Privacy Policy

In force as of 17 April 2026.

1. General provisions

This privacy policy (hereinafter: the "Policy") sets out the rules for the processing of personal data and the use of cookies in connection with the use of websites operated by the Controller, including the website available at vhsoft.io (hereinafter jointly: the "Website"). The Policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: "GDPR"), the Polish Act on the Provision of Electronic Services and the Polish Electronic Communications Law.

The use of the Website is voluntary. Providing personal data through the contact form is voluntary, however necessary in order to receive a response to the submitted enquiry.

2. Data Controller

The controller of personal data is VHSOFT sp. z o.o., with its registered office in Łódź, ul. Sienkiewicza 85/87, lok. 8, 90-057 Łódź, Poland, entered into the Register of Entrepreneurs of the National Court Register under KRS number: 0001161463, NIP (Tax ID): 7252164897, REGON: 366014636 (hereinafter: the "Controller").

The Controller can be contacted in all matters concerning the processing of personal data via e-mail: hello@vhsoft.io or by post at the address of the registered office. The Controller has not appointed a Data Protection Officer.

3. Scope of data collected

The Controller processes personal data provided directly by the user via the contact form, in particular:

  • first name and surname,
  • e-mail address,
  • phone number,
  • content of the message and other information voluntarily provided in the enquiry.

In addition, in connection with the use of the Website, technical data of the end device is collected automatically, including IP address, cookie identifiers, browser type, operating system, data on activity within the Website, and approximate location data resulting from the IP address.

4. Purposes and legal basis of processing

Personal data are processed for the following purposes and on the following legal grounds:

  • responding to enquiries submitted through the contact form or other communication channels and handling ongoing correspondence — on the basis of the Controller's legitimate interest in handling submitted enquiries (Article 6(1)(f) GDPR);
  • taking action at the request of the data subject prior to entering into a contract and the conclusion and performance of a service agreement — on the basis of Article 6(1)(b) GDPR;
  • fulfilment of legal obligations imposed on the Controller, in particular tax and accounting obligations — on the basis of Article 6(1)(c) GDPR;
  • pursuit of the legitimate interests of the Controller, namely: direct marketing of the Controller's own products and services, establishment, exercise or defence of legal claims, conducting statistics and analytics of the Website, and ensuring the security of the Website — on the basis of Article 6(1)(f) GDPR;
  • conducting marketing activities, including sending commercial information by electronic means and marketing using telecommunications terminal equipment — on the basis of consent (Article 6(1)(a) GDPR).

Irrespective of the legal basis for processing personal data, the use of electronic mail to send commercial information and the use of telecommunications terminal equipment for direct marketing purposes additionally require separate consent under Article 10 of the Polish Act on the Provision of Electronic Services and Article 398 of the Polish Electronic Communications Law, respectively.

5. Retention period

Personal data are stored for the period necessary to fulfil the purposes for which they were collected, in particular:

  • for the duration of the correspondence and for the period necessary to establish, exercise or defend legal claims — in the case of handling enquiries and communication;
  • for the duration of the contract and until the expiry of periods resulting from applicable laws, including tax and accounting laws — in the case of contract performance;
  • until the consent is withdrawn or an effective objection is raised — in respect of processing for marketing purposes;
  • for the period required by applicable laws — in respect of fulfilment of legal obligations.

After these periods, the data are deleted or anonymised.

6. Recipients of data

Personal data may be disclosed to:

  • persons authorised by the Controller and entities cooperating with the Controller on the basis of data processing agreements, in particular: providers of hosting and IT infrastructure services, e-mail service providers, accounting offices, law firms, providers of analytical, marketing and advertising tools (including Google Ireland Limited — Google Tag Manager, Google reCAPTCHA and related measurement tools; Meta Platforms Ireland Limited — Meta Pixel and related advertising tools), providers of generative artificial intelligence tools used in user-assistance features (including Google Ireland Limited — Google Gemini);
  • public authorities entitled to receive data on the basis of applicable laws.

7. Transfers outside the European Economic Area

In connection with the use of tools provided by Google and Meta, personal data may be transferred to countries outside the European Economic Area, including the United States. Such transfers take place on the basis of an adequacy decision of the European Commission (Data Privacy Framework) or on the basis of Standard Contractual Clauses approved by the European Commission, in accordance with Article 46 GDPR. A copy of the safeguards applied may be obtained by contacting the Controller.

8. Rights of the data subject

In connection with the processing of personal data, you have the following rights:

  • right of access to the data and to obtain a copy thereof (Article 15 GDPR);
  • right to rectification of the data (Article 16 GDPR);
  • right to erasure of the data (Article 17 GDPR);
  • right to restriction of processing (Article 18 GDPR);
  • right to data portability (Article 20 GDPR);
  • right to object to processing based on the legitimate interest of the Controller, including objection to direct marketing (Article 21 GDPR);
  • right to withdraw consent at any time, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal;
  • right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland).

The above rights may be exercised by sending a request to: hello@vhsoft.io or by post to the address of the Controller's registered office.

9. Cookies and similar technologies

The Website uses cookies and similar technologies to ensure the proper functioning of the Website, to adapt its content to user preferences, to compile statistics and for marketing purposes.

The following types of cookies are used:

  • strictly necessary cookies — required for the proper operation of the Website, including session maintenance and security (e.g. Google reCAPTCHA cookies);
  • analytical cookies — used to collect information on how the Website is used (e.g. Google Tag Manager and connected measurement tools);
  • marketing cookies — used to display advertising tailored to user interests and to measure its effectiveness (e.g. Google, Meta/Facebook).

Cookies other than strictly necessary cookies are installed on the user's device only after consent has been given. The user may at any time change cookie settings in their browser, including blocking the saving of cookies or deleting cookies already stored. Restricting the use of cookies may affect certain functionalities of the Website.

10. External tools

The Website uses, in particular, the following external tools:

  • Google Tag Manager and related Google measurement tools — for the analysis of traffic and the effectiveness of marketing activities. Additional analytical and advertising tags of third parties may be deployed via Google Tag Manager, including Meta Pixel (Meta Platforms Ireland Limited), used to run advertising campaigns and measure their effectiveness;
  • Google reCAPTCHA — to protect the contact form against abuse; the use of this tool is subject to the Google Privacy Policy and the Google Terms of Service;
  • Generative artificial intelligence tools — in selected places of the Website, a feature is made available that assists in drafting the content of the message using a language model provided by third parties (including Google — Google Gemini). When this feature is used, the content entered by the user is transferred to the model provider solely for the purpose of generating the suggested response. Use of this feature is voluntary and requires an active action by the user.

11. Profiling and automated decision-making

Personal data are not used for decisions based solely on automated processing, including profiling, that produce legal effects concerning the data subject or similarly significantly affect them.

12. Data security

The Controller applies appropriate technical and organisational measures to ensure the security of the personal data processed, in particular to protect them against accidental loss, unauthorised access, disclosure or modification. Access to the data is granted only to authorised persons obliged to keep them confidential.

13. Changes to the Privacy Policy

The Controller reserves the right to introduce changes to this Policy. The current version of the Policy is published on the Website and applies from the moment of its publication.

14. Contact

For matters relating to the processing of personal data and the exercise of the rights of data subjects, please contact us via e-mail: hello@vhsoft.io or by post at the address of the Controller's registered office.

VHSOFT sp. z o.o.
ul. Sienkiewicza 85/87, lok. 8
90-057 Łódź
NIP: 7252164897
REGON: 366014636
KRS: 0001161463
tel. 730-717-933
hello@vhsoft.io