Privacy Policy

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

If you have any questions about data protection, please contact us at info@jp-management.com.

When you visit our website or use our services, we may collect the following categories of personal data:

Personal data you provide voluntarily: When you submit a contact form, application, or other inquiry, we collect the information you provide, such as your name, email address, phone number, and the content of your message.

Usage data from server logs: Our web servers automatically collect technical information when you visit our website, including your IP address, browser type and version, operating system, referring URL, pages visited, date and time of access, and the amount of data transferred.

Cookie and tracking data: We use cookies and similar tracking technologies to collect data about your browsing behaviour on our website. This includes session identifiers, language preferences, scroll depth, click interactions, and device information. For full details, please refer to our Cookie Policy.

We process your personal data for the following purposes:

Service inquiries and communication: To respond to your contact requests, process applications, and communicate with you about our services.

Website operation and security: To ensure the technical functionality and security of our website, to detect and prevent abuse, and to optimise the user experience.

Analytics and improvement: To analyse how visitors use our website so we can improve content, navigation, and performance. This includes statistical analysis of page views, user flows, and interaction patterns.

Marketing and advertising: With your consent, to deliver targeted advertising via social media platforms and to measure the effectiveness of our marketing campaigns.

Language personalisation: To detect and remember your preferred language so we can display the website in the appropriate language version.

We process your personal data on the following legal bases under Art. 6(1) GDPR:

Consent (Art. 6(1)(a) GDPR): Where you have given us your explicit consent to process your personal data for specific purposes, such as the use of analytics cookies, marketing tracking pixels, and session recordings. You may withdraw your consent at any time with effect for the future.

Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR): Where data processing is necessary to take steps at your request prior to entering into a contract, such as when you submit an application or service inquiry through our contact form.

Legitimate interest (Art. 6(1)(f) GDPR): Where processing is necessary for our legitimate interests, provided that these interests are not overridden by your rights and freedoms. Our legitimate interests include ensuring the security and functionality of our website, preventing fraud and spam via reCAPTCHA, analysing website usage for improvement purposes, and storing language preferences for a better user experience.

Our website uses cookies and similar tracking technologies. Cookies are small text files that are stored on your device when you visit our website. They serve various purposes, including enabling basic website functionality, remembering your preferences, analysing usage patterns, and delivering personalised advertising.

We distinguish between the following types of cookies:

Strictly necessary cookies: These are essential for the operation of our website and cannot be disabled. They include cookies for language detection and session management.

Analytics cookies: These help us understand how visitors interact with our website by collecting information about pages visited, session duration, and user flows. We use Matomo Analytics and Ahrefs Analytics for this purpose.

Functional cookies: These enable enhanced functionality such as session replay and heatmap analysis through Hotjar, helping us identify usability issues.

Marketing cookies: These are used to track visitors across websites to deliver relevant advertisements. We use Meta/Facebook Pixel for this purpose.

You can manage your cookie preferences at any time through our cookie consent banner or through your browser settings. For comprehensive information about each cookie, its purpose, and its retention period, please refer to our Cookie Policy.

We use the following third-party services on our website. Each service, its provider, purpose, the data transferred, and the legal basis for processing are described below.

Google Tag Manager (GTM-5TKV86FV)

Matomo Analytics

Hotjar

Meta/Facebook Pixel

Google reCAPTCHA Enterprise

Ahrefs Analytics

We do not sell, rent, or trade your personal data to third parties. We may share your data with the third-party service providers listed in Section 6 solely for the purposes described. These providers act as data processors on our behalf and are contractually obligated to process data only in accordance with our instructions and applicable data protection laws.

Some of the third-party services we use are operated by companies based outside the European Economic Area (EEA), in particular in the United States (Google, Meta) and Singapore (Ahrefs). Where personal data is transferred to countries outside the EEA, we ensure that appropriate safeguards are in place, including:

- EU-US Data Privacy Framework (DPF): For transfers to US-based providers certified under the DPF, in accordance with the European Commission's adequacy decision.
- Standard Contractual Clauses (SCCs): Where the DPF does not apply, we rely on EU Standard Contractual Clauses adopted by the European Commission to ensure an adequate level of data protection.
- Additional technical and organisational measures where necessary to supplement these safeguards.

We may also disclose your personal data if required to do so by law, by a court order, or by a binding decision of a competent regulatory authority.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. The specific retention periods depend on the type of data:

After the applicable retention period expires, personal data is securely deleted or anonymised. Statutory retention obligations (e.g., under tax or commercial law) may require us to store certain data for longer periods.

Under the General Data Protection Regulation, you have the following rights with regard to your personal data. To exercise any of these rights, please contact us at info@jp-management.com.

Right of access (Art. 15 GDPR): You have the right to request confirmation as to whether we process your personal data and, if so, to obtain access to that data along with information about the purposes, categories of data, recipients, and retention periods.

Right to rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate personal data and the completion of incomplete data we hold about you.

Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data where the data is no longer necessary for the purposes for which it was collected, where you withdraw consent, where you object to processing, or where the data has been unlawfully processed.

Right to restriction of processing (Art. 18 GDPR): You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or when processing is unlawful but you oppose erasure.

Right to data portability (Art. 20 GDPR): Where processing is based on consent or a contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to object (Art. 21 GDPR): You have the right to object at any time to the processing of your personal data based on legitimate interests (Art. 6(1)(f) GDPR). Where personal data is processed for direct marketing purposes, you have the right to object at any time, and we will cease processing your data for that purpose.

Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.

If you believe that the processing of your personal data violates the GDPR or other applicable data protection laws, you have the right to lodge a complaint with a supervisory authority.

As our company is registered in Poland, the competent supervisory authority is:

If you are located in Germany, you may also lodge a complaint with the data protection authority (Landesdatenschutzbeauftragter) of the German federal state in which you reside. A list of all German state data protection authorities and their contact details can be found on the website of the Federal Commissioner for Data Protection and Freedom of Information (BfDI) at www.bfdi.bund.de.

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction.

Our website uses SSL/TLS encryption (HTTPS) to ensure that all data transmitted between your browser and our servers is encrypted and protected during transit. We regularly review and update our security practices to maintain an appropriate level of protection.

Please note that no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or regulatory guidance. Any changes will be posted on this page with an updated revision date. We encourage you to review this Privacy Policy periodically.

Last updated: February 2026