Privacy policy


The administrator of personal data collected through the website is Elżbieta Migoń, conducting business under the name grafiQa, with the registered address: Stepowa 8 D, 30-615 Kraków, Tax Identification Number (NIP): 9930042440, registered in the Central Register and Information on Economic Activity (CEIDG), email address:, hereinafter referred to as the "Administrator", also acting as the Service Provider. The place of business and address for correspondence is: Stepowa 8 D, 30-615 Kraków, email address:, hereinafter referred to as the "Administrator".

Personal data collected by the Administrator through the website is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, and the Act of 10 May 2018 on the protection of personal data.



PURPOSE OF PROCESSING AND LEGAL BASIS. The Administrator processes personal data through the website in the event of the user's use of the contact form. Personal data is processed based on Article 6(1)(f) of the GDPR as the legitimate interest of the Administrator.



The Administrator processes the following categories of user's personal data: Name and surname, Address (residence), Email address, Phone number.



The personal data of users is stored by the Administrator: in the case where the processing of data is based on the performance of a contract, for as long as necessary to perform the contract, and thereafter for a period corresponding to the limitation period for claims. If a specific provision does not state otherwise, the limitation period is six years, and for claims related to periodic benefits and claims related to business activity, it is three years. In the case where the processing of data is based on consent, until the consent is withdrawn, and after withdrawal of consent, for a period corresponding to the limitation period for claims that the Administrator may assert and that may be asserted against him. If a specific provision does not state otherwise, the limitation period is six years, and for claims related to periodic benefits and claims related to business activity, it is three years.

Additional information may be collected during the use of the website, including: the IP address assigned to the user's computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type. Navigation data, including information about links and references that users decide to click on or other actions taken on the website, may also be collected. The legal basis for this type of activity is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), which involves facilitating the use of services provided electronically and improving the functionality of these services.


Providing personal data by the user is voluntary.

Personal data will also be processed in an automated manner in the form of profiling if the user consents to this based on Article 6(1)(a) of the GDPR. The consequence of profiling will be assigning a profile to a particular person for the purpose of making decisions concerning them or analyzing or predicting their preferences, behaviors, and attitudes.

The Administrator takes special care to protect the interests of the data subjects, ensuring that the data collected by them is: processed lawfully, collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes, adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed, and stored in a form that permits identification of the data subjects for no longer than is necessary for the purposes of processing.



Personal data of users is transferred to service providers used by the Administrator to operate the website. Service providers to whom personal data is transferred, depending on contractual arrangements and circumstances, either follow the instructions of the Administrator regarding the purposes and methods of processing such data (data processors) or determine the purposes and methods of processing on their own (data controllers).


Personal data of users is stored exclusively within the European Economic Area (EEA).



The data subject has the right to access their personal data and the right to rectify, erase, restrict processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Legal grounds for user requests:


Access to data – Article 15 of the GDPR.

Rectification of data – Article 16 of the GDPR.

Erasure of data (the right to be forgotten) – Article 17 of the GDPR.

Restriction of processing – Article 18 of the GDPR.

Data portability – Article 20 of the GDPR.

Objection – Article 21 of the GDPR.

Withdrawal of consent – Article 7(3) of the GDPR.


To exercise the rights mentioned in point 2, the user can send an appropriate email message to: If a user makes a request based on the above rights, the Administrator fulfills the request or refuses to fulfill it immediately, but no later than one month after receiving it. However, if - due to the complexity of the request or the number of requests - the Administrator is unable to fulfill the request within one month, they will fulfill it within the next two months, informing the user in advance within one month of receiving the request about the intended extension of the deadline and its reasons.

If a data subject finds that the processing of personal data breaches the provisions of the GDPR, they have the right to lodge a complaint with the President of the Office for Personal Data Protection.



The Administrator's website uses "cookies". The installation of "cookies" is necessary for the proper provision of services on the website. "Cookies" contain information necessary for the proper functioning of the website, and they also provide the possibility of developing general statistics on visits to the website. The following types of "cookies" are used on the website: session cookies, "session cookies" are temporary files that are stored on the user's end device until logging out (leaving the website).

The Administrator uses their own cookies to better understand the user's interaction with the website content. The cookies gather information about the user's use of the website, the type of website from which the user was redirected, and the number of visits and the time spent by the user on the website. This information does not record specific personal data of the user but serves to develop statistics on the use of the website.

The user has the right to decide on the access of "cookies" to their computer by selecting them in advance in their browser window. Detailed information on the possibilities and ways of handling "cookies" is available in the software settings (internet browser).



The Administrator applies technical and organizational measures to ensure the protection of processed personal data appropriate to the threats and categories of data protected, in particular to secure the data against unauthorized access, being taken over by an unauthorized person, processing in violation of applicable laws, as well as alteration, loss, damage, or destruction.

The Administrator provides appropriate technical measures to prevent the acquisition and modification by unauthorized persons of personal data sent electronically.

In matters not regulated by this Privacy Policy, the provisions of the GDPR and other relevant provisions of Polish law shall apply accordingly.

Share this addres by QR code
  • Slider 14
  • Slider 15