1. General Provisions

1.1. This Privacy Policy outlines the principles governing the collection, processing, and protection of personal data by The Polish Genealogist, in compliance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and applicable Polish and European data protection laws.

1.2. This document applies to all individuals who use or interact with the Service, regardless of their geographic location.

1.3. The Administrator is fully committed to safeguarding the confidentiality and security of Users’ personal data and takes all necessary technical and organisational measures to protect it from unauthorised access, disclosure, alteration, or destruction.

1.4. By using the Service, the User acknowledges that they have read and understood this Privacy Policy and agree to the terms described herein.

1.5. The latest version of this Privacy Policy is always available at: https://www.polishgenealogist.co.uk/privacy-policy.

2. Definitions

For the purpose of this Privacy Policy, the following definitions apply:

  • Administrator – “Marcin Polak Nasi Przodkowie”, trading as “The Polish Genealogist”, registered at 9 Sienna Street, 70-542 Szczecin, Poland, EU VAT ID: PL5252912507.
  • User – Any individual accessing, using, or interacting with the Service, including Clients, visitors, and individuals submitting inquiries.
  • Service – The Polish Genealogist website and services, available at https://www.polishgenealogist.co.uk.
  • Personal Data – Any information related to an identified or identifiable natural person, as defined in Article 4(1) of the GDPR.
  • Processing – Any operation performed on personal data, including but not limited to collection, storage, use, modification, transfer, and deletion.
  • Cookies – Small text files stored on a User’s device, facilitating website performance and user experience improvements.
  • Data Subject – Any individual whose personal data is collected and processed by the Administrator.

3. Data Controller & Contact Information

3.1. The Data Controller responsible for processing personal data under this Privacy Policy is:

Administrator: Marcin Polak Nasi Przodkowie
Trading as: The Polish Genealogist
Registered Address: 9 Sienna Street, 70-542 Szczecin, Poland
E-mail: [email protected]

3.2. Users can contact the Administrator at any time regarding questions about data protection, their rights, or any concerns related to data processing.

3.3. The Administrator is not required to appoint a Data Protection Officer under Article 37 of the GDPR, as the scope of personal data processing does not involve large-scale sensitive data handling.

4. Legal Basis for Processing Personal Data

4.1. The Administrator processes personal data under the following legal grounds:

  • User consent (Article 6(1)(a) GDPR) – When a User voluntarily agrees to the processing of their personal data for specific purposes, such as subscribing to newsletters or receiving promotional content.
  • Contractual necessity (Article 6(1)(b) GDPR) – When processing is required to perform a contract between the User and the Administrator, including genealogical research services and document retrieval.
  • Legal compliance (Article 6(1)(c) GDPR) – When processing is necessary to comply with a legal obligation, such as tax regulations or financial reporting.
  • Legitimate interest (Article 6(1)(f) GDPR) – When processing is necessary to protect the Administrator’s interests, such as ensuring security, preventing fraud, or improving service quality.

4.2. The Administrator does not engage in automated decision-making or profiling that would have legal or similarly significant effects on Users.

5. Purposes of Data Processing

5.1. The Administrator collects and processes personal data for the following key purposes:

  • Providing genealogical and document retrieval services – This includes analyzing historical records, conducting research, and retrieving official documents.
  • Ensuring contractual obligations – Processing personal data necessary for the fulfillment of services, billing, and customer support.
  • Maintaining website functionality and security – Using anonymised and aggregated data to ensure optimal performance and security of the website.
  • Marketing and promotional purposes – Only when the User has explicitly consented, such as through subscribing to newsletters or requesting updates.

5.2. Personal data will not be processed for any purposes beyond those stated unless additional consent is obtained.

6. Data Retention Period

6.1. Personal data is retained only for as long as necessary to achieve the processing purposes outlined in this Policy:

  • Service execution data – Stored for the duration of the service contract and up to 3 years after completion to address potential legal claims.
  • Financial and tax data – Retained for up to 6 years in compliance with Polish and EU tax laws.
  • Marketing data – Stored until the User withdraws consent.
  • Anonymised website analytics – Retained indefinitely for performance analysis.

6.2. Upon request, Users may request early deletion of their data, except where retention is required by law.

7. Security Measures

7.1. The Administrator implements industry-standard technical and organisational security measures to protect personal data, including:

  • SSL encryption to ensure secure transmission of data.
  • Access controls to prevent unauthorised access to stored data.
  • Regular security assessments to identify and mitigate vulnerabilities.

7.2. Despite these measures, Users should also take precautions, such as using strong passwords and avoiding sharing personal data via unsecured channels.

8. User Rights Under GDPR

8.1. Users have the following rights regarding their personal data:

Right of access – Request a copy of personal data held by the Administrator.
Right to rectification – Request corrections to inaccurate data.
Right to erasure (“right to be forgotten”) – Request deletion of data when no longer necessary.
Right to restrict processing – Temporarily limit data processing under specific conditions.
Right to object – Object to data processing based on legitimate interest.
Right to data portability – Receive a structured, machine-readable copy of their data.

8.2. Users can exercise these rights by contacting: [email protected].