PRIVACY POLICY

Last updated: 16.02.2026

Bartosz Książek (trading as Barty Digital Bartosz Książek)
11/20 Architektów, 35-082 Rzeszów, Poland, NIP: 8133584429, REGON: 543881046
Email: bart@barty.digital
Website: https://barty.digital

1. Introduction

This Privacy Policy explains how Barty Digital (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit our website or contact us through our services.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), UK GDPR, and Privacy and Electronic Communications Regulations (PECR).

Data Controller: Bartosz Książek, 11/20 Architektów, 35-082 Rzeszów, Poland

2. What Personal Data We Collect

2.1 Information You Provide Directly

Contact Forms:
When you submit a contact form on our website, we collect:

• First and last name
• Email address
• Phone number (if provided)
• Company name and website (if provided)
• Message content
• Any other information you choose to provide

Legal Basis: Legitimate interest (responding to business enquiries) and contract performance (when discussing potential services).

2.2 Information Collected Automatically

Analytics & Website Usage:
We use Google Analytics and Microsoft Clarity to understand how visitors use our website. This includes:

• IP address (anonymised)
• Browser type and version
• Device information (desktop, mobile, tablet)
• Operating system
• Pages viewed and time spent on pages
• Referring website/source
• Geographic location (country/city level)
• Heatmaps and session recordings (Microsoft Clarity)

Legal Basis: Consent (obtained via cookie banner managed by Complianz).

Cookies & Tracking Technologies:
We use cookies for functionality, analytics, and marketing purposes. For detailed information, please see our Cookie Policy.

Security & Server Logs:
Our hosting provider and security tools (Wordfence) may collect:

• IP addresses
• Access times
• Requested pages
• Browser and operating system information

Legal Basis: Legitimate interest (website security and performance).

3. How We Use Your Personal Data

We use your personal data for the following purposes:

Contact Enquiries:

• To respond to your questions and requests
• To provide information about our services
• To discuss potential projects or collaborations
• To send follow-up communications related to your enquiry

Website Analytics:

• To understand how visitors interact with our website
• To improve website performance, content, and user experience
• To identify and fix technical issues

Security:

• To protect our website from malicious activity
• To prevent spam and fraudulent submissions
• To maintain system integrity

Legal Compliance:

• To comply with legal obligations
• To establish, exercise, or defend legal claims

4. Data Sharing & Third-Party Services

We do not sell, rent, or trade your personal data to third parties. However, we use the following trusted third-party services that may process your data:

4.1 Analytics & Performance

Google Analytics (Google LLC / Google Ireland Ltd)

• Purpose: Website analytics and performance tracking
• Data Processed: IP address (anonymised), browsing behavior, device information
• Location: United States / Ireland (EU)
• Privacy Policy: https://policies.google.com/privacy
• Data Transfer Mechanism: EU Standard Contractual Clauses (SCCs) / EU-US Data Privacy Framework

Microsoft Clarity (Microsoft Corporation)

• Purpose: Heatmaps, session recordings, user behavior analysis
• Data Processed: Browsing behavior, clicks, scrolls, anonymised session data
• Location: United States
• Privacy Policy: https://privacy.microsoft.com/
• Data Transfer Mechanism: EU Standard Contractual Clauses (SCCs) / EU-US Data Privacy Framework

4.2 Security

Wordfence (Defiant Inc.)

• Purpose: Website security, firewall, malware scanning
• Data Processed: IP addresses, login attempts, security threat data
• Location: United States
• Privacy Policy: https://www.wordfence.com/privacy-policy/

4.3 Hosting

Our website is hosted by a third-party hosting provider. Server logs (IP addresses, access times) are stored on secure servers.

4.4 Social Media Embeds

We embed content from LinkedIn, Instagram, and WhatsApp to allow social sharing. These platforms may place cookies and collect data when you interact with embedded content. Please refer to their respective privacy policies:

• LinkedIn: https://www.linkedin.com/legal/privacy-policy
• Instagram (Meta): https://help.instagram.com/519522125107875
• WhatsApp (Meta): https://www.whatsapp.com/legal/privacy-policy

5. International Data Transfers

Some of our third-party service providers (Google Analytics, Microsoft Clarity, social media platforms) are located in the United States. Data transfers to the US are protected by:

• EU-US Data Privacy Framework (for participating companies)
• EU Standard Contractual Clauses (SCCs) approved by the European Commission
• UK International Data Transfer Agreement (IDTA) for UK data subjects

We ensure that all international data transfers comply with GDPR and UK GDPR requirements.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

Contact Form Submissions:

• Retained for 2 years from the date of your enquiry or until you request deletion
• If we enter into a business relationship, data may be retained for the duration of the contract plus 6 years for legal and accounting purposes (as required by law)

Analytics Data:

• Google Analytics: 26 months (default retention period)
• Microsoft Clarity: 1 year

Security Logs:

• Retained for 90 days for security monitoring purposes

Cookies:

• Retention periods vary by cookie type. See our Cookie Policy for details.

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

1. Right of Access: Request a copy of the personal data we hold about you
2. Right to Rectification: Request correction of inaccurate or incomplete data
3. Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data
4. Right to Restrict Processing: Request that we limit how we use your data
5. Right to Data Portability: Receive your data in a structured, machine-readable format
6. Right to Object: Object to processing based on legitimate interests
7. Right to Withdraw Consent: Withdraw consent for analytics cookies at any time via our cookie banner
8. Right to Lodge a Complaint: File a complaint with your local data protection authority

How to Exercise Your Rights:
To exercise any of these rights, please contact us at: bart@barty.digital

We will respond to your request within 30 days (or sooner where possible).

8. Data Protection Authority

If you are located in the European Economic Area (EEA), you have the right to lodge a complaint with your local data protection authority.

For Poland:
Urząd Ochrony Danych Osobowych (UODO)
Website: https://uodo.gov.pl/
Email: kancelaria@uodo.gov.pl

For the UK:
Information Commissioner’s Office (ICO)
Website: https://ico.org.uk/
Email: casework@ico.org.uk

9. Security Measures

We take data security seriously and implement appropriate technical and organisational measures to protect your personal data, including:

• SSL/TLS encryption for data transmission
• Firewall and malware protection (Wordfence)
• Regular security updates for WordPress and plugins
• Access controls to limit data access to authorised personnel only
• Secure hosting with reputable providers

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but continuously work to protect your data.

10. Children’s Privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately, and we will delete it.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The “Last Updated” date at the top of this policy will be revised accordingly.

We encourage you to review this Privacy Policy periodically. Continued use of our website after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Bartosz Książek (Barty Digital)
Email: bart@barty.digital
Address: 11/20 Architektów, 35-082 Rzeszów, Poland
Website: https://barty.digital

For UK enquiries:
Phone: +44 7438 357620

For Polish enquiries:
Phone: +48 884 518 018

This Privacy Policy complies with the General Data Protection Regulation (GDPR), UK GDPR, and Privacy and Electronic Communications Regulations (PECR).