PRIVACY POLICY
profilon.pl — effective from 10 June 2026
1.1. This Policy describes what data is processed in connection with the use of the profilon.pl website ("Website"), for what purposes, on what legal basis and for how long, as well as the rights of data subjects.
1.2. The controller of personal data is Piotr Nowak — a natural person conducting unregistered business activity under Polish law, correspondence address: Cystersów 8/47, 31-553 Kraków, Poland ("Controller").
1.3. In all matters concerning personal data, you can contact us at: kontakt@profilon.pl.
1.4. Data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and the Polish Act of 18 July 2002 on Providing Services by Electronic Means.
2.1. Result record. After the result of the ProType Test is displayed, a result record is automatically saved on the Controller's server: the answers to the 24 questions (values 1–5), the means and bands of the four working-style dimensions, the code and name of the assigned type (or the designation of a cross-cutting result), technical calculation data (mode, method of determining the type), the language version and grammatical form of the interface, timestamps of starting the test and of creating the record, and a random technical identifier (UUID). The record does not contain an e-mail address, IP address, device identifier, or data from cookies.
2.2. Linking the result record to an e-mail address. If the User provides an e-mail address on the result page, the result identifier is added to the record containing the address. The link exists solely on the side of the record containing the e-mail address — the result record does not contain the address. As long as the link exists, the result record constitutes the User's personal data (pseudonymised data — attributable to a person solely by means of this link); severing the link (point 7.6) means that the record is no longer attributed to any person. Result records that have never been linked to an e-mail address are not attributed to any person.
2.3. Form data. When signing up to receive the result or for the Newsletter, the following are collected: the e-mail address, the content of the consents given together with a timestamp, the sign-up source, the language version, a profile summary (dimension bands, code, and type), and the result identifier (if the sign-up takes place from the result page) — in order to send the result and enable access to the extended dimension descriptions. Access to the extended dimension descriptions takes place via an individual link sent in that message; the link contains a random access identifier (token). A repeated sign-up with the same e-mail address from the result page overwrites the earlier entry made from that page, including the link to the result record. A repeated sign-up from another part of the Website does not create a new entry — the original remains unchanged. Entries made from different parts of the Website are stored as separate entries.
2.4. Technical data. The infrastructure used by the Website collects standard logs (including the IP address, date and time of the request, and browser type) for security and diagnostic purposes.
2.5. What we do not collect. The Website does not require creating an account or providing a first or last name. The current version involves no payments. The Website does not use cookies for analytical or marketing purposes.
3.1. Making the Test available, calculating and presenting the result — necessity for the performance of an agreement for the provision of services by electronic means (Article 6(1)(b) GDPR).
3.2. Storing result records for the purpose of examining the tool's reliability, analysing the distribution of results, verifying its correct operation (including clarifying reports concerning a result), and developing the tool — the Controller's legitimate interest (Article 6(1)(f) GDPR).
3.3. Sending the message containing the result, linking the result to the e-mail address, and enabling access to the dimension descriptions — necessity for the performance of an agreement (Article 6(1)(b) GDPR).
3.4. Newsletter — consent (Article 6(1)(a) GDPR), expressed by ticking a separate, optional box in the form; sending takes place in accordance with the provisions of the Polish Electronic Communications Law on the transmission of commercial communications.
3.5. Keeping logs and ensuring the security of the Website — the Controller's legitimate interest (Article 6(1)(f) GDPR).
3.6. Handling enquiries, reports, and complaints sent to kontakt@profilon.pl (the sender's e-mail address and the content of the correspondence) — necessity for the performance of an agreement or for taking action at the request of the person concerned (Article 6(1)(b) GDPR), and otherwise the Controller's legitimate interest consisting in conducting correspondence (Article 6(1)(f) GDPR).
3.7. Establishing, pursuing, or defending claims — the Controller's legitimate interest (Article 6(1)(f) GDPR).
3.8. Providing data is voluntary. The e-mail address is needed only for services requiring messages to be sent; the Test can be used without providing any identifying data.
3.9. Sign-up to the waiting list for the launch of the ProType Conversation Guide (business edition) and sending a one-time message informing about its launch — taking action at the request of the person before entering into an agreement (Article 6(1)(b) GDPR).
4.1. You can unsubscribe from the Newsletter at any time — via the unsubscribe link available in every message or by e-mail to kontakt@profilon.pl. Unsubscribing is equivalent to withdrawing consent.
5.1. Data is entrusted to entities supporting the operation of the Website: the provider of the Website's hosting and infrastructure, the database provider (servers located within the European Economic Area), and the provider of the e-mail sending system. The entrustment takes place on the basis of data processing agreements (Article 28 GDPR).
5.2. Data is not sold or made available to third parties for their own marketing purposes.
5.3. Test results are not provided to employers, recruiters, or any other third parties.
6.1. Data is stored on servers located within the EEA. Some infrastructure providers belong to corporate groups headquartered outside the EEA; to the extent this involves a transfer of data outside the EEA, it takes place solely on the basis of mechanisms provided for in the GDPR (an adequacy decision or standard contractual clauses).
7.1. The e-mail address and the result linked to it (result delivery) — for the period of providing the service, no longer than 24 months from sign-up, unless a request for data erasure is submitted earlier.
7.2. Newsletter subscribers' data — until unsubscribing from the Newsletter (withdrawal of consent).
7.3. Result records not linked to an e-mail address — indefinitely, as data not attributed to an identified person.
7.4. Technical logs — in accordance with the infrastructure providers' settings, for the period necessary for security and diagnostic purposes.
7.5. Correspondence related to enquiries, reports, and complaints — for the time necessary to handle the matter, and subsequently for the limitation period of any claims.
7.6. A request for data erasure is carried out by deleting the form entry (e-mail address, consents, profile summary), which automatically severs the link to the result record. The result record then remains in the dataset as a record not attributed to any person and may continue to be used statistically. At the express request of the person concerned, the Controller also deletes the result record itself.
7.7. The e-mail address signed up to the business-edition waiting list — no longer than 24 months from sign-up, unless a request for data erasure or withdrawal is submitted earlier.
8.1. Every person has the right to: access their data, rectify it, erase it, restrict its processing, data portability, object to processing based on a legitimate interest, and withdraw consent at any time (without affecting the lawfulness of processing carried out before the withdrawal).
8.2. These rights can be exercised by writing to: kontakt@profilon.pl.
8.3. Every person has the right to lodge a complaint with the President of the Polish Personal Data Protection Office (UODO).
9.1. The Test result is calculated automatically on the basis of the User's answers — solely in order to present it to the User for their own reflection.
9.2. The Controller does not make decisions concerning Users based solely on automated processing that would produce legal effects or similarly significantly affect them (Article 22 GDPR). Results are not used to evaluate persons, for selection, or to differentiate access to services.
10.1. The Website does not use analytical or marketing cookies and does not display a consent banner — the storage of information on the User's device is limited to what is technically necessary to provide the service or to carry out the User's express request.
10.2. The Website saves one cookie — profilon_lang — storing the selected language version of the Website. The cookie is saved solely after the User's explicit choice of language (clicking the language switcher), for a period of 12 months, and serves solely to remember that choice. It is not used for tracking or profiling.
10.3. The following are saved in browser storage (localStorage / sessionStorage): the Test progress, the selected grammatical form of the interface, the result together with its technical identifier, information about a completed sign-up (including the e-mail address provided), and technical interface flags. This data remains on the User's device until the browser data is cleared and is not used to track activity.
10.4. If analytics is implemented on the Website in the future, this Policy will be updated and, where required by law, Users will be asked for consent.
11.1. Data transmission is encrypted (TLS). Access to data stored on the server is limited to persons for whom it is necessary. The Website limits the scope of data collected to a minimum — the Test can be completed without providing any identifying data.
12.1. This Policy may be updated, in particular in the event of changes to the scope of the services or to the law. The new version is published on the Website together with its effective date; Newsletter subscribers will be informed of significant changes by e-mail.
12.2. This Policy is made available in the Polish and English language versions. In the event of any discrepancy between the versions, the Polish version prevails.