Privacy Policy
Last updated: January 15, 2026
1. Data Controller
The controller of your personal data is Easynestpl Sp. z o.o., with its registered office in Warsaw at ul. Marszałkowska 84/92, 00-514 Warsaw, Poland, entered in the National Court Register (KRS) under number 0000987654, NIP (Tax ID): 5213456789, REGON: 147890123 (hereinafter: 'the Controller'). You may contact the Controller in writing at the registered office address or by email at: kontakt@easynestpl.com.
2. Data Protection Officer
The Controller has appointed a Data Protection Officer who can be contacted regarding personal data processing matters at the email address: iod@easynestpl.com, or in writing at the Controller's registered office address with the annotation 'Data Protection Officer'.
3. Purposes and legal bases for data processing
Your personal data is processed for the following purposes: (a) responding to inquiries submitted through the contact form — based on Article 6(1)(b) of the GDPR (taking steps at the request of the data subject); (b) providing consulting services in the field of personal finance and grants — based on Article 6(1)(b) of the GDPR; (c) fulfilling legal obligations incumbent on the Controller — based on Article 6(1)(c) of the GDPR; (d) pursuing the Controller's legitimate interests, such as direct marketing, pursuing claims — based on Article 6(1)(f) of the GDPR.
4. Data recipients
Your personal data may be shared with: entities processing data on behalf of the Controller (IT service providers, hosting, email services), state authorities or other entities authorized under applicable law, entities providing accounting and legal services to the Controller. The Controller does not transfer personal data to third countries or international organizations unless necessary to provide services (e.g., use of cloud infrastructure) — in which case, transfers are made with appropriate safeguards as required by the GDPR.
5. Data retention period
Personal data is stored for the period necessary to fulfill the purposes of processing: for data processed in connection with a contract — for the duration of the contract and the limitation period for claims; for data processed based on consent — until the consent is withdrawn; for compliance with legal obligations — for the period required by law, in particular tax and accounting regulations.
6. Data subject rights
In connection with the processing of personal data, you have the following rights: the right to access your data, the right to rectification of data, the right to erasure of data ('right to be forgotten'), the right to restrict processing, the right to data portability, the right to object to processing, the right to withdraw consent at any time (without affecting the lawfulness of processing carried out before withdrawal). You also have the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland).
7. Requirement to provide data
Providing personal data in the contact form is voluntary but necessary to respond to inquiries or provide services. Failure to provide data will prevent the Controller from contacting you.
8. Automated decision-making
The Controller does not make automated decisions, including profiling within the meaning of Article 22 of the GDPR.
9. Data security
The Controller applies appropriate technical and organizational measures to protect processed personal data, in particular securing data against unauthorized access, processing in violation of law, and alteration, loss, damage or destruction. The Controller's IT infrastructure is regularly audited for security, and access to personal data is limited to authorized persons only.
10. Changes to the Privacy Policy
The Controller reserves the right to amend this Privacy Policy. Users will be informed of any changes by publishing the current version of the document on the website. This Privacy Policy is effective from January 15, 2026.