Privacy Policy
This notice explains which personal data are processed when you visit this website and on what legal basis. It is based on the EU General Data Protection Regulation (GDPR).
Controller
The controller responsible for the processing of personal data on this website within the meaning of the GDPR is the entity named in the Legal Notice. Contact for data protection enquiries:
- Company
- GDC Mobilgaraz
- Phone
- +48 789 653 095
Access data and server logs
When you access this website, our hosting provider automatically collects information that is stored in server log files. This includes: IP address, date and time of the request, amount of data transferred, notification of successful retrieval, browser type and version, operating system used and the previously visited page (referrer).
- Purpose
- Delivering the website, ensuring stability and security, and defending against attacks.
- Legal basis
- Art. 6 (1) (f) GDPR (legitimate interest in a technically reliable and secure presentation).
- Retention
- The hosting provider stores these data for a limited period and deletes them automatically thereafter. The data are not combined with other sources.
Contact form and email
If you contact us through the contact form or by email, the data you submit are stored for the purpose of handling your enquiry and any follow-up questions. The form forwards the enquiry to our email address through a processor.
- Data processed
- Name, email address, optionally phone number, message content and the consent you provide by submitting the form.
- Processor
- Cloudflare, Inc.101 Townsend St, San Francisco, CA 94107, USAhttps://www.cloudflare.com/privacypolicy/
- Third-country transfer
- If a processor we use operates outside the EU/EEA, any transfer is made solely on the basis of appropriate safeguards under Art. 44 et seq. GDPR (such as EU Standard Contractual Clauses or an adequacy decision). The specific processor is named before launch; information on the safeguards in place is available on request.
- Legal basis
- Art. 6 (1) (b) GDPR (initiation or performance of a contract) and Art. 6 (1) (a) GDPR (consent), which you provide by submitting the form.
- Retention
- We store your enquiry until it has been fully processed, unless statutory retention periods apply. You can request deletion at any time.
3D configurator
Our 3D configurator is reachable as a separate sub-application. When you save a configuration or submit it as an enquiry, the same data categories as in the contact form are collected and transmitted to us.
- Data processed
- Name, email address, optionally phone number, message or configuration data, and the consent you provide by submitting the enquiry.
- Processor
- Cloudflare, Inc.101 Townsend St, San Francisco, CA 94107, USAhttps://www.cloudflare.com/privacypolicy/
- Third-country transfer
- If a processor we use operates outside the EU/EEA, any transfer is made solely on the basis of appropriate safeguards under Art. 44 et seq. GDPR (such as EU Standard Contractual Clauses or an adequacy decision). The specific processor is named before launch; information on the safeguards in place is available on request.
- Legal basis
- Art. 6 (1) (b) GDPR (initiation or performance of a contract) and Art. 6 (1) (a) GDPR (consent), which you provide by submitting the enquiry.
- Retention
- We store your configuration and enquiry until it has been fully processed, unless statutory retention periods apply. You can request deletion at any time.
Lead ads on Facebook and Instagram
We run Lead Ads on Facebook and Instagram. When a user submits the form embedded in the ad, Meta forwards the entered fields to our system. For the collection step on Meta's surfaces we act as joint controllers together with Meta; once the data reaches our system we are the sole controller.
- Data processed
- Name, email address, phone number and any further fields requested by the campaign's form. Lead metadata (form, ad and campaign identifiers) is captured as well.
- Platform controller
- Meta Platforms Ireland Limited4 Grand Canal Square, Dublin 2, Irelandhttps://www.facebook.com/privacy/policy
- Third-country transfer
- Meta processes data in the EU and in the United States. The transfer takes place on the basis of the EU Standard Contractual Clauses, which form part of Meta's data processing agreement.
- Legal basis
- Art. 6 (1) (a) GDPR (consent given by actively submitting the form) and Art. 6 (1) (f) GDPR (legitimate interest in following up on the enquiry).
- Retention
- We store incoming leads until the enquiry has been fully processed, unless statutory retention periods apply. You can request deletion at any time.
Conversion tracking with Meta Pixel and Conversions API
With your consent we use the Meta Pixel in the browser and Meta's server-side Conversions API to measure the performance of our advertising on Facebook and Instagram. Both paths share one event identifier so that an action is counted only once. Without consent neither the pixel nor a Meta cookie is loaded, and no server-side transfer takes place.
- Data processed
- Pages visited and actions triggered (page view, contact enquiry, configurator enquiry), the Meta cookies _fbp and _fbc, IP address and browser identifier. On an enquiry, e-mail address, phone number and name are additionally transferred to Meta server-side in pseudonymised form (SHA-256 hash).
- Recipient
- Meta Platforms Ireland Limited4 Grand Canal Square, Dublin 2, Irelandhttps://www.facebook.com/privacy/policy
- Third-country transfer
- Meta processes data in the EU and in the USA. The transfer is based on the EU Standard Contractual Clauses, which form part of the Meta data processing agreement.
- Legal basis
- Art. 6 (1) (a) GDPR (consent). The pixel and Conversions API are activated only after your active consent via the consent banner.
- Withdrawal
- You can withdraw consent at any time with effect for the future by opening “Cookie settings” in the footer and changing the choice.
- Retention
- The retention period for data collected by Meta is governed by Meta's policies. The locally set Meta cookies have a limited lifetime.
Reach measurement with PostHog
For statistics on site usage we use PostHog, hosted in the EU region. It measures pages viewed and paths through the website. The measurement is anonymous and cookieless: no cookie or other identifier is stored on your device, and no personal data is processed or profiles built. It therefore needs no consent and is not part of the cookie banner. Delivery runs through our own domain; the data is not used for advertising.
- Processed data
- Pages viewed and view changes, approximate location at country level derived from the truncated IP address, browser and device type. Without an identifier and without storage on your device.
- Recipient
- PostHog. Processing takes place in the EU region; the IP address is discarded.
- Third-country transfer
- Processing takes place in the EU region. No third-country transfer is foreseen.
- Legal basis
- Art. 6(1)(f) GDPR (legitimate interest in anonymous reach measurement). Because no data is stored on your device, no consent is required.
- Retention period
- The retention period for the anonymous measurement data is governed by the settings of our PostHog project.
Phone and email contact
If you contact us by phone or by email, we record the personal data you provide in order to prepare a quote and follow up on the enquiry.
- Data processed
- Name, contact details and the information about your enquiry that you voluntarily share.
- Legal basis
- Art. 6 (1) (b) GDPR (steps prior to entering into a contract) and Art. 6 (1) (f) GDPR (legitimate interest in business correspondence).
- Retention
- We keep the data for as long as it is needed for the enquiry and any resulting business relationship, unless statutory retention periods apply. You can request deletion at any time.
Hosting
This site is served as a static deployment by Cloudflare. Cloudflare processes the access data described above in its data centres worldwide. Cloudflare is certified under the EU-US Data Privacy Framework. Details are available in the provider's privacy policy.
- Provider
- Cloudflare, Inc.
- Address
- 101 Townsend St, San Francisco, CA 94107, USA
- Privacy policy
- https://www.cloudflare.com/privacypolicy/
External links
Our website contains links to external platforms, in particular our Facebook page. When you follow such a link you leave this website; the respective provider is solely responsible under data protection law. We recommend that you review their privacy notices separately.
Cookies
The only technically necessary cookie is a first-party cookie that stores your cookie choice; it carries no tracking. Only after your marketing consent does the Meta Pixel load and set the _fbp and _fbc cookies (see the conversion-tracking section). Reach measurement with PostHog is anonymous and cookieless and sets no cookie (see the reach-measurement section). The language preference is encoded in the URL path.
Your rights
With regard to the personal data we hold about you, you have the following rights:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent with future effect (Art. 7 (3) GDPR)
To exercise these rights, an informal message to the contact details in the Legal Notice is sufficient.
Right to lodge a complaint
You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data. As the controller is based in Poland, the competent authority is primarily the Urząd Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl. You may also contact the supervisory authority of your residence, place of work or place of the alleged infringement.
Changes to this notice
We reserve the right to adapt this privacy notice if legal requirements or the way we process data change. The version published on this page applies.