Privacy Policy

Effective: 2025-10-13

This Privacy Policy applies to processing under Polish law and the EU General Data Protection Regulation (GDPR/RODO).

On this page

Who we are (Administrator)

The data controller (administrator) for this website is:

SANDIS
[Company registered address - placeholder]
Poland

Contact email: hello@sandis.io

Scope and website nature

This website is informational in nature and is not intended to collect personal data beyond what visitors voluntarily provide (for example, when contacting us via email).

Standard server logs and basic security events may be processed to ensure the availability, security, and proper functioning of the website.

We process personal data only when we have a lawful basis under GDPR Article 6:

  • • Legitimate interests (Art. 6(1)(f)): For security, site operation, and troubleshooting (e.g., server logs, incident investigation)
  • • Consent or pre-contractual steps (Art. 6(1)(a) or (b)): When you contact us voluntarily, depending on context
  • • Legal obligations (Art. 6(1)(c)): Where applicable under Polish or EU law

What we process (minimal data)

We process only minimal personal data necessary for the purposes described:

Server logs

Our web server automatically records technical information when you visit this website, including:

  • • IP address
  • • Request metadata (URL, referrer)
  • • Timestamp
  • • User-agent (browser and device information)

This data is retained briefly for security and troubleshooting purposes.

Voluntary contact data

If you contact us via email at hello@sandis.io, we process:

  • • Your email address
  • • Message content you provide
What we do NOT do
  • • We do not engage in marketing profiling
  • • We do not sell personal data to third parties
  • • We do not use automated decision-making that produces legal or similarly significant effects

Cookies and third-party services

We do not currently use analytics cookies or marketing cookies on this website.

If we enable third-party services in the future (such as analytics, maps, or video embeds), this Privacy Policy will be updated accordingly, and any required consent will be requested before such services are activated.

Data recipients and transfers

Personal data may be shared with the following categories of recipients:

  • • Hosting and infrastructure providers: These service providers process data on our behalf under appropriate data processing agreements
  • • Legal authorities: Where required by law or to protect our legal rights

We do not routinely transfer personal data outside the European Economic Area (EEA). If international transfers become necessary, we will ensure appropriate safeguards are in place (such as Standard Contractual Clauses approved by the European Commission).

Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • • Server logs: Retained for up to 30 days unless needed to investigate security incidents or comply with legal obligations
  • • Contact emails: Retained only as long as necessary to respond to your inquiry and for compliance purposes

After the retention period expires, personal data is securely deleted or anonymized.

Your rights (GDPR)

Under the GDPR and Polish data protection law (RODO), you have the following rights regarding your personal data:

  • • Right of access: You can request a copy of the personal data we hold about you
  • • Right to rectification: You can request correction of inaccurate or incomplete data
  • • Right to erasure ("right to be forgotten"): You can request deletion of your personal data in certain circumstances
  • • Right to restriction of processing: You can request that we limit how we use your data
  • • Right to data portability: You can request a copy of your data in a structured, machine-readable format
  • • Right to object: You can object to processing based on legitimate interests
  • • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us at hello@sandis.io.

Right to lodge a complaint

If you believe we have not handled your personal data in accordance with the law, you have the right to lodge a complaint with the Polish supervisory authority:

Prezes Urzędu Ochrony Danych Osobowych (UODO)
ul. Stawki 2
00-193 Warsaw, Poland
Website: uodo.gov.pl

Security

We implement reasonable technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or alteration. These measures include:

  • • Secure server infrastructure
  • • Access controls and authentication
  • • Regular security monitoring

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will update the "Effective" date at the top of this page.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Your continued use of the website after any changes constitutes your acceptance of the updated policy.

Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Email: hello@sandis.io

Postal address:
SANDIS
[Company registered address - placeholder]
Poland