For starters, it’s great you visited DevSec Blog and that you are not indifferent to the way we process your personal data. Below you will find the purposes, legal bases and the duration of personal data processing, described separately for each purpose of processing.
To begin with, we want to underline that your data is safe with us. We ensure the confidentiality of all personal data transferred to us, protect it from unauthorised users’ access and take adequate security and data protection measures required by regulations on personal data protection.
1.1 The Administrator of your personal data is Krzysztof Pranczk running a business under the name Krzysztof Pranczk IT Consulting, NIP 7962999625. Should you have any doubt regarding privacy policy, you may contact us at any time using this e-mail address: 
.
1.2 The GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) grants to you the following rights related to the processing of your personal data:
a) the right to access your data and receive its copy,
b) the right to amend (correct) your data,
c) the right to erase your data (if in your opinion there is no legal basis for further processing of your data, you can ask us to erase you data),
d) the right to request the limitation of processing your data (you can request the restriction of data processing for the sole purpose of their storage or performance of actions agreed with you),
e) the right to object to processing the data (you have the right to object to processing the data on the basis of a legitimate interest; you should indicate a particular situation – covered by your objection, that justifies, in your opinion, ceasing data processing. We will cease to process your data for these purposes, unless we demonstrate grounds for the processing which override your rights or unless we need your data for the establishment of and pursuing legal claims as well as for the defence against your legal claims.
f) the right to transfer your data (you have the right to receive the personal data, which you provided to us upon a contract or your consent, in a structured, commonly used and machine-readable format; you can instruct us to transmit this data to another subject),
g) the right to lodge a complaint with a supervising authority (if you come to conclusions that we are processing your data unlawfully, you can lodge a complaint with the President of the Personal Data Protection Office or another competent supervisory authority).
The procedure of exercising these rights have been provided in detail in sections 16 – 21 of the GDPR. Please remember that you can ask us to provide you the information about the data we already possess and the purposes of its processing. Just send a message to the following e-mail: .
1.3 Your personal data can be processed by the entities whose services we use. Those entities may have access to your personal data if the services they provide us with are or may be related to the processing of personal data. This concerns, in particular, entities such as the hosting provider, e-mail service providers, website technical service providers, law firms, marketing service providers, accounting offices, cloud software providers, etc. Remember that your data is safe and processed only to the necessary extent. In addition, if necessary, your personal data may be made available to entities, bodies or institutions authorized to obtain access to data on the basis of legal provisions, such as the police, security services, courts, public prosecutor’s offices, as well as tax offices, to the extent necessary to fulfill tax, billing and accounting obligations.
1.4 We transfer your personal data to third countries in connection with the use of tools that store personal data on servers located in the third countries, in particular in the USA. The providers of these tools guarantee the appropriate level of personal data protection through the adequate compliance mechanisms provided for in the GDPR or the use of standard contractual clauses. Personal data is stored on servers located in third countries within Google services (described in this Privacy Policy). For newsletter and marketing purposes, we’re using Sender.net which is based in Europe and compliant with GDPR requirements.
1.5 We use tools that can operate in a specific manner depending on information gathered with tracking technologies (profiling and behavioural advertising). However, in our opinion these mechanisms do not affect you as they do not differentiate your situation as a client, they do not impact the terms of contract that you can conclude with us.
2.1 Contact.
Processed data: name, e-mail address and alternatively data contained in the message (providing data is voluntary, however it is necessary to make contact).
The purpose of processing: making contact
Duration of data processing: The content of the correspondence can be archived and it cannot be precisely determined when it will be deleted.
Legal basis: art. 6 (1) (f) of GDPR, which is our legitimate interest. The legal basis of data processing after contract termination is also our legitimate purpose of archiving correspondence for internal needs (art. 6 (1) (f) of GDPR).
Entitlement: You have the right to request access to the correspondence history that you conducted with us (if it was archived) and demand to erase it, unless archiving this data is justified due to our overriding interests, e.g. protection against potential claims on your part.
2.2 Newsletter.
Processed data: e-mail address (providing data is voluntary, however it is necessary to subscribe to a newsletter).
The purpose of processing: sending the newsletter. The mail system we use tracks your activities undertaken in connection with the messages sent to you. Therefore, we have information about messages you opened, messages you used in terms of the links contained in them etc.
Duration of the processing: the time of providing newsletter services and archiving data in order to prove in the future that you consented to receiving the newsletter.
The content of the correspondence can be archived and it cannot be precisely determined when it will be deleted.
Legal basis: consent (art. 6 (1) (f) of GDPR) expressed when subscribing to the newsletter.
Entitlements: You can unsubscribe from the newsletter at any time by clicking on the link provided in every message sent as a part of the newsletter or simply by contacting us. You can amend your data or object to processing of your personal data. Considering our legitimate interest (art. 6 (1) (f) of GDPR) we will not erase your data from our database. Erasing such data would prevent us from demonstrating, if necessary, the fact that in the past you have agreed to receive the newsletter.
3.1 Cookies and other tracking technologies. Our website uses cookies.
Cookies are small pieces of text information stored on your end device (e.g. computer, tablet, smartphone) that can be read by our communication and information system (own cookies) or the communication and information systems of third parties (third-party cookies). Some cookies used by us are deleted after the end of the browsing session, that is after the browser is closed (session cookies). Other cookies are stored on your end device and enable us to recognise your browser the next time you visit the website (persistent cookies).
3.2 Cookie Consent
3.2 Server Logs
3.4 Google Analytics.
3.5 Google Tag Manager
3.6 Real Cookie Banner Plugin
3.7 Content from external websites.
Please note that if any information provided by us regarding the privacy policy or cookies is unclear to you, you can contact us via e-mail.