We build software
that .

Privacy Policy

Last updated: April 14, 2026

1. General Information

This Privacy Policy (hereinafter: "Policy") sets out the rules for processing personal data and the use of cookies on the ideas.center website (hereinafter: "Website").

The controller of personal data is: Ideas P.S.A.; ul. Jastrzębia 6, 05-080 Lipków, Poland (KRS: 0001231713, NIP: 1182326586, REGON: 544348673) (hereinafter: "Controller"). Contact regarding data protection: contact@ideas.center.

The Website serves an informational purpose — it presents the Ideas brand, its products, custom development services, and business idea validation. The Website provides contact forms but does not conduct online sales.

This Policy has been prepared in accordance with the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council) and Polish data protection and electronic communications law.

The Controller processes personal data in accordance with the principles set out in Article 5 of the GDPR: data is collected only to the extent necessary to achieve specified purposes (data minimization), its accuracy and currency is ensured, it is stored no longer than necessary, and appropriate security is provided, including protection against unauthorized access and loss.

2. Scope of Data Collected

Data provided voluntarily — in contact forms: name, email address, phone number (optional), company or fund name, and message content. Providing data is voluntary and not a statutory requirement, but is a condition for using the respective Website feature. Failure to provide the required data will prevent the submission of a contact inquiry.

Data collected automatically — IP address, device and browser data, activity on the Website (pages visited, visit duration, referral source), and information from cookies. As part of analytics and marketing cookies, data may also be collected by third-party tools (e.g. Google Analytics) — only after consent is given via the cookie banner. Details in Sections 4 and 7.

3. Purposes and Legal Basis of Processing

Personal data is processed for the following purposes:

Handling contact inquiries

Legal basis: Art. 6(1)(f) GDPR (legitimate interest — handling correspondence and maintaining relationships with users)

Retention: Duration of handling the inquiry, no longer than 3 years (limitation of claims)

Analytics and statistics

Legal basis: Art. 6(1)(a) GDPR (consent)

Retention: Up to 14 months from last activity or until consent is withdrawn

Marketing activities, including remarketing and advertising campaigns

Legal basis: Art. 6(1)(a) GDPR (consent)

Retention: Until consent is withdrawn; cookies expire according to provider settings

Proper functioning of the Website

Legal basis: Art. 6(1)(f) GDPR (legitimate interest — maintaining and ensuring Website security)

Retention: Up to 12 months

Pursuit or defense of claims

Legal basis: Art. 6(1)(f) GDPR (legitimate interest — establishing, pursuing, or defending claims)

Retention: Limitation period for claims (3 years — Art. 118 of the Civil Code)

After the retention periods expire, data is deleted or anonymized. The Controller does not process data for purposes other than those indicated above. In the event of an intention to process data for a new purpose, the Controller will inform users and — if the new purpose requires consent — will seek it before commencing processing.

4. Data Recipients

Data may be shared with the following entities:

• Google Ireland Limited (Dublin, Ireland) — Google Fonts (typography delivery on every page), Google Analytics (website traffic analysis, if activated), Google Ads (advertising campaigns, if activated). Google Privacy Policy
• Hetzner Online GmbH (Gunzenhausen, Germany) — hosting of the Website and email infrastructure. Processing within the EU. Hetzner Privacy Policy
• Other supporting service providers — IT, accounting, legal services — to the extent necessary for the Controller's operations.

Data is shared with processors on the basis of processing agreements (Art. 28 GDPR).

5. Data Transfers Outside the EU

In connection with the use of third-party tools, data may be transferred to the United States. The transfer is based on:

• EU-US Data Privacy Framework — applies to: Google (entity certified under the DPF, status verifiable at dataprivacyframework.gov).

Detailed information about the safeguards applied can be obtained by contacting the Controller.

6. User Rights

In connection with the processing of data, the following rights are available:

• Right of access (Art. 15 GDPR) — information about the scope and manner of processing, and a copy of the data.
• Right to rectification (Art. 16 GDPR) — correction of inaccurate or incomplete data.
• Right to erasure (Art. 17 GDPR) — deletion of data when it is no longer necessary or after consent is withdrawn.
• Right to restriction of processing (Art. 18 GDPR) — e.g. when contesting the accuracy of data.
• Right to data portability (Art. 20 GDPR) — receiving data in a structured format.
• Right to object (Art. 21 GDPR) — to processing based on legitimate interest, including direct marketing.
• Right to withdraw consent (Art. 7(3) GDPR) — at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to lodge a complaint — with the President of the Personal Data Protection Office (PUODO), uodo.gov.pl.

To exercise any of these rights, contact us at: contact@ideas.center

7. Cookies

Cookies are small text files stored on the user's device. The Website uses the following categories:

• Necessary cookies — required for the Website to function properly. Do not require consent.
• Analytics cookies — traffic analysis (e.g. Google Analytics). Require consent.
• Advertising cookies — measuring campaign effectiveness, remarketing. Require consent.
• Functional cookies — enable enhanced features and personalization. Require consent.

Analytics and advertising cookies are activated only after consent is given via the cookie banner. Consent can be changed or withdrawn at any time via the cookie settings or browser settings. Consent is stored for 180 days. The Website uses Google Consent Mode v2, which ensures that no tracking requests are made before consent is given.

8. Profiling

The Controller does not make decisions based solely on automated processing that would produce legal effects or similarly significantly affect users (Art. 22 GDPR). Third-party marketing tools (e.g. advertising pixels), if activated, may use Website activity data for profiling for advertising purposes. Such profiling is performed by these providers as separate controllers, solely on the basis of consent given via the cookie banner.

9. Data Security

The Controller applies technical and organizational measures appropriate to the risk, including: SSL/TLS encryption, data access controls, periodic changes of administrative passwords, and regular software updates.

10. Changes to the Policy

The Controller reserves the right to amend the Policy. The amended version will be published on the Website with the effective date indicated. The Controller will inform about significant changes via the Website.

11. Contact

For matters related to this Policy: contact@ideas.center. Supervisory authority: President of the Personal Data Protection Office (PUODO), uodo.gov.pl.