§1 General Provisions

1. This Privacy Policy sets out the principles for the processing and protection of personal data of Users and Customers using the Website available at the following web address: www.supermonitoring.com. The document also sets out the principles for the use of cookies.
2. This document is for information purposes only.
3. The Data Administrator of the personal data of the Customers/Users of the Website, within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (Text with EEA relevance) (Official Journal of the EU. L No. 119, p. 1), hereinafter referred to as GDPR, is Konrad Caban conducting business under the name of SITEIMPULSE, with its registered office in Warsaw, Poland, Niedźwiedzia 29B, 02-737 Warsaw registered in the Central Register and Information on Business Activity (CEIDG), VAT ID: 5212118341, Regon: 012887347, contact phone: +48222662406, e-mail: office AT siteimpulse DOT com.
4. The Data Administrator declares that the User's/Customer's personal data are processed in accordance with the Polish regulations on the protection of personal data and the Act of 18 July 2002 on the provision of electronic services (Journal of Laws No. 144, item 1204, as amended).
5. Personal data of Customers/Users is processed in accordance with the appropriate legal basis under the GDPR, in particular on the basis of the necessity of processing for the performance of a contract or taking steps prior to entering into a contract, legal obligations incumbent on the Data Administrator, the legitimate interest of the Data Administrator, or the consent of the Customer/User – depending on the purpose and nature of the processing. In cases where processing is based on consent, the Customer/User gives such consent by ticking the relevant checkbox or taking another explicit action indicated on the Website.
6. The Data Administrator ensures that personal data is processed lawfully. Personal data is not sold to third parties and may only be disclosed or entrusted to entities authorized under applicable law or cooperating with the Data Administrator to the extent necessary to achieve the purposes indicated in this Privacy Policy.
7. The User/Customer has the right to ask the Data Administrator for full information on how their personal data is being used. We always endeavor to clearly inform you about the data we collect, how we use it, the purposes for which we use it, to whom we transfer it, how we protect it when it is transferred to other parties and who to contact in case of doubt.
8. The Data Administrator declares that all data collected will be protected from unauthorized access or use using appropriate technical and organizational measures and security procedures.
9. The Data Administrator has exclusive access to the data in accordance with the Terms and Conditions and this document. Access to the Customer's/User's personal data may also be entrusted to other entities, such as those through which the Customer/User makes payments for purchases on the Site, who collect, process and store personal data in accordance with their Regulations and Privacy Policy. Access to the Customer's personal data is granted to the aforementioned entities to the extent necessary and only to the extent necessary to ensure the performance of their services so that the Customer can purchase the Service.
10. All words and expressions appearing in this document and beginning with a capital letter (e.g. Customer, User) shall be understood in accordance with the definitions contained in the Terms and Conditions available on the Website.
11. The purpose of the Privacy Policy is to define the measures taken by the Data Administrator with regard to the personal data collected through the Website and the related services and tools used by Customers/Users to carry out certain activities, such as: using the contact form, creating an account or carrying out other activities on the Website.

§2 Collection, Acquisition, Scope and Purpose of Personal Data Collection

1. The personal data of Customers of the Website is collected or may be collected using the following functionalities of the Website: Contact Form, Newsletter subscription, data provided in the Customer Account, data provided when adding comments in the "Blog" tab, login data and registration data.
2. The Data Administrator obtains information about Users by, among other things, collecting server logs via the hosting operator.
3. The Data Administrator processes personal data of Customers/Users to the extent necessary for the proper provision of services available on the Website and is entitled to use the collected and stored data for the following purposes:
a) for the purpose of providing electronic services, concluding and performing a contract, and operating the Customer Account – in such case the legal basis for processing is the necessity of processing for the performance of a contract or for taking steps prior to entering into a contract (Article 6(1)(b) GDPR); such activities include in particular:
i. placing an order on the Website,
ii. concluding and performing an agreement for the provision of electronic services,
iii. resolving technical issues and making relevant functionalities available,
iv. operating the Customer Account and providing Monitoring;
b) for the purpose of fulfilling legal obligations incumbent on the Data Administrator, in particular tax, accounting and invoicing obligations, as well as obligations related to issuing, storing and handling invoices and other accounting documents – in such case the legal basis for processing is the legal obligation incumbent on the Data Administrator (Article 6(1)(c) GDPR);
c) for analytical, statistical and service improvement purposes – in such case the legal basis for processing is the legitimate interest of the Data Administrator (Article 6(1)(f) GDPR), consisting in analysing User activity, improving the functionality of the Website and developing the services provided; such activities include in particular:
i. monitoring User activity,
ii. carrying out research and analyses regarding the use of the Website,
iii. adapting functionalities and offers to Users’ needs,
iv. preparing internal reports, analyses and statistics;
d) for the purpose of establishing, pursuing or defending against claims – in such case the legal basis for processing is the legitimate interest of the Data Administrator (Article 6(1)(f) GDPR), consisting in protecting its rights; such activities include in particular:
i. contacting Users and Customers in matters related to the provision of services,
ii. enforcing compliance with the Terms and Conditions,
iii. handling complaints and disputes;
e) for the purpose of sending commercial information, including newsletters – in such case the legal basis for processing is the User’s consent (Article 6(1)(a) GDPR), which may be withdrawn at any time without affecting the lawfulness of processing carried out before its withdrawal.
4. The Administrator shall only be entitled to store the data collected and tracked on the Website for the purposes specified above.
5. The Data Administrator collects, processes and stores the following personal data of Users according to the choice of the specific Service:
a) electronic mail address (e-mail address),
b) name/username.
The collection of personal data in certain activities is specified in the Terms and Conditions.
6. The Data Administrator collects, processes and stores the following Customer data:
a) the electronic mail address (e-mail address),
b) legal name,
c) name of the company,
d) VAT ID,
e) business address (street, building number, apartment number, postal code, town, country),
f) telephone number.
7. Providing data by the Customer/User is voluntary; however, to the extent required to conclude and perform a contract or to provide a specific service, it may be necessary in order to use the functionalities of the Website or the services provided through it. The scope of data required to conclude a contract or use a given service is indicated in advance on the Website and in the Terms and Conditions.
8. The Data Administrator reserves the right to block and filter messages sent through the internal messaging system. In particular, if the messages are of a spam nature, contain prohibited content or otherwise threaten the safety of the site users.
9. In addition, the Data Administrator is entitled to automatically obtain and record data transmitted to the Server by web browsers or Customers/Users' devices, such as IP address, software parameters, hardware parameters, pages viewed, mobile device identification number and other data relating to the devices and use of the system.
10. In order to assess the attractiveness of advertisements and services for Customers/Users, improve the quality and effectiveness of the services provided through the Website or by other entities referred to herein, or for the purpose of participating in research activities, the Data Administrator may share anonymised data with other entities, including partners of the Website.
11. The Data Administrator informs Customers/Users that, in connection with operating the Website and providing services, it may entrust the processing of personal data or disclose such data to the following entities solely to the extent necessary to achieve the purposes indicated in this Privacy Policy and in accordance with applicable law:

Within the EEA:
As part of the Service, the User's data is processed by entities working with the Data Administrator, which are required to comply with high privacy standards analogous to those contained in the Policy, pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
a) IQ PL Sp. z o.o., 16 Geodetów St., 80-298 Gdańsk, KRS: 0000007725, NIP: 5832736211 - to store personal data on the server where the service is installed,
b) mElements S.A., ul. Prosta 18, 00-850 Warsaw, KRS: 00000590484, NIP: 5223047892 - to enable electronic payment for the ordered service,
c) Blue Media S.A., ul. Powstańców Warszawy 6, 81-718 Sopot, KRS: 0000320590, NIP: PL5851351185 - to enable electronic payment for the ordered service,
d) Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland - to enable electronic payments for the ordered service,
e) PayPal Europe S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg - to enable electronic payment for the requested service,
f) IFIRMA S.A., ul. Grabiszyńska 241 B, 53-234 Wrocław, KRS: 0000281947, NIP: 8981647572 - for the purpose of providing electronic accounting services,
g) Hotjar Ltd., St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta - providing a solution to monitor User activity. The data collected prevents the identification of any specific individual and more information about the tool's privacy standards is available at the link https://www.hotjar.com/legal/policies/privacy/,
h) Reditus, Europalaan 100, Utrecht, The Netherlands - to enable the Service Provider to perform additional Monitoring activities. More information on privacy standards is available at the following link: https://www.getreditus.com/privacy-policy/

Beyond the European Economic Area (EEA):
Where the Data Administrator uses services of providers established outside the EEA or processing data outside the EEA, personal data may be transferred to third countries.

In such cases, the Data Administrator ensures that the transfer of data takes place in accordance with applicable law and with appropriate safeguards, in particular by means of:
a) transfers to countries covered by a European Commission adequacy decision,
b) the use of standard contractual clauses approved by the European Commission,
c) other safeguards provided for by applicable law, including Article 46 of the GDPR.

The User may obtain additional information about the safeguards applied by contacting the Data Administrator.
In particular, transfers of personal data outside the EEA may involve the following entities:
a) Google – for the use of analytical and marketing tools. More information about the privacy standards applied is available at https://policies.google.com/technologies/partner-sites?hl=en. Furthermore, by using the following link: https://tools.google.com/dlpage/gaoptout, it is possible to disable the activity measured by Google Analytics.
b) Meta Platforms – for the use of marketing and analytical tools related to website traffic. More information about the privacy standards applied is available at https://www.facebook.com/privacy/policy/.
c) Mixpanel – for the analysis of how the User interacts with the Service. More information is available at https://mixpanel.com/legal/privacy-policy/.
d) tawk.to – for facilitating contact with Users and handling communication. More information about the privacy standards applied is available at https://www.tawk.to/privacy-policy/.
e) OnboardFlow – for monitoring the onboarding of registered users and analysing conversion rates. More information about the privacy standards applied is available at https://onboardflow.com/legal/terms/.
12. Regardless of the periods indicated below, the processing period may be extended where processing is necessary for the establishment, pursuit or defence of claims, and thereafter only where and to the extent required by applicable law. After the expiry of the processing period, the data is irreversibly deleted or anonymised.
13. Personal data will be stored for the period necessary to fulfil the purposes for which it was collected, in particular:
a) in the case of data processed for the purpose of concluding and performing a contract – for the duration of the contract and thereafter until the expiry of the limitation period for claims,
b) in the case of data processed for the purpose of fulfilling legal obligations (in particular tax and accounting obligations) – for the period required by law,
c) in the case of data processed on the basis of the legitimate interest of the Data Administrator – until an effective objection is raised or the purpose of processing is achieved,
d) in the case of data processed on the basis of consent – until such consent is withdrawn.
After the expiry of the above periods, the data is deleted or anonymised.

§3 Cookies Policy

1. The Data Administrator automatically collects information contained in cookies in order to collect data relating to the use of the Website by the Customer or User. A cookie is a small piece of text that a website sends to the browser and that the browser sends back on subsequent visits to the website. They are mainly used to maintain a session, for example by generating and sending back a temporary identifier after logging in. The Data Administrator uses "session" (temporary) cookies, which are stored on the Client/User's terminal equipment until the Client logs out, closes the website or switches off the web browser, and "permanent" cookies, which are stored on the Client/User's terminal equipment for the time specified in the parameters of the cookies or until they are deleted by the Client/User. More information on cookies can be found at www.allaboutcookies.org.
2. The Data Administrator uses the following types of Cookies within the Website:
- "necessary", which enable the use of the services available on the Website,
- to ensure safety & security,
- "advertising", which enables the delivery of advertising content tailored to the User's interests,
- "performance", which are used to obtain information about how Users use the Website,
- "functional", which enable the Website to remember the User's preferred functionalities.
3. The Data Administrator uses external cookies to collect general and anonymous statistical data by means of analytical tools.
4. Cookies are used to adapt and optimize the Website and its services to the needs of the Client/User through activities such as compiling statistics on the number of visits to the Website and ensuring the security of the Website and its Users. Cookies are also necessary to maintain the Client/User's session after they leave the Site.
5. The Customer can change the settings for cookies at any time via their web browser, including completely blocking or deleting the collection of cookies.
6. Blocking the ability to collect cookies or making other changes to the settings of the device may hinder or prevent the use of certain functionalities of the Website to which the Customer/User is fully entitled, but in such a situation the Customer/User must be aware of the limitations of the functionalities available on the Website.
7. A Customer/User who does not wish to use cookies for the purposes described above may delete them manually at any time. Detailed instructions on how to do this can be found on the website of the manufacturer of the internet browser currently used by the Customer.
a) In case of Google Chrome, instructions can be found here - https://support.google.com/chrome/answer/95647?hl=en
b) In case of Mozilla Firefox, instructions can be found here - https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
c) In case of Safari, instructions can be found here - https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac
d) In case of Microsoft Edge, instructions can be found here - https://docs.microsoft.com/en-us/microsoft-edge/devtools-guide/debugger/cookies
e) In case of Opera, instructions can be found here - https://help.opera.com/pl/latest/security-and-privacy/
8. The Data Administrator may allow third parties, such as advertisers or analytics providers, to collect information using the above technologies directly on the Website. Data collected in this way will be subject to the provisions of the privacy policies developed by these entities.
9. Some external companies operating on the Site may allow users to opt out of the collection and use of their data for the purposes of advertising based on the Customer's activity. For more information, see for example: https://www.youronlinechoices.com/.

§4 Rights and Obligations

1. The Data Administrator has the right, as well as the legal obligation, to provide selected or all information concerning the Customers/Users of the Website to public authorities or third parties who request such information on the basis of the applicable provisions of Polish law.
2. The Customer/User has the right to:
a) access their personal data,
b) rectify (correct) their data,
c) erase their data (“right to be forgotten”),
d) restrict the processing of data,
e) the right to data portability,
f) object to the processing of data – where the processing is based on the legitimate interest of the Data Administrator,
g) withdraw consent at any time – where the processing is based on consent (the withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal),
h) lodge a complaint with the President of the Personal Data Protection Office (PUODO).
3. In order to exercise the above rights, the Customer/User may contact the Data Administrator using the contact details indicated in this Privacy Policy.
4. The deletion of personal data or the cessation of its processing by the Data Administrator may result in the total impossibility of providing the services offered through the Website, or in their being significantly limited.
5. In cases where the processing of personal data is based on consent, the Customer/User gives such consent by accepting the relevant statements contained in the interactive forms available on the Website, in particular in the contact form, registration form or newsletter subscription form.
6. The Customer/User may also consent to additional purposes of processing their personal data by accepting optional statements made available in the forms on the Website.
7. Consent voluntarily given by the Customer/User to receive commercial information may be withdrawn at any time, in particular by e-mail or by using the relevant unsubscribe link available in the message. Upon receiving a declaration of withdrawal of consent, the Data Administrator ceases processing personal data for the purpose of sending commercial information, unless further processing is permitted on another legal basis.
8. The Data Administrator undertakes to act in accordance with the laws in force and the generally accepted rules of social coexistence.

§5 Changes to the Privacy Policy

1. The offer of the Website may expand in the future, which means that the Data Administrator will be obliged or entitled to introduce changes to the Privacy Policy.
2. The Service reserves the right to make changes to the Privacy Policy, which may be influenced by, among other things, developments in internet technology, as well as changes in data protection law.
3. Any changes to the Privacy Policy will be communicated to Customers/Users in a visible and understandable manner. New versions of the Privacy Policy will be posted on the Website.
4. Any change to the Privacy Policy will be effective from the date of notification of the change by posting it on the Website. Any changes will be appropriately highlighted for a period of one month from the date of the Privacy Policy changes.


Warsaw, April 1, 2026.