Privacy Policy

matecki.agency

Effective Date: March 2026 · Version 1.0

This Privacy Policy governs the collection, processing, and protection of personal data in connection with your access to and use of the website located at matecki.agency (the "Website"). It has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 ("GDPR") and applicable Polish data protection law.

We are committed to the highest standard of data minimisation and transparency. Please read this document carefully.

1. Data Controller

The Data Controller within the meaning of Article 4(7) GDPR is:

All data protection inquiries, access requests, and erasure requests should be directed to the email address above. We endeavour to respond within 30 calendar days, as required by Article 12(3) GDPR.

2. Scope of This Policy

This Policy applies exclusively to personal data processed in connection with the Website. It does not extend to third-party platforms, external hyperlinks, or services maintained by third parties, even where accessed through the Website.

3. Zero Tracking & Cookie Policy

This Website is built as a static site, purpose-designed for speed, performance, and privacy. We operate a strict zero-tracking architecture:

• No analytics scripts are deployed (no Google Analytics, Meta Pixel, Hotjar, or equivalent).
• No advertising or retargeting pixels are placed on this Website.
• No marketing, profiling, or non-essential cookies are set on your device.
• No third-party tracking SDKs are loaded at any point during your visit.

Because no non-essential cookies are placed, no cookie consent banner is displayed. This approach is fully compliant with Article 5(3) of Directive 2002/58/EC (ePrivacy Directive) as implemented in Polish law, and with Recital 30 of the GDPR.

The only technically necessary operations are standard HTTP request handling required for the Website to function. No persistent identifiers are written to your device.

4. Personal Data We Process

We process the absolute minimum of data required for technical operation and communication with prospective clients. The following categories of data are processed:

4.1 Server Logs

Legal basis: Article 6(1)(f) GDPR — Legitimate Interest (network security and server integrity).

When you access the Website, the hosting infrastructure automatically records standard technical data including: your IP address, browser type and version, operating system, HTTP method, URL requested, response code, and timestamp of access.

This data is processed exclusively to ensure the technical availability and security of the Website, detect and defend against cyberattacks, and troubleshoot server-side errors.

This data is not used to identify individual users, build profiles, or for any marketing purpose.

4.2 Direct Communication

Legal basis: Article 6(1)(f) GDPR — Legitimate Interest / Article 6(1)(b) GDPR — Pre-contractual measures.

If you contact us via email or through the booking link embedded in the Website, we process your email address, name (if provided), and the content of your message solely for the purposes of responding to your enquiry and evaluating potential collaboration.

We do not use your contact details for unsolicited marketing communications.

5. Data Processors & Third Parties

Your personal data is never sold, licensed, or rented to third parties. It is not shared for advertising, marketing, or profiling purposes under any circumstances.

The only external party that may process technical data is our hosting provider, acting as a Data Processor under Article 4(8) GDPR, governed by a Data Processing Agreement.

The booking functionality (zcal.co) operates under its own privacy policy. We encourage you to review their privacy policy independently.

No personal data is transferred outside the European Economic Area (EEA) by us.

6. Data Retention

We apply strict data minimisation and retention limitation principles in accordance with Article 5(1)(e) GDPR:

• Server Logs: Automatically deleted by the hosting provider, typically within 14 to 30 days.
• Email Correspondence: Retained only for the duration necessary to resolve your enquiry or for the statutory limitation period under Polish law.

Upon expiry of the applicable retention period, personal data is permanently deleted or irreversibly anonymised.

7. Your Rights Under the GDPR

As a data subject, you hold the following rights, exercisable by contacting hello@matecki.agency:

• Right of Access (Art. 15)
• Right to Rectification (Art. 16)
• Right to Erasure (Art. 17)
• Right to Restriction of Processing (Art. 18)
• Right to Object (Art. 21)
• Right to Data Portability (Art. 20)
• Right to Lodge a Complaint (Art. 77) — competent authority: UODO, ul. Stawki 2, 00-193 Warsaw, www.uodo.gov.pl

We will respond to all verified requests within 30 days.

8. Automated Decision-Making

No automated decision-making or profiling within the meaning of Article 22 GDPR takes place on this Website.

9. Security Measures

We implement technical and organisational measures appropriate to the risk, in accordance with Article 32 GDPR. The Website is served exclusively over HTTPS (TLS).

10. Amendments to This Policy

We reserve the right to update this Privacy Policy. The current version will always be published at matecki.agency/privacy-policy.html.

11. Contact

This document constitutes the complete Privacy Policy of Matecki Agency as of the date indicated above.