekomunikacyjne) and the GDPR. The legal basis is Article 6(1)(c) GDPR.
4. Data Retention
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, subject to any longer retention required by applicable law.
| Data Type | Retention Period | Rationale |
|---|---|---|
| Enquiry correspondence (name, email, message) | Up to 2 years from last contact | Potential pre-contractual or contractual relationship |
| Web server logs (IP address, access data) | Up to 90 days | Security monitoring and incident investigation |
| Cookie consent records | 13 months from the date of consent | Regulatory compliance |
5. Data Sharing and Third Parties
We do not sell personal data to third parties. We do not share personal data with marketing platforms or advertising networks. Personal data may be shared in the following limited circumstances:
- Hosting providers: Our website is hosted on servers operated by a third-party hosting provider. That provider processes data only as a data processor under our instruction and is bound by a data processing agreement.
- Legal obligations: We may disclose personal data where required to do so by applicable law, a court order, or the instruction of a competent supervisory authority.
- Maps service: The contact page embeds Google Maps. When you view this page, Google may collect data in accordance with its own privacy policy. We recommend reviewing Google's privacy documentation if this concerns you.
6. International Transfers
Where personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place as required by Chapter V of the GDPR. Where we use service providers located outside the EEA (such as Google for embedded maps), we rely on standard contractual clauses approved by the European Commission or other legally recognised transfer mechanisms.
7. Your Rights Under GDPR
As a data subject, you have the following rights under the GDPR, exercisable by contacting us at [email protected]:
- Right of access (Art. 15): You may request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
- Right to erasure (Art. 17): You may request deletion of your personal data where there is no longer a legal basis for its retention.
- Right to restriction of processing (Art. 18): You may request that we limit how we use your data in certain circumstances.
- Right to data portability (Art. 20): Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format.
- Right to object (Art. 21): You may object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.
- Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
You also have the right to lodge a complaint with the Polish supervisory authority: Urząd Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warsaw, Poland. Website: uodo.gov.pl.
8. Security Measures
We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include encrypted data transmission (HTTPS), access controls limiting who can access stored data, and regular review of our data handling practices.
9. Children's Privacy
This website is not directed at individuals under the age of 16. We do not knowingly collect personal data from persons under 16. If you believe we have inadvertently collected such data, please contact us immediately and we will take steps to delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Material changes will be indicated by an updated "Last Updated" date at the top of this page. We encourage you to review this policy periodically.
11. Contact
For any questions, requests, or concerns relating to this Privacy Policy or our data processing activities, please contact:
WuwehuStanisława Kossutha 9
Katowice, Poland
Email: [email protected]
Phone: +48 662 024 923