Privacy Policy

Effective date: October 7, 2024
Last updated: February 17, 2025

1. Introduction

We value your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and share your personal data, as well as your rights under the General Data Protection Regulation (GDPR).

2. Data controller

The data controller responsible for your personal data is:

QUALIMA Sp. z o.o.

Ul. Romantyczna 9, 05-830 Walendów, Poland
Email: kontakt@qualima.pl

www.qualima.pl

If you have any questions about this privacy policy or your rights under GDPR, please contact us at the email address above.

3. What personal data we collect and why

Free and paid tests. On our website, users can take:

  • A free test, where we collect an email address, information about the number of employees in the organization, and the industry.
  • A paid test, where, in addition to the above, we collect the full legal name of the organization and its registered address. This information is required for issuing a certificate.

All collected data is anonymized and used for research and statistical purposes.

Additionally, we send newsletters to the provided email addresses. You can withdraw your consent to receive newsletters at any time by emailing kontakt@qualima.pl.

Comments. When visitors leave comments on our website, we collect:

  • The data entered in the comments form
  • The visitor’s IP address
  • Browser user agent string (to aid spam detection)

An anonymized string (hash) of your email address may be sent to the Gravatar service to check if you are using it. The Gravatar privacy policy is available here: https://automattic.com/privacy/. After approval, your profile picture is publicly visible in the context of your comment.

Media. If you upload images to the website, you should avoid including EXIF GPS location data. Visitors to the site can download and extract this data from images.

Cookies. We use cookies to improve your experience. Specifically:

  • If you leave a comment, you may opt-in to saving your name, email, and website in cookies (valid for one year).
  • A temporary cookie is set on the login page to check if your browser accepts cookies (deleted when you close your browser).
  • Login cookies last for two days unless “Remember Me” is selected (two weeks). If you log out, login cookies are removed.
  • If you edit or publish an article, an additional cookie (containing no personal data) is stored and expires after one day.

You can control or delete cookies through your browser settings.

Embedded content from other websites. Articles on this site may include embedded content (e.g., videos, images, articles). Embedded content from other websites behaves as if the visitor has directly accessed that site, which may collect data about you, use cookies, track interactions, or monitor activity if you are logged in to that site.

4. Legal basis for processing data

We process your data based on:

  • Your consent (e.g., when you accept cookies or submit a comment)
  • Contractual necessity (e.g., managing your user account)
  • Legal obligations (e.g., compliance with tax or fraud prevention laws)
  • Legitimate interests (e.g., improving security, preventing spam, and analyzing website traffic)

5. Who we share your data with

We do not sell or rent your personal data. However, we may share it with:

  • Third-party services that assist in spam detection (e.g., Akismet, Gravatar)
  • Authorities if legally required (e.g., law enforcement or regulatory bodies)
  • Technical providers for website maintenance and hosting

If you request a password reset, your IP address will be included in the reset email.

6. Data retention

  • Comments and metadata: Retained indefinitely to recognize and approve follow-up comments automatically.
  • User accounts: Stored as long as your account is active. You can modify or delete your data anytime (except your username).

7. Your rights under GDPR

Under GDPR, you have the following rights:

  • Right to Access – Request a copy of the personal data we hold about you.
  • Right to Rectification – Request corrections to inaccurate or incomplete data.
  • Right to Erasure – Request deletion of your personal data (except when required for legal compliance).
  • Right to Restrict Processing – Request limited processing of your data.
  • Right to Object – Object to processing based on legitimate interests.
  • Right to Data Portability – Request a copy of your data in a machine-readable format.
  • Right to Withdraw Consent – If processing is based on consent, you can withdraw it at any time.

To exercise your rights, please contact us at kontakt@qualima.pl.

8. Data transfers outside the EU/EEA

Some of our third-party providers (e.g., Gravatar, Akismet) may process data outside the European Economic Area (EEA). We ensure adequate safeguards such as Standard Contractual Clauses (SCCs) or other approved mechanisms.

9. Security measures

We take appropriate security measures to protect your data, including encryption, access controls, and secure hosting. However, no method is 100% secure, and we cannot guarantee absolute security.

10. Changes to this privacy policy

We may update this policy periodically. Changes will be posted on this page, and if significant, we will notify you by email or a website notice.

For any questions or requests, please contact us at: kontakt@qualima.pl

This policy complies with GDPR and explains how we handle your data transparently and legally.