Privacy Policy

Last Updated: 23 June 2026 | Rufunu | rufunu.info

1. Identity of the Data Controller

The data controller responsible for the processing of personal data collected through this website is Rufunu, operating at Świętojańska 1, Bydgoszcz, Poland. The controller can be contacted by email at [email protected] or by telephone at +48 52 328 6760. This Privacy Policy applies to all personal data collected via the website located at rufunu.info and any related digital communications.

2. Legal Basis for Processing

Rufunu processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the General Data Protection Regulation, hereinafter "GDPR"), as implemented and supplemented by the Polish Act of 10 May 2018 on the Protection of Personal Data (Ustawa z dnia 10 maja 2018 r. o ochronie danych osobowych, Journal of Laws 2018, item 1000, as amended). Processing is carried out on the following legal bases: (a) Article 6(1)(a) GDPR, where the data subject has given consent to the processing of their personal data for one or more specific purposes; (b) Article 6(1)(b) GDPR, where processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (c) Article 6(1)(c) GDPR, where processing is necessary for compliance with a legal obligation to which the controller is subject; (d) Article 6(1)(f) GDPR, where processing is necessary for the purposes of the legitimate interests pursued by the controller.

3. Categories of Personal Data Collected

Rufunu collects the following categories of personal data through this website: identification data including first name and last name as provided voluntarily through contact and enrollment forms; contact data including email address as provided through forms; communication content including the text of messages submitted through contact or enrollment forms; technical data including IP address, browser type and version, operating system, referral source, length of visit, and page views, collected automatically through server logs and analytics tools; and cookie identifiers and similar tracking data as described in the Cookie Policy available at rufunu.info/cookies.html. Rufunu does not intentionally collect sensitive personal data as defined under Article 9 GDPR. If such data is inadvertently submitted through a form, it will be deleted without processing.

4. Purposes of Processing

Personal data collected through this website is processed for the following purposes: responding to inquiries submitted through the contact form; processing enrollment requests for the educational program; operating and improving the website including monitoring technical performance and user experience; ensuring the security of the website and preventing fraudulent activity; complying with applicable legal obligations including those arising under Polish and EU law; and conducting analytics to understand how visitors interact with the website in aggregate form. Rufunu does not use personal data for automated decision-making or profiling as defined under Article 22 GDPR.

5. Data Retention

Rufunu retains personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. Inquiry and enrollment data is retained for a period of up to 24 months from the date of last contact, after which it is securely deleted unless a longer retention period is required by law. Technical and analytical data is retained for a maximum of 26 months. Data retained for legal compliance purposes is held for the period specified by the relevant legal obligation. When personal data is no longer required, Rufunu ensures it is deleted or anonymized in a secure manner.

6. Disclosure of Personal Data to Third Parties

Rufunu does not sell, rent, or trade personal data to third parties. Personal data may be disclosed to the following categories of recipients where necessary: hosting and infrastructure service providers who process data on behalf of Rufunu under data processing agreements compliant with Article 28 GDPR; email service providers used to manage correspondence; analytics service providers where anonymized or aggregated data is involved; and public authorities where disclosure is required by applicable law, including Polish supervisory authorities and courts. All third-party processors engaged by Rufunu are required to maintain appropriate technical and organizational measures to protect personal data and to process it only on documented instructions from Rufunu.

7. International Transfers

Where personal data is transferred to recipients outside the European Economic Area, Rufunu ensures that appropriate safeguards are in place in accordance with Chapter V of the GDPR. Such safeguards may include standard contractual clauses adopted by the European Commission, adequacy decisions, or other transfer mechanisms recognized under applicable data protection law. Details of the safeguards applicable to any specific transfer can be obtained by contacting Rufunu at [email protected].

8. Rights of Data Subjects

Under the GDPR and applicable Polish law, data subjects have the following rights with respect to their personal data: the right of access under Article 15 GDPR, including the right to obtain confirmation of whether personal data is being processed and, where it is, to receive a copy of that data; the right to rectification under Article 16 GDPR; the right to erasure ("right to be forgotten") under Article 17 GDPR; the right to restriction of processing under Article 18 GDPR; the right to data portability under Article 20 GDPR; the right to object under Article 21 GDPR; and the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. To exercise any of these rights, data subjects may submit a written request to [email protected]. Rufunu will respond to requests within one month of receipt, which may be extended by a further two months where necessary. Data subjects also have the right to lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warsaw, Poland, www.uodo.gov.pl).

9. Security Measures

Rufunu implements appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction, in accordance with Article 32 GDPR. These measures include the use of secure encrypted connections (HTTPS/TLS) for data transmission, access controls limiting personal data access to authorized personnel, regular review of security practices, and contractual requirements imposed on data processors. No method of transmission over the internet or method of electronic storage is entirely secure. While Rufunu takes all reasonable steps to protect personal data, it cannot guarantee absolute security.

10. Cookies and Tracking Technologies

This website uses cookies and similar tracking technologies. Detailed information about the cookies used, their purposes, duration, and the options available to users for managing cookie preferences is provided in the Cookie Policy, available at rufunu.info/cookies.html. Users may manage their cookie preferences at any time through the cookie consent interface available on this website.

11. Changes to This Privacy Policy

Rufunu reserves the right to update this Privacy Policy from time to time to reflect changes in applicable law, our data processing practices, or the services offered through this website. The most current version of this Privacy Policy will always be available at rufunu.info/privacy.html. Where changes are material, Rufunu will take reasonable steps to inform users. Continued use of the website following the publication of changes constitutes acceptance of the updated policy.

12. Contact for Data Protection Matters

All correspondence regarding data protection, including requests to exercise data subject rights, questions about this Privacy Policy, or concerns about data processing practices, should be directed to: Rufunu, Świętojańska 1, Bydgoszcz, Poland, email: [email protected], telephone: +48 52 328 6760. Rufunu is committed to resolving data protection concerns promptly and in accordance with applicable law.