Privacy Policy
Effective from: 10 April 2026 · Last updated: 10 April 2026
This Privacy Policy defines the rules for processing and protecting personal data provided by Users in connection with their use of the qa10.io website and within the technology services delivered by QA10.
Note: This is a courtesy translation of the Polish original. In case of any discrepancy between language versions, the Polish version shall prevail. Governing law: Polish law.
1. Data Controller
The controller of your personal data is:
QA10 sp. z o.o.
ul. Mariacka 37, 40-014 Katowice, Poland
KRS: 0001232199 · NIP (tax ID): 9542906279 · REGON: 544435060
Contact email: kontakt@qa10.io
Phone: +48 661 411 550
Hereinafter referred to as "QA10", "we" or "the Controller".
QA10 is a technology company specialising in business process automation, IT systems integration, Process Mining, and RPA implementations.
2. Legal Basis and Purpose of Processing
We process your personal data strictly on the basis of specific legal grounds under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and the Polish Personal Data Protection Act of 10 May 2018 (Journal of Laws 2019, item 1781, as amended).
| Purpose | Legal basis (GDPR) | Data scope | Retention period |
|---|---|---|---|
| Response to contact form enquiries | Art. 6(1)(b) (pre-contractual steps) or Art. 6(1)(f) (legitimate interest — handling enquiries) | Name, surname, email, phone number, company name, enquiry content | Until correspondence ends + 12 months, or until an effective objection is filed |
| Conclusion and performance of a technology services agreement | Art. 6(1)(b) (contract performance) | Identification, contact, company and billing data | For the term of the contract + statute of limitations period (3 years, Art. 118 of the Polish Civil Code) |
| Fulfilment of tax and accounting obligations | Art. 6(1)(c) (legal obligation) | Invoice data | 5 years from the end of the tax year |
| Establishment, exercise or defence of legal claims | Art. 6(1)(f) (legitimate interest) | Data from the contract and correspondence | Until the statute of limitations period expires |
| Website traffic analytics (subject to consent for analytical cookies) | Art. 6(1)(a) (consent) | IP address (anonymised), device data, on-site behaviour | Up to 14 months from last activity, or until consent is withdrawn |
3. Data Recipients
Your data may be shared only with entities supporting our operations, in particular:
- hosting and IT infrastructure providers (Cloudflare, Inc. — USA, under the EU-US Data Privacy Framework),
- email service providers,
- accounting firms handling our tax obligations,
- law firms (in case of legal claims),
- analytics tool providers (only if you consent to analytical cookies).
We do not sell your personal data. We do not profile users in ways that produce legal effects concerning them.
4. International Data Transfers
We use Cloudflare, Inc. (USA) for CDN and website protection. Cloudflare is certified under the EU-US Data Privacy Framework, which provides the legal basis for data transfers under Art. 45 GDPR (European Commission Decision of 10 July 2023).
When using Google Fonts, fonts may be loaded from Google servers (USA). The transfer occurs on an analogous legal basis.
5. Your Rights (Articles 15–22 GDPR)
In connection with the processing of personal data, you have the following rights:
- Right of access (Art. 15 GDPR) — you may obtain information on whether we process your data and, if so, access it.
- Right to rectification (Art. 16 GDPR) — you may request correction of inaccurate data or completion of incomplete data.
- Right to erasure (Art. 17 GDPR) — you may request deletion of data that is no longer necessary for the purposes of processing.
- Right to restriction of processing (Art. 18 GDPR).
- Right to data portability (Art. 20 GDPR) — for data processed by automated means on the basis of consent or contract.
- Right to object (Art. 21 GDPR) — against processing based on legitimate interest.
- Right to withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
To exercise the above rights, please write to: kontakt@qa10.io. We will respond without undue delay and no later than within one month of receipt of the request (Art. 12(3) GDPR).
6. Right to Lodge a Complaint
If you believe that the processing of your data infringes the GDPR, you have the right to lodge a complaint with the President of the Polish Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl).
7. Voluntary Nature of Data Provision
Providing data in the contact form is voluntary but necessary for us to handle your enquiry. Failure to provide data marked as required will prevent us from responding to your request.
8. Data Security
We apply technical and organisational measures appropriate to identified risks, including: transport encryption (TLS/HTTPS), access control, regular security reviews, and a data minimisation policy.
9. Cookies
Detailed information about the cookies used on the qa10.io website can be found in a separate document: Cookie Policy.
10. Changes to the Privacy Policy
The Controller reserves the right to update this Privacy Policy. We will notify you of material changes via a website notice. The current version is always available at: qa10.io/privacy-policy-en.html.