Privacy Policy & Cookies — METALUM

If you’ve landed here, it means you value privacy. We respect that 100%. Below you’ll find, in one place, the rules for processing personal data and information about cookies and similar technologies used in connection with the operation of the website https://metalum.eu/.

Upfront notice: the website is administered by Metalum Łukasz Wolny, ul. Zimowa 12, 42-229 Częstochowa, NIP (Tax ID): 5732521681, REGON: 540636961.

For clarity, we’ve adopted a Q&A format.

Change your consents

1: Who manages your data?

The controller of your personal data is Metalum Łukasz Wolny (hereinafter: the “Controller”).

2: How to contact us about privacy?

We have not appointed a Data Protection Officer, as it is not required in our situation. For questions about data and privacy, write to: kontakt@metalum.eu.

3: What data might we process about you?

The scope depends on which feature you use. It may include, among others:

• first and last name,
• home address / business address,
• Tax ID (NIP),
• email address,
• phone number,
• content you send us (e.g., correspondence),
• bank account number (e.g., for settlements),
• approximate location,
• topics you’re interested in,
• content of comments/reviews posted on the site.

We also use tools that collect so-called Anonymous Information related to how you use the site, for example:

• device type, operating system, browser,
• pages viewed, visit duration, navigation paths,
• clicks, traffic source,
• age range, approximate location (city),
• interests inferred from online activity.

Anonymous Information, by itself, does not allow us to identify a specific person and we do not combine it with “named” data. Out of caution, however, we describe its processing as if it could be considered personal data.

4: Where do we get the data from?

Most often, you provide it yourself when you:

• add a comment/review,
• contact us by email,
• follow us on social media or interact with our content.

Some information is collected automatically by analytics/marketing tools (described below) — this is the Anonymous Information.

5: How do we keep data secure?

We assess risks, implement appropriate technical and organizational measures, train our team, and refine procedures. Questions? Write to: kontakt@metalum.eu.

6: For what purposes and on what legal basis do we process data?

Purposes and legal bases (GDPR):

• handling comments — Art. 6(1)(f) GDPR,
• handling correspondence — Art. 6(1)(f) GDPR,
• settlements, taxes, accounting — Art. 6(1)(c) GDPR together with tax regulations,
• archiving for the purposes of establishing/defending/ pursuing claims — Art. 6(1)(f) GDPR,
• creating audience groups (e.g., Facebook) — Art. 6(1)(f) GDPR,
• managing social media profiles — Art. 6(1)(f) GDPR,
• analytics/statistics based solely on Anonymous Information — Art. 6(1)(f) GDPR,
• our own marketing using Anonymous Information — Art. 6(1)(f) GDPR,
• ensuring operation of widgets (e.g., YouTube) and social plugins — Art. 6(1)(f) GDPR.

Comments/reviews. To add a comment, we require at least a username (which may contain personal data) and an email address. Comments and data shared in the comment system settings are public on the site and you can edit or delete them. The legal basis is our legitimate interest (providing the comments feature).

Correspondence. When you contact us, you provide the data included in your message (e.g., email, name). We process the data to respond and then archive it in case we need to demonstrate arrangements. Basis: Art. 6(1)(f) GDPR.

Taxes and accounting. If we issue accounting documents containing your data, we store them for the period required by law. Basis: Art. 6(1)(c) GDPR.

Archive/claims. For evidentiary purposes, we may store certain data for the limitation period for claims (Art. 6(1)(f) GDPR).

Audience groups (Facebook). Your email address provided in correspondence with us may be hashed and used to create audience groups. You can object by writing to kontakt@metalum.eu.

Social media. We process only public information available within a given service and solely to manage the profile/communication (Art. 6(1)(f) GDPR). The rules of these services are defined by their administrators.

Analytics & marketing (Anonymous Information only). We create statistics and target ads without access to data that directly identifies a person. The basis is our legitimate interest (Art. 6(1)(f) GDPR). You can object by disabling the relevant cookies (details below).

Additional features (e.g., YouTube, social plugins). Used to ensure these elements work (Art. 6(1)(f) GDPR).

7: How long do we store data?

The period depends on the purpose. In general:

• correspondence — until the matter is closed and for the period necessary for evidentiary purposes,
• accounting documents — for the period required by law,
• data used to pursue/defend claims — until the relevant limitation periods expire,
• Anonymous Information — according to the lifecycles of the cookies/tools described below.

8: To whom do we entrust or disclose data?

We use external providers who may process data on our behalf:

• hosting provider,
• CRM system provider,
• invoicing system,
• accounting office,
• technical support/service,
• other subcontractors where necessary to deliver services.

All operate under data processing agreements and ensure an appropriate level of protection. Data may also be shared with:

• professional attorneys (legal counsel/advocate) — where justified,
• public authorities — where required by law,
• courier companies — to the extent necessary for deliveries (independent controllers).

With respect to Anonymous Information, the administrators are the tool providers (described below) — they process it in accordance with their own policies.

9: Transfers outside the EEA

Some tool providers (e.g., Google, Meta) may store data on servers outside the EEA (including in the USA). We apply legally required safeguards for such transfers (e.g., providers’ Standard Contractual Clauses).

10: Profiling and automated decisions

We do not make decisions about you that produce legal effects solely based on automated processing. We use behavioral advertising and content personalization, but within limits that do not materially affect your rights.

11: Your rights

You have the right to:

• access your data and obtain a copy,
• rectification,
• erasure (“right to be forgotten”),
• restriction of processing,
• object to processing based on Art. 6(1)(f) GDPR,
• data portability (for data processed on the basis of consent or contract),
• withdraw consent (if it was given),
• lodge a complaint with the supervisory authority (President of the Personal Data Protection Office — UODO).

The scope and conditions for exercising rights follow Articles 16–21 GDPR and may depend on the legal basis and purpose of processing. You can always write to kontakt@metalum.eu to ask what data we process and for what purpose.

12: What are cookies and do we use them?

Yes. Cookies are small text files stored on your device by our system (first-party cookies) or by partners’ systems (third-party cookies). They may be:

• session (deleted after you close the browser),
• persistent (stored for longer).

13: On what basis do we use cookies?

Necessary cookies — based on the necessity to provide the electronic service.
Other cookies (analytics, marketing, functional) — based on your consent expressed in the consent management banner. Until consent is given, they remain blocked.

Disabling cookies may limit the availability of some website features (e.g., social plugins).

14: How to disable cookies?

You can:

• manage them in your browser (block/delete, also for specific sites),
• use incognito/private mode,
• use extensions (e.g., Ghostery) or software with cookie-control features,
• use industry tools (e.g., youronlinechoices.com),
• use the cookie management mechanism available on our site.

No item 15 (we keep the numbering consistent with the original layout).

16: Which third-party cookies do we use?

Our website uses, among others:

• Google Analytics,
• Google Ads,
• Hotjar,
• Facebook (Meta) Custom Audiences,
• Facebook Connect and other social plugins,
• YouTube.

Google Analytics

Provider: Google LLC. We use GA based on our legitimate interest — statistics and site optimization. We implement a tracking code that may use servers worldwide. We enable IP anonymization. We do not have access to data that identifies a specific person. You can install the GA opt-out add-on: https://tools.google.com/dlpage/gaoptout
More about processing by Google: https://policies.google.com/technologies/partner-sites

Hotjar

Provider: Hotjar Limited. The tool helps us understand how the site is used (session recordings, heatmaps) without recording form contents. Data is pseudonymized. Opt-out: https://www.hotjar.com/legal/compliance/opt-out
Hotjar Privacy Policy: https://www.hotjar.com/legal/policies/privacy

Google Ads (remarketing)

Provider: Google LLC. A remarketing file may be stored on your device to display ads tailored to your activity on the site across the Google network. Google Ads settings: https://adssettings.google.com/

Facebook (Meta) Custom Audiences & plugins

Provider: Meta Platforms, Inc. We use the Meta Pixel to create audience groups and measure effectiveness. Pixel data is anonymous to us, but Meta may link it to your account. Ad settings: https://www.facebook.com/ads/settings

YouTube

Provider: Google LLC. We embed content in enhanced privacy mode. When a video is played, YouTube may store cookies and associate activity with your Google account (if you are logged in). Google’s policies: https://policies.google.com/privacy

17: Do we monitor behavior on the site?

Yes — via the tools listed above (Google Analytics, Google Ads, Hotjar, Meta Pixel). Details are in the third-party cookies section.

18: Do we display targeted ads?

Yes — we use Google Ads and Facebook/Meta Ads to run campaigns for defined groups based on criteria such as interests or on-site activity. The activities are described in the third-party cookies section.

19: How can you manage your privacy?

• browser cookie settings,
• extensions (e.g., Ghostery) and software with tracking controls,
• incognito/private mode,
• behavioral ad settings (e.g., youronlinechoices.com),
• our cookie consent panel,
• Google Analytics Opt-out: https://tools.google.com/dlpage/gaoptout,
• Google Ads Settings: https://adssettings.google.com/,
• Facebook Ads Settings: https://www.facebook.com/ads/settings,
• Hotjar Opt-out: https://www.hotjar.com/legal/compliance/opt-out

20: What are server logs?

Every request to the server is recorded in logs (IP address, date and time, browser/system information). Logs are used to administer the site; we do not link them to specific users and do not use them for identification.

21: What else is worth knowing?

We aim to write clearly and transparently. If anything is unclear or you have a question, write to kontakt@metalum.eu.

22: Can this document change?

Yes. The policy may be updated for legal or technological reasons. If you have an account on our site, we will inform you about changes. Archived versions will be made available here.