Cookie Policy

1. Legal Framework

This Cookie Policy complies with:

  • ePrivacy Directive 2002/58/EC, Article 5(3): prior consent required for storing or accessing information on terminal equipment, except for strictly necessary purposes
  • GDPR Article 4(11): valid consent must be freely given, specific, informed, and unambiguous
  • CJEU Planet49 ruling (C-673/17, October 2019): pre-checked boxes are invalid; active affirmative consent is required
  • Polish Telecommunications Law (Prawo telekomunikacyjne) of 16 July 2004
  • EDPB Guidelines 05/2020 on consent and EDPB Guidelines 03/2022 on dark patterns

2. What Are Cookies and Tracking Technologies

Under the ePrivacy Directive and EDPB guidelines, “cookies” encompasses any technology that stores or accesses information on a user's terminal equipment, including:

  • HTTP cookies and Flash cookies
  • LocalStorage and sessionStorage
  • Device fingerprinting and pixel tags
  • Mobile identifiers (IDFA, AAID)

3. Consent Requirements

3.1 Valid Consent Criteria

Per Article 4(11) GDPR and EDPB enforcement guidance, consent must be:

  • Freely given: No cookie walls conditioning access to the Service on acceptance of non-essential cookies.
  • Specific: Granular consent by purpose. Analytics and advertising must be consented to separately.
  • Informed: Clear information on purposes, duration, and third parties must be provided before consent is collected.
  • Unambiguous: A clear affirmative action is required. Implied consent via scrolling is not valid.

3.2 Equal Prominence

Consistent with CNIL enforcement practice and EDPB Guidelines 03/2022 on dark patterns, our consent interface provides:

  • “Accept All” and “Reject All” buttons with identical size, colour weight, and visual hierarchy
  • The same number of clicks to accept or to reject all non-essential cookies
  • No pre-ticked boxes for any cookie category

4. Cookie Categories

5. Consent Management

5.1 Consent Records

Under the Article 7(1) GDPR accountability requirement, we maintain consent logs including:

  • Timestamp and date of consent action
  • Categories accepted or rejected
  • Version of the consent banner displayed at time of consent

Consent records are retained for 3 years from the date of consent.

5.2 Withdrawal of Consent

Withdrawal must be as easy as giving consent (Article 7(3) GDPR):

  • Preference centre accessible via the “Cookie Settings” link in our website footer
  • Withdrawal takes effect immediately; no cookies continue to operate after a valid withdrawal
  • No detriment to the user — the Service remains functional for all essential features after withdrawal

6. Third-Party Processors

Processor Purpose Data Location Safeguards
Google Analytics 4Website analyticsEU / US (DPF + SCCs)IP anonymization, 14-month retention limit, DPA
CloudflareCDN, security, DDoS protectionGlobal (EU SCCs)DPA, EU Standard Contractual Clauses
StripePayment processingEU / US (DPF + SCCs)PCI-DSS Level 1, DPA

7. Automated Privacy Signals

We respect the Global Privacy Control (GPC) browser signal as an expression of the user's opt-out preference for non-essential cookies, where technically feasible. We also respect Do Not Track (DNT) signals on a best-efforts basis.

8. Cookie Duration

  • Session cookies: Deleted automatically when the browser is closed
  • Persistent cookies: Maximum duration of 12 months, in line with EDPB recommendations
  • Consent renewal: Users are re-prompted after 6 months, or earlier where purposes or processors have changed materially

9. Your Rights

Under GDPR and Polish law, in relation to personal data processed through cookies you have the right to:

  • Access your data (Article 15 GDPR)
  • Withdraw consent at any time (Article 7(3) GDPR) — via the Cookie Settings link in the footer
  • Object to processing based on legitimate interests (Article 21 GDPR)
  • Request erasure of your data (Article 17 GDPR)
  • Lodge a complaint with UODO (uodo.gov.pl) or your national supervisory authority

10. Updates and Contact

We update this Cookie Policy to reflect changes in our use of cookies, applicable law, and regulatory enforcement guidance. The “Last Updated” date at the top of this page indicates the date of the most recent revision.