logo oficjalne planopia

Privacy Policy for Planopia.pl


Version 1.0 - effective from January 7, 2026


1. Data Controller


For website user data, the data controller is ML Devworks Michał Lipka with its registered office at Rynek Główny 34 lok. 15, 31-010 Kraków, Poland, Tax ID: 6762707876.


For Client employees' data, the data controller is the Client (employer), and ML Devworks Michał Lipka acts as a data processor based on a data processing agreement (DPA).


Contact: office@ml-devworks.com


2. Purposes and Legal Bases for Processing


2.1. We process personal data for the following purposes:

- Providing services through the Planopia.pl platform (legal basis: Art. 6(1)(b) GDPR - contract performance)

- Fulfilling legal obligations (legal basis: Art. 6(1)(c) GDPR)

- Direct marketing only towards Clients (legal basis: Art. 6(1)(f) GDPR - legitimate interest). Marketing does not include Client employees' data.


2.2. For Client employees' data - the Client is the data controller, and we are the data processor (details in DPA).


3. Categories of Processed Data


3.1. Account user data:

- First and last name

- Email address

- Job position


3.2. Employee data (processed on behalf of the Client):

- First and last name

- Email address

- Job position

- Working time data

- Leave data


3.3. Technical data:

- IP address

- Browser information

- Cookies


4. Data Recipients


4.1. Data may be transferred to:

- Hosting service providers (Render.com, Netlify, Vercel, Oregon - US West)

- IT service providers supporting platform operation

- Google LLC (Google Analytics, Google Tag Manager) - for landing page traffic analysis

- Government authorities upon request under applicable law


4.2. All subcontractors are obligated to comply with data protection principles.


4a. Data Transfer Outside EEA


4a.1. Personal data may be processed outside the European Economic Area (EEA), particularly in the United States (Oregon - US West) by hosting service providers.


4a.2. Data transfer outside the EEA is based on Standard Contractual Clauses (SCC) pursuant to European Commission Decision 2021/914.


4a.3. Google LLC (Google Analytics, Google Tag Manager) also processes data in the USA based on appropriate protection mechanisms compliant with GDPR.


5. Data Retention Period


5.1. Data is retained for the following periods:

- Team data (Accounts): 30 days after contract termination/subscription end, then deleted (period can be extended or shortened upon Client's written request)

- Team user data: After a user is deleted from the team by an administrator, user data is retained for 30 days (retention period). After this period, data will be permanently deleted. The administrator can restore the user or permanently delete them at any time before the retention period expires. The Client (administrator) is responsible for managing their employees' data in accordance with labor law. Users cannot delete their own accounts - this requires administrator action.

- Billing data: 5 years (in accordance with tax regulations)

- Technical logs: 90 days (period can be extended or shortened upon Client's written request)

- Data until consent withdrawal (if processing is based on consent)


5.2. After subscription termination/contract end, team data will be deleted within 30 days, except for data required by law (e.g., tax regulations). User data is retained for 30 days after deletion (retention period), then permanently deleted.


5.3. The Client has the right to request extension or shortening of the data retention period within the scope permitted by law. Requests should be sent to: office@ml-devworks.com


6. Rights of Data Subjects


6.1. You have the following rights:

- Right of access to data

- Right to rectification

- Right to erasure

- Right to restriction of processing

- Right to data portability

- Right to object to processing

- Right to withdraw consent


6.2. Rights can be exercised by contacting: office@ml-devworks.com


6.3. You also have the right to lodge a complaint with the supervisory authority (President of the Personal Data Protection Office in Poland, or your local data protection authority).


7. Cookies


7.1. The website uses cookies for:

- Enabling basic functionality

- Traffic analysis (Google Analytics, Google Tag Manager)


7.2. Data from analytical tools (Google Analytics, Google Tag Manager) is processed by Google LLC in accordance with their privacy policy. These tools may use cookies to analyze website usage.


7.3. You can manage cookie settings in your browser or block analytical cookies.


8. Security Measures


8.1. We apply appropriate technical and organizational measures:

- Connection encryption (HTTPS)

- Access control

- Regular backups

- System monitoring


8.2. Data is stored on servers in Oregon (US West), United States. Data transfer outside the European Economic Area (EEA) is based on Standard Contractual Clauses (SCC) pursuant to European Commission Decision 2021/914.


9. Changes to Privacy Policy


9.1. We reserve the right to make changes to the Privacy Policy.


9.2. Users will be notified of significant changes.


Last updated: January 7, 2026