Privacy Policy
Last updated: 16 July 2026
This Privacy Policy describes how Hufiwe (operating at hufiwe.info, address: Trzebnicka 33, Wrocław, Poland) processes personal data in connection with the operation of this website and the provision of data audit consulting services. This policy is issued in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and the Polish Act of 10 May 2018 on the Protection of Personal Data (Dz.U. 2018 poz. 1000).
The data controller within the meaning of Article 4(7) of the GDPR is Hufiwe, with its registered place of business at Trzebnicka 33, Wrocław, Poland. You may contact the data controller by email at [email protected] or by telephone at +48 22 330 0330.
The controller is responsible for determining the purposes and means of processing personal data collected through this website and through direct communications related to the consulting services described herein.
We collect the following categories of personal data:
Contact data: name, email address, and any information voluntarily provided in enquiry messages submitted through contact forms on this website.
Technical data: IP address, browser type, operating system, pages visited, time and duration of visit, and referring URL, collected automatically through server logs and analytical cookies where consent has been granted.
Communication data: content of email correspondence and any documents exchanged in the course of discussing or conducting an audit engagement.
We do not collect special categories of personal data as defined in Article 9 of the GDPR.
Personal data is processed for the following purposes and on the following legal bases:
Responding to enquiries (Article 6(1)(b) GDPR): When you submit a contact form or send an email, we process your name and email address to respond to your enquiry. This processing is necessary for the performance of pre-contractual measures taken at your request.
Provision of consulting services (Article 6(1)(b) GDPR): Where an engagement is agreed, we process personal data as necessary to carry out the agreed scope of work.
Legal obligations (Article 6(1)(c) GDPR): We may process personal data to comply with applicable legal obligations, including tax and accounting requirements under Polish law.
Legitimate interests (Article 6(1)(f) GDPR): We process technical data for the purpose of ensuring the security and proper functioning of this website. Our legitimate interest lies in maintaining a secure and functional online presence.
Consent (Article 6(1)(a) GDPR): Where you have given consent to the use of non-essential cookies, we process technical data for analytical purposes. Consent may be withdrawn at any time.
Personal data is retained for no longer than is necessary for the purposes for which it was collected, subject to any applicable legal retention obligations.
Enquiry data where no engagement results is retained for a maximum of twelve months from the date of the last communication, after which it is securely deleted.
Data related to completed engagements is retained for five years from the end of the engagement, in accordance with Polish accounting and civil law obligations under the Ustawa z dnia 29 września 1994 r. o rachunkowości (Accounting Act).
Technical log data is retained for a maximum of ninety days unless a longer period is required for security investigation purposes.
We do not sell personal data to third parties. We do not share personal data for commercial marketing purposes.
Personal data may be shared with the following categories of recipients where necessary:
Email and hosting providers: We use third-party providers for email infrastructure and website hosting. These providers act as data processors under Article 28 of the GDPR and are bound by appropriate data processing agreements.
Professional advisors: Accountants, legal advisors, or auditors who require access to records as part of their professional services, where applicable.
Public authorities: Where required by applicable law or a binding legal order, we may disclose personal data to Polish public authorities, courts, or law enforcement bodies.
Where any transfer of personal data outside the European Economic Area occurs, we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR.
Under the GDPR, you have the following rights in relation to your personal data:
Right of access (Article 15): You may request confirmation of whether we process your personal data and, if so, a copy of that data along with information about how it is processed.
Right to rectification (Article 16): You may request correction of inaccurate personal data or completion of incomplete data.
Right to erasure (Article 17): You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to applicable legal retention obligations.
Right to restriction of processing (Article 18): You may request that we restrict processing of your personal data in certain circumstances.
Right to data portability (Article 20): Where processing is based on consent or contract and carried out by automated means, you may request a copy of your data in a structured, commonly used, machine-readable format.
Right to object (Article 21): You may object to processing based on legitimate interests at any time.
Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at [email protected]. We will respond within one month of receipt of your request, as required by Article 12 of the GDPR.
If you believe that the processing of your personal data infringes the GDPR or other applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority.
In Poland, the supervisory authority is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, PUODO), with its registered office at ul. Stawki 2, 00-193 Warsaw, Poland. Further information is available at uodo.gov.pl.
You may also lodge a complaint with the supervisory authority of the EU Member State of your habitual residence, place of work, or place of the alleged infringement.
This website uses cookies. Cookies are small text files placed on your device. Details of the cookies we use, their purposes, and how you can manage your preferences are set out in our Cookie Policy.
Non-essential cookies are only placed with your prior consent, which is obtained through our cookie consent tool. You may update your cookie preferences at any time by clicking the cookie settings option in the footer or by clearing your browser cookies and revisiting this site.
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or alteration, in accordance with Article 32 of the GDPR.
These measures include the use of encrypted connections (HTTPS) for data transmission, restricted access controls for personal data files, and regular review of security practices.
Where a personal data breach occurs that is likely to result in a risk to the rights and freedoms of natural persons, we will notify the competent supervisory authority within 72 hours of becoming aware of the breach, and affected individuals where required under Article 34 of the GDPR.
This Privacy Policy may be updated from time to time to reflect changes in our data processing practices or in applicable law. The date at the top of this document indicates when the policy was last revised.
We encourage you to review this policy periodically. Continued use of this website after changes have been made constitutes acknowledgment of the updated policy. Where changes are material, we will take reasonable steps to draw them to your attention.