Skip to main content
Acorn Sinclair Logo

Privacy and Cookies Policy for acornsinclair.com

Last updated: October 15, 2025

§ 1. General Provisions

  1. This Privacy Policy (hereinafter referred to as the "Policy") defines the principles for the processing and protection of Users' personal data in connection with their use of the website acornsinclair.com (hereinafter referred to as the "Service" or "Website").
  2. The Controller of your personal data is Grzegorz Biały ELCODO, with its registered office at ul. Puławska 233/116, 02-715 Warsaw, Poland, NIP: 8652385906 (hereinafter referred to as the "Controller").
  3. Contact with the Controller regarding personal data processing is possible via the email address: contact@acornsinclair.com.
  4. The Controller makes every effort to protect the privacy of Users and ensure the security of their personal data by processing it in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as "GDPR".

§ 2. Purposes, Legal Bases, and Period of Data Processing

The Controller processes Users' personal data for the following purposes:

  1. Handling inquiries via the contact form:
    • Scope of data: The content of the message and optionally an email address if the User chooses to provide it. Providing an email address is voluntary but necessary to receive a response.
    • Purpose of processing: To respond to the inquiry, conduct correspondence, and present an offer at the User's request.
    • Legal basis: Art. 6(1)(f) of the GDPR (the Controller's legitimate interest, consisting of handling correspondence) or Art. 6(1)(b) of the GDPR (taking action at the request of the data subject prior to entering into a contract).
    • Processing period: Data will be processed for the time necessary to conduct the correspondence. After its conclusion, it will be permanently deleted or anonymized.
  3. Statistical analysis and improvement of the Website's functionality:
    • Scope of data: The Service uses the PostHog analytics tool, which helps us understand how Users interact with our site. This tool collects data such as visited subpages, time spent on the Service, device and browser type, approximate geographical location, and interactions with website elements. For this purpose, it uses cookies to distinguish unique users.
    • Purpose of processing: To create statistics that help understand how Users use the Service, which allows for the improvement of its structure, content, and user experience.
    • Legal basis: Art. 6(1)(a) of the GDPR (the User's voluntary consent expressed through the cookie management mechanism).
  5. Ensuring security and administering the Website:
    • Scope of data: Server logs, which may contain data such as the User's IP address, date and time of the visit, and information about the web browser and operating system.
    • Purpose of processing: Administering the servers and ensuring the security of the Service, including detecting and combating abuse.
    • Legal basis: Art. 6(1)(f) of the GDPR (the Controller's legitimate interest in ensuring the secure functioning of the Service).
    • Processing period: This data is stored for a short, limited period and is not used to identify Users.

§ 3. Data Recipients and Transfer Outside the European Economic Area (EEA)

  1. For the proper functioning of the Service, the Controller uses the services of external entities. Personal data may be entrusted to the following categories of recipients:
    • Cloud Infrastructure and Security Provider: Cloudflare, Inc., based in the USA, which provides hosting services (Cloudflare Workers), data storage (Cloudflare R2), database services (Cloudflare D1), and network and security services (CDN).
    • Analytics Tool Provider: PostHog, Inc., based in the USA.
  3. Due to the fact that the key service providers used by the Service (Cloudflare, Inc., and PostHog, Inc.) are based in the United States (i.e., outside the European Economic Area), a transfer of personal data to a third country may occur.
  4. The Controller informs that the data transfer is secured by appropriate legal mechanisms, namely Standard Contractual Clauses (SCCs) approved by the European Commission, which ensure an adequate level of personal data protection in accordance with GDPR requirements.

§ 4. Cookies

  1. The Service uses cookies, which are small text files stored on the User's end device (e.g., computer, phone).
  2. We use the following types of cookies:
    • Essential Cookies: These are required for the proper functioning of the Service, ensuring security and basic features. They do not require the User's consent. These include, for example, a cookie storing the User's language preference (the "locale" cookie) and cookies set by the security service provider, Cloudflare.
    • Analytical Cookies: Used by the PostHog tool to collect information about how Users use the Service. They allow for the creation of anonymous statistics, identification of returning Users, and website optimization. These files are installed only with your prior, voluntary consent.
  4. During your first visit to the Service, you are shown information about the use of cookies. Accepting or rejecting analytical cookies is possible through a dedicated consent management mechanism (cookie banner).
  5. You can always change your cookie preferences or delete them entirely through your web browser settings. However, please note that disabling essential cookies may affect the proper functioning of the Service.

§ 5. User Rights

In connection with the processing of your personal data, you have the following rights:

  1. The right of access to your data (Art. 15 GDPR).
  2. The right to rectification of your data (Art. 16 GDPR).
  3. The right to erasure of your data ("the right to be forgotten") (Art. 17 GDPR).
  4. The right to restriction of processing (Art. 18 GDPR).
  5. The right to object to the processing of your data based on the Controller's legitimate interest (Art. 21 GDPR).
  6. The right to data portability (Art. 20 GDPR).
  7. The right to withdraw consent at any time (with regard to data processed on the basis of consent, e.g., for analytical purposes), which does not affect the lawfulness of processing based on consent before its withdrawal.
  8. The right to lodge a complaint with a supervisory authority, which in Poland is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warsaw).

To exercise your rights, please contact us at the email address: contact@acornsinclair.com.

§ 6. Data Security

The Controller applies technical and organizational measures to protect the processed personal data. Communication between your device and the server is encrypted using the SSL (Secure Socket Layer) protocol, which is a fundamental measure for protecting data on the internet.

§ 7. Final Provisions

  1. The Controller reserves the right to make changes to this Privacy Policy. Any changes will be published on the Website.
  2. In particular, if the Service begins to use marketing tools in the future (e.g., tracking pixels), this Policy will be updated, and where appropriate, Users will be asked to provide relevant consents.
  3. This version of the Privacy Policy is effective as of October 15, 2025.