Privacy Policy

// effective from: May 7, 2026 · GDPR-compliant (EU) 2016/679

1. Data Controller

The controller of your personal data is Green Eco World Sp. z o.o., EU VAT: PL7882038912, registered address: ul. Kolejowa 20, 64-300 Nowy Tomyśl, Poland, email: contact@stronaw24h.com.

For data protection matters, contact the email above. Under GDPR, we have not appointed a Data Protection Officer (DPO not required for our scale of processing).

2. What data we collect

3. Processing purposes

• Order fulfillment and contract performance,
• Invoicing and accounting,
• Communication regarding order execution,
• Hosting Client websites and infrastructure maintenance,
• Marketing of own services (based on separate consent),
• Site traffic analysis and service quality improvement (with consent),
• Compliance with legal obligations (accounting, tax).

4. Data retention period

• Order and invoice data: 5 years (per EU tax regulations),
• Client website hosting data: until end of service + 30 days for migration,
• Marketing data: until consent withdrawn,
• Analytics data: up to 26 months,
• Contact form data (without order): 12 months.

5. Your rights (GDPR)

Under GDPR you have the following rights:

• Right of access to your data (Art. 15)
• Right to rectification of data (Art. 16)
• Right to erasure — "right to be forgotten" (Art. 17)
• Right to restrict processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21)
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority — for Polish-based controllers: Polish DPA UODO (Stawki 2, 00-193 Warsaw, uodo.gov.pl); EU residents may also contact their national DPA

To exercise these rights, write to: contact@stronaw24h.com. We respond within 30 days.

6. Data recipients

Your data may be transferred to the following categories of recipients (under data processing agreements):

• Hostinger International Ltd (Cyprus) — hosting and email provider (DPA in place, ISO 27001 certified)
• Stripe Payments Europe Ltd (Ireland) — card payment processing
• Banks and SEPA operators — bank transfer processing
• Accounting firm servicing the company — for accounting purposes
• Google Ireland Ltd — Google Analytics 4 (only with consent, anonymized)
• Meta Platforms Ireland Ltd — Meta Pixel (only with consent)
• Public authorities — when required by law (tax, social security, courts)

7. Cookies

Our site uses cookies. Detailed information is in our Cookie Policy.

You can change cookie settings at any time via the link in the page footer or in your browser settings.

8. Data transfers outside the EEA

Some of our tools (Google Analytics, Stripe, Meta) may transfer data to the USA. This is done based on:

• Standard Contractual Clauses approved by the European Commission (Decision 2021/914),
• EU-U.S. Data Privacy Framework (EC Decision 2023/1795),
• Additional technical and organizational safeguards on the recipient side.

9. Automated decision-making

We do not make decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect the Client.

We inform that AI tools are used in the website creation process; however, every site is reviewed and approved by a human before delivery.

10. Data security

We apply appropriate technical and organizational measures to ensure data protection:

• SSL/TLS encryption for all data transmissions
• Hosting on certified infrastructure (Hostinger, ISO 27001)
• Regular backups
• Restricted data access — only authorized personnel
• Two-factor authentication (2FA) on all admin accounts

11. Policy changes

We reserve the right to change this Privacy Policy. The current version is always available on this page. We notify of significant changes via email.