top of page

Privacy Policy

Date of update: 07/10/2025

  1. Data Controller
    The controller of your personal data is Bartłomiej Kempe, contact e-mail: kontakt@kempe.pl (“Controller”, “we”).

  2. Scope of this Policy
    This Policy applies to the website kempe.pl (“Website”) and explains:

  • what data we process,

  • for what purposes and on what legal basis,

  • who we entrust/share the data with,

  • how long we store it,

  • what rights you have,

  • how we use cookies and similar technologies.

  1. Categories and sources of processed data
    Data provided directly: the content of messages sent via the contact form or by e-mail (name, e-mail address, phone number, and any other data you include in the message).
    Data collected automatically: basic device and server log data (e.g. IP address*, date and time, session identifiers, browser headers) necessary for the operation and security of the Website.
    Analytics/marketing data (optional): stored only after you give consent in the cookie banner (e.g. cookie identifiers, on-site events).

  • The IP address may be masked/anonymised in analytics tools – see the “Analytics” section.

  1. Purposes and legal bases of processing
    We process data only to the extent necessary for the purposes below:

Handling enquiries and correspondence (contact form/e-mail) – Art. 6(1)(f) GDPR (legitimate interest: replying and maintaining correspondence), and if the conversation is aimed at concluding a contract – Art. 6(1)(b) GDPR (taking steps at your request prior to entering into a contract).
Performance of a contract / service and billing – Art. 6(1)(b) and (c) GDPR (performance of the contract, fulfilment of legal obligations such as accounting/tax).
Security of the Website and prevention of abuse (logs, backups) – Art. 6(1)(f) GDPR.
Analytics and statistics (e.g. traffic on the Website) – only after consent given via the cookie banner; legal basis: Art. 6(1)(a) GDPR.
Marketing of our own online services (e.g. pixels, remarketing tags) – only after consent; legal basis: Art. 6(1)(a) GDPR.

  1. Data recipients and processors
    We may entrust data to trusted service providers acting on our behalf:

  • Hosting/server: wix.com, for maintaining and securing the Website.

  • Analytics/marketing tools (after consent): for creating statistics and/or running advertising activities.

These entities process data under data processing agreements and only in accordance with our instructions.

  1. Data transfers outside the EEA
    If we use providers with servers located outside the European Economic Area (e.g. Google/Meta), data transfers take place on the basis of the European Commission’s Standard Contractual Clauses (SCCs) and – where necessary – additional safeguards.

  2. Retention periods
    Correspondence and enquiries (offers, quotes etc.) – up to 12 months from the last contact (or longer if they become part of contract documentation).
    Accounting documents – for the period required by law (as a rule, 5 years).
    Analytics/marketing data from cookies – according to each cookie’s lifetime or until consent is withdrawn (details in the cookie table below).

  3. Your rights
    You have the right to: access your data, rectify it, erase it, restrict its processing, receive it in a portable format, object to processing based on our legitimate interest, and withdraw consent at any time (without affecting the lawfulness of processing based on consent before its withdrawal). These rights are based on Articles 15–21 GDPR.
    You also have the right to lodge a complaint with the President of the Personal Data Protection Office (uodo.gov.pl) if you believe that we process your data unlawfully.

  4. Cookies and similar technologies
    We use cookies on the Website. Necessary cookies are stored automatically (they ensure basic functions and security). Analytics and marketing cookies are activated only after you give consent in the cookie banner. You can withdraw or change your consent at any time.
    In Poland, the obligation to inform users and obtain consent for cookies follows from Article 173 of the Telecommunications Law.
    Consent must be active and informed (no pre-ticked boxes; possibility to refuse). This follows from the CJEU judgment in the Planet49 case and EDPB guidelines on valid consent.

  5. Analytics
    If we enable Google Analytics 4, it operates only after consent from the cookie banner. We recommend enabling IP anonymisation and limiting data retention (e.g. 14 months). In case of transfers outside the EEA, Google applies SCCs.

  6. Social media and embedded third-party content (optional)
    Embedded plugins/content from external services (e.g. YouTube, Instagram, Behance) may use their own cookies – we only activate them after your consent in the banner (the “two-click” approach is recommended).

  7. Requirement to provide data
    Providing contact data is voluntary, but necessary to receive a reply. Billing data is required by law.

  8. Security
    We apply technical and organisational measures appropriate to the risks (HTTPS/TLS, access control, server updates, data minimisation).

  9. Children’s data
    The Website is intended for adults; we do not target our communication to children.

  10. Changes to this Policy
    We may update this Policy, for example when laws, technologies or the scope of our services change. The new version will be published here together with the update date.

  11. Privacy contact
    For any questions regarding personal data, you can write to: kontakt@kempe.pl.
    If we appoint a Data Protection Officer (DPO), their contact details will be provided here.

Contact me to discuss graphic design.

Bartłomiej Kempe
kontakt@kempe.pl
  • Facebook
  • Instagram
  • X
  • TikTok
 
© 2025 by Bartłomiej Kempe.

 

Privacy Policy

Contact

bottom of page