Privacy Policy

Last updated: May 2026

1. Data Controller

The controller of your personal data is:

BAKR Innovations spółka z ograniczoną odpowiedzialnością
KRS 0001197086 · NIP 7773454729 · REGON 542840200
Registered address: Widok 11 / 4, 62-070 Dąbrówka, Poland
Email: info@bakr-innovations.com

2. Scope

This Privacy Policy describes how we collect, use, store, and protect personal data when you:

• Visit our website at bakr-innovations.com
• Contact us via email, contact forms, or other communication channels
• Enter into a business relationship or contract with us
• Interact with our software, APIs, or services as an end user or client

3. Data We Collect

3.1 Data provided directly by you:

• Name, email address, phone number, and company name
• Content of messages, inquiries, and correspondence
• Billing and invoicing details (for contractual relationships)
• Any other information you voluntarily provide

3.2 Data collected automatically:

• IP address, browser type, operating system, and device identifiers
• Pages visited, referring URLs, and session duration
• Server logs (standard web server access and error logs)

We do not use third-party analytics trackers, advertising cookies, or social media pixels on this website.

4. Legal Basis for Processing

We process personal data under the following legal bases (Article 6 GDPR):

• Consent (Art. 6(1)(a)) — when you voluntarily contact us or subscribe to communications
• Contract performance (Art. 6(1)(b)) — when processing is necessary for a contract or pre-contractual steps
• Legitimate interest (Art. 6(1)(f)) — for operating and securing our website and services, preventing fraud, and responding to inquiries
• Legal obligation (Art. 6(1)(c)) — for tax, accounting, and regulatory compliance under Polish law

5. Purposes of Processing

We use personal data to:

• Respond to inquiries and communicate with you
• Deliver contracted services and software solutions
• Maintain and secure our website and infrastructure
• Comply with legal, tax, and accounting obligations
• Enforce contractual terms and protect our legal rights

6. Data Retention

We retain personal data only as long as necessary for the purposes described above:

• Contact inquiries: up to 24 months from the last interaction
• Contractual data: for the duration of the contract plus 5 years (Polish tax and civil law requirements)
• Server logs: up to 90 days
• Accounting records: 5 years from the end of the relevant fiscal year (as required by Polish law)

7. Data Sharing

We do not sell personal data. We may share data with:

• Service providers acting as processors (e.g., hosting providers, email services, cloud infrastructure) — under data processing agreements
• Public authorities when required by law, regulation, or legal process
• Professional advisors (legal, accounting) bound by confidentiality

Where data is transferred outside the European Economic Area, we ensure appropriate safeguards (Standard Contractual Clauses or adequacy decisions) are in place.

8. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

• Encryption in transit (TLS/HTTPS) and at rest where applicable
• Access controls and principle of least privilege
• Regular security assessments and infrastructure hardening
• Incident response procedures

9. Your Rights

Under the GDPR, you have the right to:

• Access — obtain confirmation and a copy of your personal data
• Rectification — correct inaccurate or incomplete data
• Erasure — request deletion of your data (subject to legal retention obligations)
• Restriction — limit how we process your data
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interest
• Withdraw consent — at any time, without affecting the lawfulness of prior processing

To exercise these rights, contact us at info@bakr-innovations.com.

You also have the right to lodge a complaint with the Polish supervisory authority:

Urząd Ochrony Danych Osobowych (UODO)
ul. Stawki 2, 00-193 Warsaw, Poland
uodo.gov.pl

10. Cookies

This website does not use cookies. We do not employ tracking cookies, analytics cookies, or any form of browser-based user profiling.

11. AI and Automated Processing

In the course of delivering our services, we may develop or deploy artificial intelligence systems. Where AI is used in a way that involves personal data processing:

• We conduct Data Protection Impact Assessments (DPIAs) where required
• We ensure human oversight of automated decisions that significantly affect individuals
• We comply with applicable AI regulations, including the EU AI Act
• We are transparent about the use of AI in our services upon request

12. Children's Data

Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Significant changes will be communicated via our website or direct communication where appropriate.

14. Contact

For any questions about this Privacy Policy or our data practices:

BAKR Innovations sp. z o.o.
Email: info@bakr-innovations.com
Address: Widok 11 / 4, 62-070 Dąbrówka, Poland