Strategic Dreamers

Privacy Policy – strategicdreamers.com

Last updated: 19 January 2026

This Privacy Policy explains how personal data is processed when you use the website www.strategicdreamers.com (the “Website”), contact us via forms or email, and (in the future) purchase products in our online store.

This Policy is drafted to align with the GDPR (Regulation (EU) 2016/679).

1) Data Controller and contact

Data Controller: Strategic Dreamer – Bartosz Frąckowiak (sole proprietorship), Warsaw, Poland.
Public business directories list: NIP 9721026218, REGON 523200820.

Postal address (as provided by you): ul. Ludwika Narbutta “214”, 02-541 Warszawa, Poland (recommended: confirm the exact format of the street/flat number before publishing).

Privacy contact (data protection matters): bartek@strategicdreamers.com

Data Protection Officer (DPO): We have not appointed a DPO (this is typically not mandatory for small organisations unless specific criteria are met).

2) What data we collect (and from where)

A) Data you provide to us

  1. Contact form / email correspondence
  • Identity & contact data: first and last name, email address, company name (if provided)
  • Message data: subject, message content / “how can we help”
  • Consent/acknowledgement data: checkbox status, time and technical record of submission (where applicable)
  1. Business inquiries / contracting
  • Data needed to prepare an offer, conclude or perform a contract (e.g., scope, billing details, correspondence history)
  1. Online Store (planned)
    If/when the store is enabled, we may process:
  • Order & fulfillment data: name, email, phone (if collected), shipping address, billing address, items purchased, order history
  • Invoice/tax data: required statutory details for accounting and tax compliance
  • Payments: we do not plan to store full card data; payments are typically handled by external payment providers (details depend on the solution you choose)

B) Data collected automatically

When you use the Website, we may collect:

  • Technical data: IP address, device identifiers, browser type, OS, referring URLs, timestamps, pages visited
  • Server logs: security and troubleshooting logs generated by hosting infrastructure
  • Cookie/identifier data: depending on your cookie choices (see Section 5)

3) Why we process data (purposes) and legal bases

We process personal data only when we have a lawful basis under GDPR.

A) Responding to inquiries (contact form / email)

  • Purpose: respond to your message, communicate, keep continuity of correspondence
  • Legal basis: legitimate interests (GDPR Art. 6(1)(f)) and/or steps prior to entering into a contract (Art. 6(1)(b))

B) Providing services / concluding and performing contracts

  • Purpose: deliver services, manage projects, billing, client support
  • Legal basis: contract performance / pre-contract steps (Art. 6(1)(b)), and legal obligations (Art. 6(1)(c)) for accounting/tax

C) Running and securing the Website

  • Purpose: ensure security, prevent abuse, troubleshoot, maintain the Website
  • Legal basis: legitimate interests (Art. 6(1)(f))

D) Analytics (Google Analytics)

  • Purpose: understand Website usage and improve content and performance
  • Legal basis: your consent for analytics cookies/technologies where required (Art. 6(1)(a)) and/or legitimate interests only where a valid exemption applies (jurisdiction-dependent)

E) Marketing communications (only if enabled in the future)

  • Purpose: newsletters, offers, direct marketing messages
  • Legal basis: consent (Art. 6(1)(a)) and compliance with Polish electronic communications rules (opt-in). The Polish Electronic Communications Law (Prawo komunikacji elektronicznej, “PKE”) requires consent for certain direct marketing communications via electronic means.

We do not send marketing emails unless and until you opt in.

4) Is providing data mandatory?

  • Contact form / email: not legally mandatory, but without an email address (and usually a name/message) we cannot respond.
  • Contracts / store orders (future): certain data is necessary to conclude and perform the contract (e.g., delivery address for shipping).

5) Cookies and similar technologies

Cookies are small text files stored on your device. We may also use similar technologies (pixels, tags, device identifiers).

A) Types of cookies we may use

  • Strictly necessary cookies: required for core Website functions and security (may be used without consent where legally permitted)
  • Preferences cookies: remember settings (if implemented)
  • Analytics cookies: measure usage (e.g., Google Analytics)
  • Marketing cookies: track across sites for advertising (not planned at the moment)

B) How you control cookies

  • You can manage your cookie preferences via the cookie banner (if implemented) and/or your browser settings.
  • You can withdraw consent at any time via the cookie settings tool (recommended to implement).

6) Google Analytics (GA4)

We plan to use Google Analytics 4 to understand how users interact with the Website. According to Google, GA4 does not log or store IP addresses.

Important: Google policies prohibit sending data that Google could recognise as personally identifiable information (PII) (e.g., email address) to Analytics.

Retention: GA4 user-level data retention can be configured (commonly 2 or 14 months depending on settings).

Tag management (optional): If you use Google Tag Manager, it is a system that helps manage measurement tags without repeatedly changing the Website code.

7) Social media links and embedded content

A) Social media icons/links

The Website may include icons/links to social media platforms (e.g., LinkedIn, Instagram). Clicking a link takes you to a third-party site that processes data under its own privacy policy. Simply displaying a link typically does not transfer your profile data to that platform, but your device may share standard technical data when you visit the platform.

B) Embedded third-party content

If we embed content (e.g., videos, maps, widgets), the provider may collect data as if you visited their site directly—especially if you interact with the embed. Where required, we recommend loading such embeds only after consent (e.g., “click to load”).

8) Hosting (home.pl) and where data is stored

The Website is hosted using services provided by home.pl.

home.pl indicates its infrastructure is located in Poland (including data centres in the Warsaw agglomeration / Polish data centre facilities).

As with most hosting, server logs and technical data may be processed for security, maintenance, and service delivery.

9) Who we share data with (recipients / processors)

We may share personal data only when necessary, for example with:

  • Hosting and infrastructure providers: e.g., home.pl
  • Analytics providers: Google (GA4)
  • IT and security support providers (if used)
  • Accounting and legal advisors (when needed for compliance)

Online Store (planned)

If you enable the store, typical additional recipients may include:

  • Payment service providers (to process payments)
  • Courier / logistics providers (to deliver orders)
  • E-commerce platform providers (if you use a hosted store solution)

A current list of key processors can be maintained as an appendix once the exact vendors are selected.

10) International data transfers (outside the EEA)

Some providers (notably global technology platforms) may process data outside the European Economic Area. Where this occurs, we rely on legally recognised transfer mechanisms, such as Standard Contractual Clauses and/or adequacy decisions, as applicable under GDPR.

11) How long we keep data (retention)

We keep personal data only as long as necessary for the purposes described:

  • Contact inquiries: for the duration of correspondence and then for a reasonable period to manage follow-ups and defend potential claims (typical practice: 12–24 months, unless a longer period is justified).
  • Contracts and invoices: for the periods required by tax/accounting law and for limitation periods related to claims.
  • Website logs: typically short-term (days to months), unless needed for security investigations.
  • Analytics (GA4): per configured retention settings.

12) Your rights

Under GDPR, you may have the right to:

  • access your data
  • rectify inaccurate data
  • erase data (“right to be forgotten”), where applicable
  • restrict processing
  • data portability (where applicable)
  • object to processing based on legitimate interests
  • withdraw consent at any time (without affecting prior processing)
  • lodge a complaint with the Polish supervisory authority (UODO – President of the Personal Data Protection Office)

13) Automated decision-making

We do not use your data for decisions based solely on automated processing that produce legal or similarly significant effects (as understood by GDPR).

14) Security

We apply organisational and technical measures appropriate to the risk, such as access controls, encryption where relevant, and routine maintenance. No method of transmission is 100% secure, but we strive to protect data against unauthorised access, alteration, or loss.

15) Contact form checkbox wording (recommended)

If your form contains a required checkbox, the GDPR-preferred approach is an acknowledgement rather than “consent to reply” (because responding to an inquiry is usually based on legitimate interest / pre-contract steps, not consent).

Recommended required checkbox text (EN):

“I have read the Privacy Policy and understand that my personal data will be processed to respond to my inquiry.”

Optional marketing checkbox (only if you add newsletters/offers):

“I agree to receive marketing communications (e.g., newsletter, offers) by email from Strategic Dreamers. I can withdraw my consent at any time.”

(For marketing communications, ensure opt-in is specific per channel, consistent with Polish electronic communications requirements.)

16) Changes to this Policy

We may update this Policy when the Website or processing activities change (e.g., when the online store launches). The “Last updated” date will be revised accordingly.