Privacy Policy

1. Introduction

RocaKami ("we," "us," or "our") is committed to protecting the privacy and personal data of our website visitors, clients, and partners. This Privacy Policy explains how we collect, use, store, share, and protect your personal data in compliance with the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679), the Polish Act on the Protection of Personal Data, and other applicable data protection laws.

2. Data Controller

The data controller responsible for the processing of your personal data is:

3. Data We Collect

We may collect and process the following categories of personal data:

• Identity Data: Name, job title, company name.
• Contact Data: Email address, phone number, postal address.
• Technical Data: IP address, browser type and version, time zone, operating system, and device information.
• Usage Data: Information about how you use our website, including pages visited, time spent, and navigation patterns.
• Communication Data: Records of correspondence if you contact us via forms, email, or other channels.
• Client Business Data: Business information shared with us during the course of our professional engagement, including but not limited to CRM data, workflow documentation, and operational details.

4. Legal Basis for Processing

Under the GDPR, we process your personal data based on the following legal grounds:

• Consent (Art. 6(1)(a) GDPR): Where you have given explicit consent, such as subscribing to our newsletter or accepting non-essential cookies.
• Contractual Necessity (Art. 6(1)(b) GDPR): Where processing is necessary to perform a contract or take pre-contractual steps at your request.
• Legitimate Interest (Art. 6(1)(f) GDPR): Where processing is necessary for our legitimate business interests, such as improving our services, provided these interests do not override your rights.
• Legal Obligation (Art. 6(1)(c) GDPR): Where processing is required to comply with Polish or EU law.

5. How We Use Your Data

• To provide, maintain, and improve our services.
• To communicate with you regarding inquiries, proposals, and service delivery.
• To send marketing communications (only with your explicit consent).
• To analyze website usage and improve user experience.
• To comply with legal and regulatory obligations.
• To protect our rights and the security of our systems.

6. Client Data Protection

In the course of providing our services (including back-office support, CRM management, and automation), clients may share sensitive business data with RocaKami. We treat all client data with the highest level of confidentiality and implement the following safeguards:

• Non-Disclosure: All team members handling client data are bound by non-disclosure agreements (NDAs).
• Access Control: Client data access is restricted to authorized personnel only, on a need-to-know basis.
• Secure Tools: We use industry-standard, encrypted platforms for data storage, communication, and file sharing.
• Data Minimization: We only collect and process client data that is strictly necessary for the performance of our services.
• No Unauthorized Sharing: Client data is never sold, rented, or shared with third parties without explicit written consent, except where required by law.
• Data Return & Deletion: Upon termination of a service agreement, client data will be returned or securely deleted within 30 days, unless retention is required by law.

7. Data Sharing & Third Parties

We may share personal data with:

• Service Providers: Third-party tools and platforms we use to deliver our services (e.g., GoHighLevel, Google Workspace, hosting providers). These providers are bound by data processing agreements.
• Legal Authorities: Where required by Polish or EU law, court order, or regulatory obligation.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, subject to the same level of protection.

We do not sell your personal data to any third party for marketing or commercial purposes.

8. International Data Transfers

As a globally distributed team, some of your data may be processed outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries deemed adequate by the European Commission, in compliance with Articles 44–49 of the GDPR.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Specifically:

• Contact form submissions: retained for up to 24 months after last interaction.
• Client engagement data: retained for the duration of the service agreement plus 12 months, unless a longer period is required by law.
• Newsletter subscriptions: retained until you unsubscribe.
• Website analytics data: retained in anonymized form for up to 26 months.

10. Your Rights Under GDPR

Under the GDPR and Polish data protection law, you have the following rights:

• Right of Access (Art. 15): Request a copy of the personal data we hold about you.
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
• Right to Restriction (Art. 18): Request restriction of processing in certain circumstances.
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at admin@rocakami.com. We will respond within 30 days as required by the GDPR.

11. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Polish supervisory authority:

12. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, regular security assessments, access controls and authentication protocols, and staff training on data protection best practices.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any material changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically. Continued use of our website or services after changes constitutes acceptance of the updated policy.

14. Contact Us

For any privacy-related inquiries or requests, please contact: