Privacy Policy

Privacy Policy

Privacy Policy

Last updated: April 5, 2026

1. Data controller

The data controller is Kultivo Solutions Bartłomiej Kostrzewa, Poland, NIP: 7622016109.


For matters related to personal data processing, the user may contact the Controller via the email address provided on the website or through the contact form available on the website.

1. Data controller

The data controller is Kultivo Solutions Bartłomiej Kostrzewa, Poland, NIP: 7622016109.


For matters related to personal data processing, the user may contact the Controller via the email address provided on the website or through the contact form available on the website.

2. Data We Collect

We may collect the following personal data:

  • first and last name,

  • email address,

  • phone number (optional),

  • message content,

  • cookies and similar technologies,

  • usage data,

  • data necessary for payment processing and service delivery.


Personal data may be provided by the User voluntarily (e.g. via contact forms, email, or social media) or collected automatically through the use of the website. Providing personal data is generally voluntary, however certain data may be necessary to receive a response or to enter into and perform a contract. Failure to provide such data may result in the inability to use certain services.

2. Data We Collect

We may collect the following personal data:

  • first and last name,

  • email address,

  • phone number (optional),

  • message content,

  • cookies and similar technologies,

  • usage data,

  • data necessary for payment processing and service delivery.

Data is provided voluntarily by the User (e.g. via contact forms, email, or social media) or collected automatically through the use of the website

3. How We Use Data

The legal basis for processing personal data depends on the purpose of processing:

  • responding to inquiries and communication – Article 6(1)(f) GDPR (legitimate interest in responding to messages),

  • taking steps prior to entering into a contract – Article 6(1)(b) GDPR,

  • providing and delivering services – Article 6(1)(b) GDPR,

  • processing payments and fulfilling legal obligations (e.g. accounting) – Article 6(1)(c) GDPR,

  • maintaining client relationships and records – Article 6(1)(f) GDPR (legitimate interest in business continuity),

  • business development and client acquisition – Article 6(1)(f) GDPR (legitimate interest in marketing own services),

  • website functionality and security – Article 6(1)(f) GDPR.

3. How We Use Data

We process personal data for the following purposes:

  • handling inquiries and communication,

  • providing and delivering services,

  • preparing offers and managing client relationships,

  • processing payments,

  • maintaining records related to cooperation,

  • business development and client acquisition,

  • ensuring proper functioning of the website.

The legal basis for processing includes:

  • performance of a contract,

  • steps prior to entering into a contract,

  • legal obligations,

  • legitimate interests of the Controller.

3. How We Use Data

We process personal data for the following purposes:

  • handling inquiries and communication,

  • providing and delivering services,

  • preparing offers and managing client relationships,

  • processing payments,

  • maintaining records related to cooperation,

  • business development and client acquisition,

  • ensuring proper functioning of the website.

The legal basis for processing includes:

  • performance of a contract,

  • steps prior to entering into a contract,

  • legal obligations,

  • legitimate interests of the Controller.

4. Sharing Your Information

Personal data may be shared with trusted third parties that support our operations, including:

  • hosting and infrastructure providers,

  • email and communication service providers,

  • CRM and data management tools,

  • payment processor Stripe.

Data is shared only to the extent necessary and based on appropriate data processing agreements where required.

4. Sharing Your Information

Personal data may be shared with trusted third parties that support our operations, including:

  • hosting and infrastructure providers,

  • email and communication service providers,

  • CRM and data management tools,

  • payment processor Stripe.

Data is shared only to the extent necessary and based on appropriate data processing agreements where required.

5. International Data Transfers

Due to the use of third-party services, personal data may be transferred outside the European Economic Area, including to the United States.

Such transfers are carried out in accordance with applicable data protection laws and are based on appropriate safeguards, such as:

- the European Commission’s Standard Contractual Clauses (SCC),
- or participation of the recipient in the EU-U.S. Data Privacy Framework (if applicable).

6. Cookies & Tracking

The website uses cookies and similar technologies.

Cookies are divided into the following categories:

  • essential cookies – necessary for the proper functioning of the website (legal basis: Article 6(1)(f) GDPR),

  • analytical cookies – used to analyze website traffic and performance (only used with user consent – Article 6(1)(a) GDPR),

  • functional cookies – used to remember user preferences (only used with user consent).

Cookies may be set both by the Controller and by third-party service providers, such as payment processors (e.g. Stripe).

Users can manage or withdraw their consent to cookies at any time via browser settings.

7. Data Retention

Personal data is stored for the following periods:

  • inquiry-related data – for the duration of correspondence and up to 12 months after its completion,

  • client data – for the duration of the contract and up to 5 years after its termination (due to accounting and legal obligations),

  • marketing-related data – until the user objects or withdraws consent,

  • technical and usage data – for the period necessary to ensure website functionality and security.

After these periods, data is deleted or anonymized.

8. Automated Decision-Making and Profiling

We do not use personal data for automated decision-making, including profiling, within the meaning of Article 22 GDPR.

9. Your Rights

You have the right to:

  • access your personal data,

  • rectify your data,

  • request deletion of your data,

  • restrict processing,

  • object to processing,

  • request data portability,

  • withdraw consent at any time (if applicable).

You may exercise your rights by contacting the Controller via email.

You also have the right to lodge a complaint with a supervisory authority.

11. Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss or disclosure.

Access to data is limited to authorized persons only and handled in secure systems.

12. Changes to this policy

We reserve the right to update this Privacy Policy at any time. The latest version will always be available on the website.