Privacy Policy

This privacy policy will explain how our organization uses the personal data we collect from you when you use our website.

1. General Information

1. This Privacy Policy applies to the website and application (the “Service”) operating at the following URLs: klokku.com and app.klokku.com.

2. The operator of the Service and the controller of personal data (“Controller”) is: Mariusz Józala Aetas, ul. Leśna 8, 55-114 Wisznia Mała, Poland, NIP: 8321896582, REGON: 360561515.

3. Contact email address of the Operator: contact@klokku.com.

4. The Operator is the Controller of your personal data with respect to data voluntarily provided in the Service and data collected automatically in connection with your use of the Service.

5. The Service may process your personal data for the following purposes and on the following legal bases:

   a. Provision of the Service and performance of ordered services – creating an account, enabling you to use the functionalities of the Service, handling payments, maintaining your subscription:

   • legal basis: performance of a contract or taking steps at your request before entering into a contract – Article 6(1)(b) GDPR;
   • legal basis (for invoicing, accounting, tax records): compliance with a legal obligation imposed on the Controller – Article 6(1)(c) GDPR.

   b. Handling enquiries via contact forms or email – answering your questions, providing support, preparing offers at your request:

   • legal basis: taking steps at your request before entering into a contract – Article 6(1)(b) GDPR;
   • legal basis: the Controller’s legitimate interest consisting in responding to enquiries and maintaining business communication – Article 6(1)(f) GDPR.

   c. Providing a newsletter – sending you information about news, updates and selected marketing content:

   • legal basis: your consent – Article 6(1)(a) GDPR; You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

   d. Presentation of offers and direct marketing – displaying or sending you information about the Service or similar products and services:

   • legal basis: the Controller’s legitimate interest consisting in direct marketing of its own products and services – Article 6(1)(f) GDPR.

   e. Ensuring the security, proper functioning, and improvement of the Service – maintaining server logs, analyzing usage patterns (including traffic statistics and user behavior analytics), monitoring performance, managing technical infrastructure, identifying errors, and optimizing user experience:

   • legal basis: the Controller’s legitimate interest consisting in ensuring the security, proper operation, and continuous improvement of the Service – Article 6(1)(f) GDPR.

   f. Establishment, exercise or defence of legal claims – pursuing or defending against claims related to the Service:

   • legal basis: the Controller’s legitimate interest consisting in protection of its rights – Article 6(1)(f) GDPR.

6. The Service collects information about users and their behaviour in the following ways:

   a. Through data voluntarily entered into forms, which are entered into the Operator’s systems. b. Through session cookies strictly necessary for authentication and operation of the application (app.klokku.com only). c. Through server-side analytics that do not use cookies or similar tracking technologies.

2. Selected Data Protection Methods Used by the Operator

1. Login areas and places where personal data are entered are protected at the transmission layer (SSL/TLS certificate). This ensures that personal data and login details entered on the site are encrypted on the user’s device and can only be read on the target server.
2. User passwords are stored in hashed form. The hashing function is one‑way – it is not possible to reverse its operation, which is currently the standard for storing user passwords.
3. In order to minimize the risk of unauthorized access to data, the Operator uses complex passwords containing lowercase and uppercase letters, digits and special characters, with a minimum length of 8 characters.
4. Two‑factor authentication is available in the Service, which provides an additional form of protection for logging into the Service.
5. To protect data, the Operator regularly makes backup copies.

3. Hosting

1. The Service is hosted (technically maintained) on the servers of the provider: ovh.com.

2. In order to ensure technical reliability, the hosting company maintains logs at the server level. The following may be recorded:

   • resources identified by URL (addresses of requested resources – pages, files),
   • the time the request was received,
   • the time the response was sent,
   • the client station name – identification carried out by the HTTP protocol,
   • information about errors that occurred in the execution of HTTP transactions,
   • the URL address of the previously visited page by the user (referrer link) – where the transition to the Service occurred via a link,
   • information about the user’s browser,
   • information about the IP address,
   • diagnostic information related to the process of independently ordering services via forms on the website,
   • information related to handling email sent to the Operator and sent by the Operator.

4. Your Rights and Additional Information on How Data Are Used

1. In certain situations, the Controller has the right to transfer your personal data to other recipients if this is necessary to perform the contract concluded with you or to fulfill obligations imposed on the Controller. This applies in particular to the following groups of recipients:

   • the hosting company under a data processing agreement,
   • payment operators,
   • authorized employees and collaborators who use the data to achieve the purposes of operating the Service.

2. Your personal data are processed by the Controller no longer than is necessary to perform the activities related to them, as specified by separate regulations (e.g. on accounting). With respect to data processed for marketing purposes, the data will not be processed for longer than 3 years from the last interaction or until you object or withdraw consent, whichever occurs first.

3. You have the right to request from the Controller:

   • access to personal data concerning you,
   • rectification of such data,
   • erasure of such data,
   • restriction of processing,
   • data portability.

4. You have the right to object to the processing of your personal data carried out on the basis of the Controller’s legitimate interest, as referred to in Article 6(1)(f) GDPR, including profiling for such purposes, in particular in connection with direct marketing or analytics. In such a case, the Controller will no longer process the data for these purposes, unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, in particular for the establishment, exercise or defence of legal claims.

5. You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. In Poland, the supervisory authority is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych).

6. Providing personal data is voluntary but necessary to use the Service or to receive a response to an enquiry, newsletter or other content that you request.

7. You may be subject to decisions based solely on automated processing, including profiling, for the purposes of providing services under the contract and for the Controller’s direct marketing.

   • Logic involved – automated processing consists primarily in:
     • segmenting users into groups based on criteria such as the type of subscription, frequency of using the Service, visited subpages or interactions with messages, and
     • automatically sending selected information or marketing messages or displaying selected content in the Service based on such segments.
   • Significance and consequences for you – the consequence of such processing is that you may receive content (including marketing content) and functionalities better matched to your interests and use of the Service. This processing does not result in decisions that produce legal effects concerning you or similarly significantly affect you within the meaning of Article 22 GDPR (for example, it is not used to automatically refuse access to the Service, individually determine prices, or make binding contractual decisions without human involvement).
   • You may at any time object to processing for direct marketing purposes (including related profiling), or withdraw consent to receiving marketing communications, which will result in the cessation of such profiling and communications for these purposes.

8. As a rule, your personal data are processed within the European Union / European Economic Area. The Controller does not transfer your personal data to countries outside the European Union / European Economic Area. If this were to change in the future, the Controller will ensure that such transfer takes place in accordance with the requirements of Chapter V GDPR and will appropriately update this Privacy Policy.

5. Information in Forms

1. The Service collects information voluntarily provided by the user, including personal data, if such data are provided.
2. The Service may store information about connection parameters (time stamp, IP address).
3. In some cases, the Service may store information facilitating the linking of data in a form with the email address of the user filling in the form. In such a case, the user’s email address may appear within the URL of the page containing the form.
4. Data provided in a form are processed for the purpose resulting from the function of a particular form, e.g. in order to handle a service request or commercial contact, register services, or subscribe to a newsletter. Each time, the context and description of the form clearly indicate what it is used for.

6. Administrator Logs

1. Information on user behaviour in the Service may be logged. These data are used for administering the Service, ensuring its proper operation and improving its functionalities, on the basis of the Controller’s legitimate interest.

7. Analytics and Usage Statistics

1. The Operator uses Umami, a privacy-focused analytics solution, to collect anonymous usage statistics for the purpose of improving the Service and understanding how users interact with it.
2. Umami operates without using cookies, local storage, or any other client-side tracking technologies.
3. The data collected by Umami is anonymized and includes:
   • page views and navigation patterns,
   • device type and browser information (user agent),
   • approximate geographic location (country/region level only, derived from IP address),
   • referrer information (source of traffic).
4. Legal basis for using Umami: the Controller’s legitimate interest in analyzing traffic and improving the Service (Article 6(1)(f) GDPR).

8. Important Marketing Techniques

1. The Operator may use solutions that automate the operation of the Service in relation to users, for example solutions that may send an email to a user after visiting a specific subpage or performing certain actions in the Service, provided that the user has consented to receiving commercial correspondence from the Operator where such consent is required.

9. Session Cookies (Technical Cookies)

1. The application (app.klokku.com) uses session cookies strictly necessary for authentication and maintaining user sessions after login.
2. These cookies are essential for the proper functioning of the Service and do not require consent under Article 173(3) of the Polish Telecommunications Law and the ePrivacy Directive.
3. Session cookies contain only:
   • a unique session identifier,
   • authentication token,
   • security-related data (e.g., CSRF protection).
4. Session cookies are automatically deleted when you log out or after a specified period of inactivity.
5. Web browsing software (web browser) allows you to manage cookie settings. However, disabling session cookies will prevent you from logging into and using the application.

10. Managing Cookies – Browser Settings

1. If the user does not want to receive cookies (including technical session cookies), they may change their browser settings. Please note that disabling cookies that are essential for authentication processes and security will prevent the use of the application (app.klokku.com).

2. To manage cookie settings, select the web browser you are using from the list below and follow the instructions:

   • Edge
   • Chrome
   • Safari
   • Firefox
   • Opera

   Mobile devices:

   • Android
   • Safari (iOS)