Skip to main content
code.

Privacy Policy & Cookie Policy

Last updated: April 8, 2026

This document sets out the principles for processing personal data and the use of cookies on codefloat.pl. Please read it carefully.

1. Data Controller

The controller of your personal data is:

  • codefloat (sole proprietorship)
  • Email: contact@codefloat.pl
  • Website: www.codefloat.pl
  • Registration details available upon request.

2. Scope of Data Collected

We process only data voluntarily provided by the User — primarily via the contact form. The data collected includes:

  • First and last name
  • Business or personal email address
  • Message content / project description

Providing data is voluntary but necessary to receive a response or initiate a collaboration.

3. Purposes and Legal Bases for Processing

Contact form and business collaboration

Responding to enquiries, initiating and executing business collaboration.

Legal basis: Art. 6(1)(b) GDPR (steps necessary prior to entering into a contract, or performance of a contract).

Direct marketing

Informing about codefloat services based on legitimate interest — only towards individuals who have previously made contact.

Legal basis: Art. 6(1)(f) GDPR (legitimate interests of the Controller).

Protection against spam and abuse

Securing contact forms against bots and unauthorised access.

Legal basis: Art. 6(1)(f) GDPR.

Website analytics (analytical and marketing cookies)

Traffic analysis, website optimisation, and measuring the effectiveness of any marketing activities.

Legal basis: Art. 6(1)(a) GDPR (consent given by accepting cookies).

4. Cookie Policy

What are cookies?

Cookies are small text files stored on your device (computer, tablet, smartphone) when you visit our website. They facilitate navigation, remember your preferences, and help us analyse traffic on the site.

Necessary (required for the site to function)

Without these cookies, the website will not function correctly. They do not require your consent.

  • Cloudflare Turnstile verification (anti-spam protection for the contact form)
  • Remembering your cookie preferences

Analytical (require consent)

These allow us to understand how users interact with the site so we can improve it.

  • Google Analytics — anonymous traffic analysis (IP is truncated before being sent to Google)
  • Hotjar — session recordings and heatmaps for UX analysis

Marketing (require consent)

These enable the display of personalised ads on external platforms.

  • Meta Pixel (Facebook/Instagram) — measuring advertising campaign effectiveness

You can manage your consents at any time by clicking "Manage Cookies" in the site footer or by changing your browser settings. Withdrawing consent does not affect the lawfulness of processing that took place before withdrawal.

5. Analytics and Tracking Tools

The website uses the following third-party tools — only with your consent (except Cloudflare Turnstile and Mailgun, which are necessary for the site to operate):

Google Analytics (Google LLC, USA)

We use Google Analytics for anonymous traffic analysis — visitor counts, time on site, and traffic sources. IP anonymisation is enabled by default: the IP address is truncated before reaching Google's servers.

You can opt out of Google Analytics tracking by installing the browser add-on: tools.google.com/dlpage/gaoptout

Meta Pixel (Meta Platforms, Inc., USA)

The Meta Pixel allows us to measure the effectiveness of any advertising campaigns on Facebook and Instagram. It collects anonymised data about user behaviour on the site.

You can manage personalised ads in your Facebook account settings or at youronlinechoices.eu

Hotjar (Hotjar Ltd., Malta/USA)

Hotjar records session recordings and generates heatmaps to help us understand how users navigate the site. Sensitive form fields (e.g. email address) are automatically masked and are never recorded.

You can opt out of Hotjar at: hotjar.com/opt-out

Cloudflare Turnstile (Cloudflare, Inc., USA)

We use Cloudflare Turnstile to protect the contact form from bots and spam. The tool processes anonymised traffic telemetry for behavioural verification purposes. This is a necessary cookie — it operates without your consent.

Mailgun (Sinch, USA/EU)

Outgoing correspondence (the automated reply after submitting the contact form) is sent via the Mailgun API. Mailgun processes data solely to deliver the message and does not use it for its own marketing purposes.

6. Your Rights

Under the GDPR, you have the following rights:

  • Right of access\u2014 you may request a copy of the personal data we process about you.
  • Right to rectification\u2014 you may ask us to correct inaccurate or incomplete data.
  • Right to erasure (right to be forgotten)\u2014 you may request deletion of your data when there is no longer a legal basis for processing it.
  • Right to restriction of processing\u2014 you may request that your data be processed only in a limited scope.
  • Right to data portability\u2014 you have the right to receive your data in a structured, commonly used format.
  • Right to object\u2014 you may object to processing based on the Controller's legitimate interests.
  • Right to withdraw consent\u2014 you may withdraw any consent you have given (e.g. for analytical cookies) at any time without negative consequences. Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Right to lodge a complaint\u2014 you have the right to lodge a complaint with a supervisory authority. In Poland: President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, www.uodo.gov.pl.

To exercise any of these rights, please contact us at: contact@codefloat.pl. We will respond without undue delay and no later than 30 days.

7. Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected:

  • \u2013Contact form data: until the enquiry is resolved or collaboration ends, and no longer than 3 years from the last contact — unless legislation requires a longer period.
  • \u2013Billing and invoice data: 5 years from the end of the tax year, in accordance with accounting and tax regulations.
  • \u2013Analytics data (Google Analytics): 26 months by default, or until consent is withdrawn — whichever comes first.
  • \u2013Data processed on the basis of consent: until consent is withdrawn or cookies are deleted by the User.

8. Data Recipients

Your data may be shared with the following categories of recipients — only to the extent necessary to deliver the service:

  • \u2013Hosting infrastructure provider — the server on which the website runs (processing within the EEA or with appropriate safeguards).
  • \u2013Mailgun (Sinch) — third-party email service provider for outbound correspondence.
  • \u2013Google LLC — Google Analytics (website analytics, only with your consent).
  • \u2013Meta Platforms, Inc. — Meta Pixel (marketing/remarketing, only with your consent).
  • \u2013Hotjar Ltd. — session recordings and heatmaps (only with your consent).
  • \u2013Cloudflare, Inc. — anti-spam protection (Turnstile) and CDN infrastructure (necessary cookie).

Your data is not sold or shared with third parties for marketing purposes without your explicit consent.

9. Data Transfers Outside the European Economic Area (EEA)

Some of our providers are based in the United States (outside the EEA). Every such transfer is appropriately safeguarded:

  • \u2013Google LLC (USA) — Google holds an EU-U.S. Data Privacy Framework certification. Transfer is carried out on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission.
  • \u2013Meta Platforms, Inc. (USA) — Meta holds an EU-U.S. Data Privacy Framework certification. Transfer is carried out on the basis of Standard Contractual Clauses (SCCs).
  • \u2013Hotjar Ltd. (Malta/USA) — Transfer is carried out on the basis of Standard Contractual Clauses (SCCs).
  • \u2013Cloudflare, Inc. (USA) — Cloudflare holds an EU-U.S. Data Privacy Framework certification. Transfer is carried out on the basis of Standard Contractual Clauses (SCCs).

In all cases, we ensure that data transfers are based on appropriate safeguards as required by Art. 46 GDPR. A copy of the applicable contractual clauses is available upon request.

10. Changes to This Policy

We reserve the right to update this Policy in response to legal, technical, or organisational changes. We will notify you of any material changes by publishing a new version on this page with an updated date. We encourage you to check this document periodically.

11. Contact Regarding Personal Data

For any questions about how we process your personal data, the exercise of your rights, or the content of this Policy, please contact us:

contact@codefloat.pl