Privacy Policy


Information about the personal data controller

We kindly inform that the personal data controller is Bartosz Pietrucha, available under e-mail address: [email protected] hereinafter “PDC“. PDC provides and operates the website that can be found at the address https://websecurity-academy.com (“the Website”).


Aims and legal grounds for processing personal data

PDC may process your personal data gathered throughout the Website – for different purposes, however, always in accordance with the law. The purposes of personal data processing and legal grounds you can find below.


Users of the Website

In order to contact with you to answer your questions, we process the following personal data:

  • name and surname,
  • e-mail address.

The legal basis for this processing is the Article 6(1) (f) GDPR which allows us personal data processing based on our legitimate interest, which in this case is communication with you.

For the archival and documentary purpose, we process the following personal data:

  • name and surname,
  • e-mail.

For the purpose of securing information that may serve to demonstrate facts of legal significance. Legal basis for such a data processing is an Article 6(1) (f) GDPR that allows us personal data processing if in this way PDC executes his legitimate interest (in that case the interest of PDC is to store personal data that allow to prove certain facts related to contacting you with PDC);

For the analytical purposes, i.e. researches and analysis of the activity on the Website belonging to PDC, we process the following personal data:

  • date and time of visiting the Website;
  • the operating system,
  • estimated location,
  • the browser used to view the page,
  • time devoted to visiting the Website,
  • viewed sub-pages.

The legal basis for this processing is the Article 6(1) (f) GDPR which allows us personal data processing based on our legitimate interest (in that case the interest of PDC is to know the activity of the users on the website);

On the Website we process text information called Cookies (Cookies are described in the separate point). The legal basis for this processing is the Article 6(1) (f) GDPR which allows us personal data processing based on voluntary consent (the information about the acceptance for Cookies usage appears at the first access to the Website);

For the purpose of website management, we process such personal data as:

  • IP address,
  • time and date of the server,
  • information about the search engine,
  • information about the operational system

Data is stored automatically in so-called server log files every time the website belonging to PDC is used. The administration of the website without using the server and its automatic data storage would not be possible. The legal basis for this processing is the Article 6(1) (f) GDPR which allows us personal data processing based on our legitimate interest (in that case the interest of PDC is the website administration).

1) On his website PDC, like any other operator, uses so-called Cookies – short textual information, stored in the computer, mobile phone, tablet or other devices of users. They may be read by our system or the systems belonging to the other entities whose services we use (i.e. Google).

2) Cookies have many functions on the website, often useful, which we will try to describe below (if the information is not enough, please contact us):

  • ensuring safety — Cookies are used to protect personal data from unauthorized access;
  • having the influence on the website processes and usage efficiency — Cookies are used to provide the proper website functioning and to enable the use of its available functions. That is possible due to the settings memorization amidst the subsequent website visits. This makes it possible to use the web page and subpages with dispatch;
  • session state — Cookies store the information about the way the website is used, for example, which subpages are viewed most often. They also allow the identification of the errors appearing on the several subpages. We use these so-called ‘session state cookies’ to help us improve our services, in order to improve our users’ browsing experience
  • creating statistics Cookies help to understand how visitors engage with the web pages (how many users access the website, how long they stay on the website, which contents attract the biggest interest, etc.). This allows improving the website and adjusting it to the users’ preferences. In order to track users’ activity and to create the statistics we use the Google tools, such as Google Analytics; in addition to reporting the statistics of the website usage, Google Analytics and some of the abovementioned Cookies files may be also used to show the best-matched contents in Google’s services (i.e. in the Google search engine) and in the entire Internet.
  • social media functions – on our Website we have a so-called Facebook pixel for analytical purposes. However, to make it possible, we have to use cookies provided by abovementioned entity.

3) Your browser usually allows storing cookies on users’ end-devices by default, that is why we request you to consent to the use of Cookies. You may object to using the Cookies while accessing the Website and change the settings in your browser – you have the right to block Cookies or to obtain the notification about every access of the Cookies. The settings may be changed at any time.

4) In order to respect the autonomy of all the website users we feel it is our duty to warn you that blocking or limiting the Cookies may cause serious problems in the Website usage, such as the requirement to log in on each subpage, long time of Website loading, limitation on the use of its functions, etc., limitations in liking our page on Facebook. 


The right to withdraw the consent

  1. If the personal data processing is based on the user’s consent, the consent may be withdrawn at any moment – in his or her sole discretion.
  2. If you want to withdraw your consent for data processing consent, please send us an email on the [email protected] 
  3. If your personal data processing was based on your consent, its withdrawal will not lead to their illegal usage in the past. In other words, till the time you withdraw your consent we have the right to process your personal data and its withdrawal does not affect lawfulness of the processing since consent’s withdrawal.


The requirement to provide personal data

  1. Providing some personal data is necessary to meet your expectations in the matter of using the Website, our fanpage or for the purpose of communicating with us using these channels.
  2. Providing your email address is necessary to receive a newsletter.
  3. Providing personal data processed for concluding and performing the contract is necessary to conclude and perform the contract.
  4. Providing personal data which we process based on provisions of law is an obligation resulting from binding law.
  5. Providing personal data processed for the purpose of our legitimate interest is necessary to its execution.


Automated decision-making and profiling

Please, be informed that we do not make automated decision-making and profiling. 


Recipients of personal data

Like other entrepreneurs, we are supported by different entities and that usually involves the transfer of personal data. Due to the above, we may provide your personal data to the hosting company, software providers, lawyers, and/or social media’s providers, if there is such a need. 

Moreover, we may be asked to provide your personal data to other entities, public or private, if the competent state authority or the law requires that. That is why it is difficult for us to predict who may apply for the disclosure of personal data. Nevertheless, we assure you that every request to disclose your personal data is examined very carefully and profoundly, in order to prevent inadvertently informing the unauthorized person.


Transfer of personal data to third countries

We kindly inform you that we may transfer your data outside European Economic Area due to Facebook Pixel and Google Analytics usage, as well as other services of software providers we use. Your personal data will be transferred to the United States of America based Commission Implementing Decision of 12th July 2016.


Duration of processing personal data

In accordance with the effective law, we do not process your personal data ‘’endlessly” but during the time that is needed to achieve the desired objective. After this time, your personal data will be irreversibly deleted or erased.

Having regard to the time of personal data processing, we kindly inform that the aforementioned data is processed till:

  1. Time of claims limitation – in case of personal data processed for the purpose of concluding and executing the contract;
  2. for 5 years calculated from the end of calendar year in which the time to pay tax for the previous yer has lapsed – in case of personal data processed on the basis of provisions of tax law;
  3. to withdrawal of your consent or achieving the purpose of processing. In case of personal data processed for the purpose of sending you information in newsletter
  4. to the time of your effective objection or achieving the aim of processing (including time of limitation of claim) – for the purpose of personal data processed based on legitimate interest of PDC
  5. the time when data becomes obsolete or out of date but no longer than for 2 years – regarding personal date processed mainly for the analytical purposes, usage of cookies or Website administration. 


Data subject’s rights

We kindly inform, that you have the right to:

  • access your personal data;
  • correct your personal data;
  • delete your personal data;
  • limit the right to process your personal data;
  • object the use of your personal data;
  • transfer your personal data.

We respect your rights arising from law regulations about the protection of the personal data and we try to facilitate their realization to the greatest extent possible. 

We stress that the aforementioned rights are not of absolute character, therefore, we may refuse to fulfill them in accordance with the law in some cases. However, we refuse the compliance with the request only after the profound analysis and only in the situation when the refuse of request acceptance is essential. 

In accordance with your right of objection, we inform that you have the right to prohibit the personal data processing on the basis of the legitimate interest of PDC (they were mentioned in the II point) in accordance to your specific situation. You must remember that according to the regulations we may refuse your objection if we prove that:

  • there are legitimate grounds for the processing which override the interests of fundamental rights and freedom of the data subject or 
  • there are grounds for the establishment, vindication or defence of claims.

You may exercise your rights by sending an email directly to the PDC to the address: [email protected]


The right to file a complaint

If you consider that your personal data are processed unlawfully, you may file a complaint to the President of the Office of the Personal Data Protection.


Final provisions

In the absence of specific provisions of this Privacy Policy the regulations concerning the personal data protection shall apply. If there are any changes in this Policy, you will be informed throughout the e-mail. This Privacy policy is in force since 1st of May 2018