Legal
Privacy
Policy
This policy explains how we collect and use personal data when you use storise.eu and when you contact us. It is intended to help you understand your rights under the GDPR and applicable Polish law as of 2026.
Last updated: 22 April 2026
1. Who is responsible for your data?
The controller of your personal data within the meaning of Art. 4(7) GDPR is:
IDM, ul. Fort Wola 22/22, Warsaw, Poland; VAT/NIP: 7792508107 (hereinafter: Storise). For all data protection enquiries, please write to: hello@storise.eu.
This policy covers only the storise.eu website and the contact channels directly associated with it (contact form, e-mail correspondence). It does not cover data processed under separate service agreements with clients — the scope and terms of such processing are set out in the relevant contractual documents.
We operate from Warsaw and work with clients in Poland and internationally.
2. What data we process and why
We process only the data that is necessary for the purposes below. The legal bases come from the GDPR (Article 6), in particular: performance of a contract or steps at your request (Art. 6(1)(b)), legitimate interests (Art. 6(1)(f)) where applicable, and consent where we rely on it (Art. 6(1)(a)).
Contact form and e-mail
When you use the contact form on storise.eu or write to us by e-mail, we process: name, e-mail address, and any other fields you provide (e.g. company, phone, the content of the message, how you found us, preferred language of communication).
We use this data solely to handle your enquiry and, if a working relationship follows, to prepare or perform an agreement with you. Technical details transmitted with the message (e.g. browser type, referring page), if they appear in the e-mail or server logs, are processed to ensure the security of the channel and to prevent abuse.
The legal basis is Art. 6(1)(b) GDPR (pre-contractual/contractual steps) and, for necessary security and anti-spam measures, Art. 6(1)(f) GDPR (our legitimate interest in operating a secure contact channel).
Providing the data marked as required (name, e-mail address, message content, and consent) is necessary to handle your enquiry — without it, we cannot respond. All other fields (company, phone, how you found us) are optional and may help us assist you but are not required.
Website use, hosting, and logs
When you visit storise.eu, the hosting infrastructure and our application may process connection data, such as IP address, date and time of the request, page requested, user agent, and referrer. This is required to deliver the page, ensure stability and security, and analyse aggregate technical performance.
The legal basis is Art. 6(1)(f) GDPR (legitimate interest in security, IT operations, and limited troubleshooting). To the extent server logs are strictly necessary for the operation of the service, a parallel basis may be Art. 6(1)(b) where applicable.
Cookies and similar technologies
We use cookies and similar storage to remember your language and locale preferences and to support site routing consistent with that choice. We may set short-lived technical cookies in connection with language detection to avoid repeated redirects.
The legal basis for using strictly necessary cookies is the Polish Electronic Communications Act of 12 September 2024 (Prawo komunikacji elektronicznej, PKE), implementing the ePrivacy Directive — relying on the exemption for storage/access strictly necessary for the service you have explicitly requested. The site does not use analytics, marketing, or any third-party tracking technologies (including advertising pixels, Google Analytics, or similar). Should we introduce such tools in the future, we will update this policy and, where required by law, implement a prior-consent mechanism.
3. How long we keep data
We store contact form and e-mail correspondence data for the time required to handle the enquiry, and no longer than 12 months from the last exchange in that matter — unless the enquiry leads to a working relationship. Where a contract is concluded, data necessary for its performance is kept for the duration of the contract and for 5 years from the end of the calendar year in which the contract ended, in line with the applicable limitation periods for claims and statutory accounting and tax obligations.
Server and security logs (including IP addresses and connection data) are retained for no longer than 90 days from the time they are generated, after which they are deleted or anonymised.
4. Recipients and processors
We share data only with processors who help us operate the site and e-mail, under data-processing agreements that require them to keep your data confidential and process it only on our documented instructions. These are: our hosting/infrastructure provider and our e-mail service provider. We do not use any analytics or advertising service providers; no tracking pixels or third-party analytics tools are embedded in the site.
Some infrastructure providers may process data outside the European Economic Area. Where data is transferred to the United States, we rely on appropriate safeguards — certification under the EU–US Data Privacy Framework (European Commission Decision 2023/1795) for certified entities, or Standard Contractual Clauses — in accordance with Chapter V GDPR.
5. Your rights
Under the GDPR you have: the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20, where applicable), and the right to withdraw consent at any time — without affecting the lawfulness of processing carried out before withdrawal.
Right to object (Art. 21 GDPR) — where we process your data on the basis of legitimate interests (Art. 6(1)(f) GDPR), you have the right to object at any time on grounds relating to your particular situation. We will then stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
You also have the right to lodge a complaint with a supervisory authority. In Poland, the supervisory authority is the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw.
To exercise your rights, write to: hello@storise.eu. We will respond without undue delay and at the latest within one month of receiving your request. For complex or numerous requests, we may extend this period by a further two months — we will inform you of any such extension and the reasons for it. We may need to verify your identity before responding.
6. No automated individual decision-making
We do not use automated decision-making, including profiling, that produces legal or similarly significant effects for you. If we were to introduce such processing in the future, we would notify you separately, identify the applicable legal basis, and — where required — obtain your prior explicit consent.
7. Children
The site is not directed at persons under 18 and we do not process children’s personal data. If you have reason to believe that a child has submitted personal data to us, please contact us immediately at hello@storise.eu and we will delete it without undue delay.
8. Changes
We may update this policy to reflect changes in the law or technical changes to the site itself. The current version is always published on this page with the update date shown at the top. We will give advance notice of material changes by posting a clear notice on the site. If a planned change would affect the purpose or scope of processing in a way that requires a new legal basis, we will ask for your consent or cease processing under the existing basis.