About Products Services Contact Blog

Privacy Policy

Effective date: 11.02.2026

1) Data Controller

The controller of your personal data is MML Studio sp. z o.o., ul. Opieńkowa 3, 86-065 Łochowice, Poland, KRS 0001221288, NIP 5543043921, REGON 543877926 („we”, „Controller”).

Privacy contact: [email protected]

2) What data we process

Depending on how you use the website, we may process:

  • Contact form data: name, email, subject, message content.
  • Technical data & logs: IP address, device/browser data, connection parameters, server logs.
  • Analytics data (GA4): events and usage statistics (depending on your cookie choices).
  • Blog comments: name (nickname), comment content, IP address, date and time. Email is not required.
  • Newsletter: email address, language preference (EN/PL).

3) Purposes and legal bases

  • Responding to inquiries: GDPR Art. 6(1)(f) (legitimate interest: communication with persons who contact us), and where the inquiry is directed at concluding a contract – also GDPR Art. 6(1)(b) (pre-contractual measures).
  • Security and proper operation (logs, anti-abuse, diagnostics) – GDPR Art. 6(1)(f).
  • Analytics (GA4) – your consent for analytics cookies under the Polish Act of 12 July 2024 – Electronic Communications Law (PKE), Art. 399–400, and ePrivacy rules; and, where applicable, GDPR Art. 6(1)(a).
  • Blog comments (enabling discussion) – GDPR Art. 6(1)(a) (consent) and GDPR Art. 6(1)(f) (legitimate interest: moderation and abuse prevention).
  • Newsletter (sending notifications about new posts) – GDPR Art. 6(1)(a) (consent). Consent is voluntary and may be withdrawn at any time.

4) Cookies and consent

We use: strictly necessary cookies and analytics cookies (GA4) – only if you consent. See Cookie Policy for details.

5) Processors / recipients

We use service providers (processors), including:

  • Cyber_Folks – hosting,
  • Cloudflare – CDN/security/DNS,
  • Google – GA4 and Consent Mode.

6) International transfers (outside the EEA)

Some providers may process data outside the EEA. Where required, transfers rely on appropriate safeguards (e.g., adequacy decisions or Standard Contractual Clauses).

7) Retention

  • Contact form: until the matter is handled + up to 6 years for potential claims defense (general limitation period under Art. 118 of the Polish Civil Code), or 3 years for claims arising exclusively from business activities.
  • Server logs: up to 12 months.
  • GA4: according to GA settings (commonly 2 or 14 months for certain event data).
  • Blog comments: until deleted by the author, moderator, or upon user request.
  • Newsletter: until consent is withdrawn (unsubscription).

8) Your rights

You have the right to: access, rectify, erase, restrict, object (where we rely on legitimate interests), data portability, not to be subject to decisions based solely on automated processing, including profiling (Art. 22 GDPR), and withdraw consent (where applicable), without affecting prior lawfulness.

You may also lodge a complaint with the Polish supervisory authority: PUODO.

9) Whether providing data is mandatory

Providing contact form data is voluntary, but necessary for us to reply.

10) Automated decision-making

We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR.

11) Updates

We may update this policy (e.g., if new tools are added). The current version will be published on the website with its effective date.