Privacy Policy

Effective date: 05.06.2025

If you’ve reached this site, you likely value your privacy. We understand that completely, which is why we’ve prepared this document outlining the rules for processing personal data, as well as the use of cookies and other tracking technologies in connection with the operation of the Naturaily.com website.

Who we are

Naturaily Spółka z ograniczoną odpowiedzialnością (“Naturaily”, “We”) is the owner of this website. 

Naturaily Spółka z ograniczoną odpowiedzialnością, Wroclaw, Poland, is the Controller of your personal data.  Our address is ul. Ofiar Oświęcimskich 17, 50-069 Wroclaw, registered in the Register of Entrepreneurs of the National Court Register under number KRS 0000472548, whose register is kept by the District Court for Wroclaw-Fabryczna in Wroclaw, VIth Commercial Division of KRS, NIP: 8943047516, with a share capital of PLN 40,000.00. 

The Controller will process personal data lawfully, in compliance with the General Data Protection Regulation (“GDPR”) (Regulation (EU) 2016/679).

In all cases regarding your personal data you can contact us by e-mail: gpdr@naturaily.com

Why do we process your data?

Generally, we need your data for the following purposes:

1. To establish contact and, upon your request, prepare a tailored offer – We process your data to respond to your inquiry and provide a personalized offer, based on our legitimate interest in building a client relationship (Art. 6(1)(f) GDPR).

2. To conduct the recruitment process and maintain communication regarding your application – We process your personal data to carry out the recruitment process and stay in touch with you regarding your application, legal obligation to which the controller is subject (Article 6(1)(c) GDPR in connection with the provisions of the Labor Code).

3. To take into account the candidate's application documents in future recruitment processes based on your consent (Article 6(1)(a) of the GDPR).

4. To improve and adapt our website’s functionality, ensuring its security and quality – We process your data to enhance the performance, security, and quality of our website, ensuring it functions optimally (Art. 6(1)(f) GDPR).

5. To protect against potential legal claims – We may process your personal data to safeguard our company against potential legal claims (Art. 6(1)(f) GDPR).

6. To conduct marketing and analytics when you download materials from our website – If you download a whitepaper, we collect your personal data to track who has downloaded our materials and use that data for marketing analytics. We may also reach out to explore potential business opportunities with your company. This processing is based on our legitimate interest in marketing and developing client relationships (Art. 6(1)(f) GDPR).

7. To send you news and updates when you opt in – If you consent by ticking the relevant box, we will send you emails with updates about our expertise, latest work, and technology trends, based on your consent  (Art. 6(1)(a) GDPR).

8. To enhance our ability to provide relevant marketing, offers, and services we may collect information about you from publicly available sources (e.g., public databases) or from our trusted partners and other third parties. The processing of this data is based on our legitimate interest (Art. 6(1)(f) GDPR) in promoting our services and delivering tailored content.

Social media interactions

We maintain profiles on Facebook, LinkedIn, Twitter, Instagram and Dribbble which involves processing the personal data of visitors to those profiles.

Our website also uses plugins and other tracking tools from these and other social media platforms. When you visit our website, your browser transmits information about your visit to the respective social network administrator. This information, collected via plugins, may be used by these administrators for their own purposes, over which we have no control. We cannot influence how social media sites manage or track this data. Each social media platform manages its own infrastructure and has its own data processing rules, which are detailed in their respective privacy policies. For details on how these social media administrators process your personal data, and for information on how to object to this processing, please refer to their privacy policies.

• Facebook: https://www.facebook.com/privacy/explanation

• LinkedIn: https://linkedin.com/legal/privacy-policy?trk=seo-authwall-base_footer-privacy-policy

• X: https://x.com/pl/privacy

• Instagram: https://privacycenter.instagram.com/policy

• Dribble: https://dribbble.com/privacy

Regarding your personal data on our social media profiles, we may be partial co-administrators with the social media platform, as defined in Art. 26 sec. 1 GDPR. Their privacy policies detail responsibilities for data processing.  Where possible, we take steps to ensure processing complies with data protection regulations.

What information about you do we have?

Depending on the purpose, we can process the following information about you:

• Name, full name

• Email

• Phone number

• Company you work at / represent

• Where is your company located (physical address)

• Job title

• The fact that you’ve visited our website

• Have you downloaded any marketing materials from our website

We could include information that isn't confidential, such as your job title or address, on your LinkedIn profile, if you've made that information publicly available.

For the purpose of recruitment:

• First name(s) and last name

• Date of birth

• Contact details you provide

• Previous employment and education details professional qualifications

• Employment history

We automatically collect certain information when you visit, use, or navigate the services. This information does not reveal your specific identity (such as your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, and information about how and when you use our services, along with other technical details. 

How long will the data be stored?

We retain your personal information for as long as we have a legitimate business need to do so, or for the duration required to fulfill the purposes outlined in this Policy, up to the point you withdraw your consent.  The retention period depends on why we collected and use the information, and/or to comply with applicable laws.  We may need to retain data longer to resolve disputes or respond to regulatory or legal requests. In these situations, the information will be used and stored until the matter is resolved.

How do we protect your personal information?

Naturaily is ISO-27001 certified, which means we uphold the highest standards of information security. As a result, we strictly avoid any practices that could compromise the security of the data we handle. We take all necessary technical and organizational measures to ensure your data remains secure, in full compliance with GDPR requirements.

What are your rights?

Under GDPR, you have the following rights regarding your personal data:

1. Right to access (Art. 15 of the GDPR): You can request a copy of your personal data.

2. Right to rectification (Art. 16 of the GDPR): You can correct any inaccurate or incomplete data.

3. Right to erasure (Art. 17 of the GDPR): You can ask for your data to be deleted if we have no legal reason to keep it.

4. Right to restrict processing (Art. 18 of the GDPR): You can request that we limit how we use your data (e.g., to just store it or perform agreed actions) if the data is incorrect or being processed unlawfully.

5. Right to object (Art. 21 of the GDPR): You can object to the processing of your data if it’s based on legitimate interest, especially if you believe it’s harming you.

6. Right to data portability (Art. 20 of the GDPR): You can get your data in a machine-readable format and transfer it to another service provider.

7. Right to withdraw Consent (Art. 7 of the GDPR): If you gave consent for us to process your data, you can take it back at any time.

8. Right to complain (Art.  77 of the GDPR): If you think we're processing your data unlawfully, you can file a complaint with the relevant supervisory authority.

Who will we share your data with?

The data you provided may be shared with other entities, such as companies that provide us with specific services:

• hosting providers,

• cloud software providers, 

• suppliers of IT systems and entities cooperating in order to perform technical activities aimed at ensuring the security of these systems,

• entities providing postal services,

• legal advisors bound by work confidentiality,

• other subcontractors who gain access to the data if the scope of their activities requires such access.

These entities will process personal data based on the agreement with us and solely to the extent that we instruct them to do so.

Transfer of data to Third Countries

We transfer your personal data to third countries when using external service providers who store the entrusted data on servers located outside the European Economic Area (EEA). Such transfers occur only when necessary to achieve our business objectives and only if the third country guarantees an adequate level of data protection through:

• the use of a relevant decision of the European Commission regarding the assurance of an adequate level of protection of Personal Data in that country, and, in the case of transfer to third-party entities located in the U.S., placement of such entity on the Data Privacy Framework list;

• the use of standard contractual clauses issued by the European Commission, if a given country does not have a confirmed decision of the European Commission, or in the case of a transfer to the U.S., the third-party entity is not included in the abovementioned list;

• application of binding corporate rules approved by the competent supervisory authority.

Do we use cookies and what are they anyway?

As most of the online services, our website uses first-party and third-party cookies for several purposes. Cookies are small text files that may be stored on your computer or mobile device.

First-party cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally identifiable data.

The third-party cookies used on our website are mainly for understanding how the website performs, how you interact with our website, keeping our services secure, providing advertisements that are relevant to you, and all in all providing you with a better and improved user experience and help speed up your future interactions with our website.

Similar technologies include pixels, beacons, tags, embedded scripts, social media plugins, or other tracking tools. These technologies are often used alongside cookies but may be stored differently. You can find information on how we use these technologies in our Cookie Policy.

Do we use profiling?

We do not make decisions in relation to you based solely on automated processing, including profiling, that would have legal effects or significantly affect you.

Do we respond to “Do not track” signals?

Most web browsers and some mobile apps offer a Do-Not-Track (DNT) setting to signal your preference to avoid tracking. Since no standard for recognizing DNT signals exists, we currently don’t respond to these settings. If a required standard is adopted in the future, we’ll update our Privacy Policy accordingly.

Updating the Policy

We may update this Policy to reflect changes in legal requirements or best practices related to personal data protection. If we make significant changes, we will notify you by posting a notice in a prominent location or by contacting you directly. We encourage you to review this Policy regularly to stay informed about how we protect your personal data.