Privacy Policy of the MVNO Expert Website
(mvnoexpert.com)

Date of publication: May 16, 2025

§1 General Provisions

1. The Controller of personal data collected through the website [https://mvnoexpert.com] (hereinafter referred to as the "Service") is Kamal Sitkowski-Attun, conducting business activity under the name KSPLUS Kamal Sitkowski-Attun with its registered office in Warsaw (02-826), ul. Polki 1B/9, NIP (Tax Identification Number) 951-164-19-57, REGON (National Business Registry Number): 015712810, e-mail address: contact@mvnoexpert.com (hereinafter referred to as the "Controller").
2. Users' personal data are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as "GDPR", and the Act on the Protection of Personal Data of May 10, 2018.
3. The Controller exercises due diligence to protect the interests of data subjects, and in particular, ensures that the data collected are:
   • processed lawfully, fairly, and in a transparent manner in relation to the data subject;
   • collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
   • adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
   • accurate and, where necessary, kept up to date;
   • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
   • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

§2 Purpose and Scope of Data Collection and Legal Basis

1. Contact Form:
   • Purpose of processing: Users' personal data (such as name, surname, email address, subject, message content) provided via the contact form available on the Service are processed for the purpose of responding to the submitted inquiry, presenting an offer (if the inquiry concerns it), conducting correspondence, and carrying out actions at the User's request before a possible cooperation is established.
   • Scope of data collected: Name, email address, message subject, message content.
   • Legal basis: Processing is necessary to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) GDPR) or is based on the Controller's legitimate interest, which is handling User inquiries and building relationships with potential clients (Article 6(1)(f) GDPR). Providing data is voluntary but necessary to process the inquiry.
2. Cookies:
   • Purpose of processing: The Service may use cookies to ensure the proper functioning of the website, analyze traffic, customize content, and potentially for marketing purposes (if such are used and appropriate consent is obtained). Detailed information can be found in §4 Cookie Policy.
   • Legal basis: For cookies necessary for the functioning of the website – the Controller's legitimate interest (Article 6(1)(f) GDPR). For analytical, marketing, or other non-essential cookies – the User's consent (Article 6(1)(a) GDPR), expressed, for example, through browser settings or a cookie banner.
3. Analytical Data and Server Logs:
   • Purpose of processing: The Controller may collect anonymous data regarding the use of the Service (e.g., IP address, browser type, operating system, visit duration, visited subpages) for statistical and analytical purposes (e.g., using Google Analytics) and to ensure the security of the Service and detect abuse. Server logs may also be collected for the purpose of administering the Service.
   • Legal basis: The Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of improving the functionality of the Service, its security, and analyzing its effectiveness.

§3 Personal Data Retention Period

1. Personal data provided via the contact form will be stored for the period necessary to respond to the inquiry, conduct correspondence, and in the case of establishing cooperation – for the duration of this cooperation and as required by law (e.g., for accounting, tax purposes). After this period, data may be stored for the time during which it is possible to pursue claims related to the correspondence or cooperation.
2. Data processed on the basis of consent (e.g., some cookies) will be processed until the consent is withdrawn.
3. Data processed on the basis of the Controller's legitimate interest will be processed until an effective objection is raised by the data subject, or until this interest ceases.
4. Analytical data will be stored for the period necessary to achieve statistical purposes, usually in an anonymized or aggregated form.

§4 Cookies Policy

1. The Service uses "cookies". Cookies are small text files sent by a web server and stored by the browser's computer software. When the browser reconnects to the site, the website recognizes the type of device from which the user is connecting.
2. Types of cookies used:
   • Necessary Cookies (session/persistent): These are essential for the proper functioning of the Service, enabling navigation and use of basic functions. Without these files, the Service may not operate correctly. For example, they can remember previous actions during the same session.
   • Analytical/Performance Cookies (persistent): These collect information about how Users use the Service (e.g., which pages they visit most often, whether they receive error messages). They help the Controller improve the operation of the Service. This data is usually anonymous. The Service may use tools such as Google Analytics.
   • Functional Cookies (persistent): These allow the Service to remember choices made by the User (e.g., language, region) and provide more personalized features.
   • Marketing/Advertising Cookies (persistent): These may be used to deliver advertisements more tailored to Users' interests and to measure the effectiveness of advertising campaigns. They may be placed by the Controller or by third parties (e.g., advertising networks) with the User's consent.
3. Managing cookies:
   • The User can change cookie settings in their web browser at any time. Most browsers accept cookies by default. The User can completely disable cookies or limit their storage on their device.
   • Detailed information on the possibilities and methods of handling cookies is available in the software settings (web browser). Example links to instructions for popular browsers:
     • Chrome: https://support.google.com/chrome/answer/95647?hl=en
     • Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
     • Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
     • Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
   • Restricting the use of cookies may affect some of the functionalities available on the Service.
   • The Service may display a banner informing about cookies, allowing management of consents for individual types of cookies (other than necessary ones).

§5 Rights of Data Subjects

1. Users have the following rights related to the processing of their personal data:
   • The right to access data (Article 15 GDPR).
   • The right to rectify data (Article 16 GDPR).
   • The right to erase data ("right to be forgotten") (Article 17 GDPR) – if there are no overriding legitimate grounds for processing.
   • The right to restrict processing (Article 18 GDPR).
   • The right to data portability (Article 20 GDPR) – if processing is based on consent or a contract and is carried out by automated means.
   • The right to object to data processing based on the Controller's legitimate interest (Article 21 GDPR).
   • The right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal (if processing is based on consent).
2. To exercise these rights, the User should contact the Controller using the contact details provided in §1.
3. The User has the right to lodge a complaint with the supervisory authority, i.e., the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland), if they consider that the processing of their personal data infringes GDPR provisions.

§6 Sharing of Personal Data

1. Users' personal data may be disclosed to entities processing data on behalf of the Controller, e.g., IT service providers (hosting, email), analytical tool providers (e.g., Google Analytics – in which case data may be transferred outside the European Economic Area based on appropriate safeguards, e.g., standard contractual clauses), provided that these entities ensure adequate data protection guarantees.
2. The Controller may be obliged to disclose personal data at the request of authorized state authorities based on applicable laws.

§7 Security of Personal Data

1. The Controller applies appropriate technical and organizational measures to ensure the protection of processed personal data adequate to the threats and categories of data protected, and in particular, protects data against unauthorized disclosure, access by an unauthorized person, processing in violation of applicable laws, and alteration, loss, damage, or destruction.
2. Communication between the User's device and the Controller's server, especially during the transmission of data via the contact form, may be encrypted using SSL (Secure Socket Layer) protocol.

§8 Changes to the Privacy Policy

1. The Controller reserves the right to make changes to the Privacy Policy.
2. The Controller will inform Users of any changes by publishing the new content of the Privacy Policy on the Service.
3. The new version of the Privacy Policy is effective from the moment of its publication on the Service.

§9 Final Provisions

1. In matters not regulated by this Privacy Policy, the provisions of GDPR and other relevant provisions of Polish law shall apply accordingly.
2. This Privacy Policy is effective from the date of its publication.