Manifesto

Manifesto

Portfolio

Portfolio

Testimonials

Testimonials

Blog

Blog

Book free consultation

Manifesto

Manifesto

Portfolio

Portfolio

Testimonials

Testimonials

Blog

Blog

Book free consultation

Privacy policy

§ 1 General provisions

  1. Personal data of the users of the website located at the domain https://sourcepeak.studio are administered by Curiosum sp. z o.o. with its registered seat at Grudzieniec 32/1, 60-601 Poznań, Poland, entered in the Register of Entrepreneurs kept by the District Court Poznań - Nowe Miasto and Wilda in Poznań, VIII Commercial Department of the National Court Register, under KRS number 0000833883, with the share capital of PLN 5,000 paid in full, REGON: 385781950, NIP: 7812007384 (hereinafter: "Administrator").

  2. Contact with the Administrator is possible:

    • through email at hello@sourcepeak.studio,

    • through writing at Administrator’s address: Grudzieniec 32/1, 60-601 Poznań, Poland.

  3. The purpose of the Policy is to set forth the actions taken with respect to personal data collected through the Administrator's website and related services and tools used by its users, as well as in the activity of entering into and performing contracts in contact outside the website (e.g., collaboration agreements).

  4. If necessary, the provisions of this Policy may be amended. The change will be communicated to users by announcing the new content of the Policy, and in the case of the base of persons who have consented to the processing of data by e-mail or have provided e-mail data in the performance of contracts, they will also be notified of the change by e-mail where required by applicable law.

§ 2 Basis of processing, purposes and storage of personal data

  1. Users' personal data are processed in accordance with the European General Data Protection Regulation, and in the territory of Poland also in accordance with Polish Personal Data Protection Act of 10.05.2018 and Polish Act on Provision of Electronic Services of 18.07.2002.

  2. In the case of processing of personal data on the basis of a query or complaint sent by the user through email, such processing shall be based on Article 6(1)(b) of the General Data Protection Regulation, according to which the processing is necessary in order to take action at the request of the data subject.

  3. In the case of obtaining a separate consent of the user, his personal data can be processed by the administrator also for marketing purposes (e.g. direct e-mail communication), including in order to send commercial information electronically to the e-mail address indicated by the user (Article 6(1)(a) of the General Data Protection Regulation).

  4. In the case of the conclusion and performance by the Administrator of a contract for the provision of services, the other party is required to provide the data necessary for the conclusion of the contract (which is a contractual requirement, and in terms of tax numbers also a statutory requirement) and for this purpose the Administrator processes personal data (Article 6(1)(b) and, in the case of tax and accounting data, also Article 6(1)(c) of the General Data Protection Regulation).

  5. In the case of research and analysis for the purpose of improving the performance of available services (e.g. tracking tools), Article 6(1)(f) of the General Data Protection Regulation is indicated as the basis for processing.

  6. Users' personal data are stored no longer than necessary to achieve the purpose of processing, i.e. until the withdrawal of consent if the processing is based on such consent, until the statute of limitations of claims of the Administrator and the other party for the execution of concluded agreements (in the case of agreements for the provision of services, in accordance with Polish law, the statute of limitations is 3 years (or 6 years in other cases), counting from the end of the year) and until the execution of an inquiry directed by e-mail or until the end of the investigation of a complaint.

§ 3 Processing of personal data of collaborators or candidates in the recruitment process

  1. The controller shall ensure that any personal data collected are used solely for the purpose of carrying out and servicing the cooperation with the controller and are not stored for longer than necessary for the aforementioned reasons. The data processing here takes place on the basis of Article 6(1)(b) of the General Data Protection Regulation.

  2. The CV and the data contained therein sent by the candidates for cooperation are processed and stored only for the purpose of recruitment to the Administrator's team and only until the end of the recruitment process, unless the candidate has given his consent to participate in further recruitment (in this case the processing takes place for a period of 3 years or until the withdrawal of consent). Data is processed here on the basis of paragraph 1(b) of the General Data Protection Regulation.

  3. Candidates for cooperation, as well as cooperating entities, have the right to request access to their personal data, rectification, erasure or restriction of processing, as well as the right to object to processing, and the right to data portability and the right to lodge a complaint with a supervisory authority.

  4. The provision of personal data by candidates for associates is voluntary, but failure to provide data will halt the recruitment process.

  5. The Administrator processes the image of a co-worker or candidate for co-worker only after obtaining his/her prior consent to do so. The processing here is based on Article 6(1)(a) of the General Data Protection Regulation.

§ 4 Data sharing

  1. The Administrator shall ensure that any personal information collected is used to fulfill obligations to users. This information will not be shared with third parties except:

    • prior consent of the data subjects to do so has been expressed, or

    • such transfer is necessary when the Administrator uses cooperating entities, e.g., accountants, subcontractors, law firms, web hosts, service providers, including marketing services,

    • if the obligation to provide such data arises or will arise under applicable law, e.g. to law enforcement agencies.

  2. The Administrator may share anonymized data (i.e., data that does not identify specific Users) with external service providers in order to better identify the attractiveness of advertisements and services to Users, and in this regard, due to the location of the software providers, data may be transferred - subject to the principles of their protection - to third countries; however, where such transfers occur, the Administrator applies standard contractual clauses approved by the European Commission. These entities in the case of the Administrator are:

    • Google Inc. (registered office: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for Google analytics tools used to analyse web site statistics, Google Tag manager: used to manage scripts by easily adding code snippets to a website or application and to track users & actions on the website, Google Ads: used to display sponsored links in Google search results and on sites cooperating within the Google AdSense programme. Using the link below: https://tools.google.com/dlpage/gaoptout it is possible to disable activity measured by Google Analytics,

    • Microsoft Corporation, One Microsoft Way, (registered office: Redmond, WA 98052-6399) for Clarity to analyze user behavior to understand how users interact with the Site, including through session replays and heat maps,

§ 5 User rights

  1. The user whose personal data are processed has the right to inspect their data, complete, update, rectify, temporarily or permanently restrict their processing, request their deletion and transfer the data to another controller (subject to the technical possibilities of the parties). The access, supplementation, update, rectification, restriction of processing, deletion of data or transfer of data is carried out on the basis of the user's request sent to the e-mail address hello@sourcepeak.studio. Such request shall include the name of the user for identification purposes.

  2. Where the Administrator has obtained your consent to process your personal data, you have the right to withdraw your consent at any time. This will not affect the lawfulness of the processing that was carried out on the basis of consent before its withdrawal.

  3. The user ensures that the data provided or published by him on the site are correct.

  4. We make every effort to ensure that the processing of your personal data is carried out in accordance with the law. However, if you feel that we have committed an infringement, you have the right to lodge a complaint to the supervisory authority (President of Polish Office for Personal Data Protection, 2 Stawki Street 00-193 Warsaw).

  5. The Administrator does not apply automated decision-making that produces legal effects or similarly significantly affects the user, within the meaning of Article 22 of the General Data Protection Regulation. Basic profiling (e.g., email segmentation in MailerLite) may be used to personalize marketing content, but it does not produce significant effects for the user.

§ 6 Cookies Policy

  1. Cookies are small text files stored on the end user’s device that let the website remember your settings, measure performance, and display personalised content. You can manage your cookie preferences at any time by clicking here.

  2. “Cookies” typically contain the domain name they come from, their lifetime and a unique identifier of the browser.

  3. We use cookies to:

    • adapt the site to your preferences and optimise its operation

    • create anonymous statistics that help improve the structure and content

    • show advertising or job content tailored to your interests

  4. Categories of cookies and legal basis:

    • Necessary – ensure basic site functions; processed under our legitimate interest – art. 6 (1)(f) GDPR.

    • Analytics – measure site traffic and behaviour; loaded only after your consent – art. 6 (1)(a) GDPR.

    • Marketing – personalise recruitment/advertising content (e.g. LinkedIn); loaded only after consent – art. 6 (1)(a) GDPR.

  5. Retention: persistent cookies remain until you manually delete them, withdraw consent via the “Cookie settings” panel, or they expire automatically according to the provider’s default settings (currently anywhere from minutes up to 25 months). Exact lifetimes are managed by the providers listed below and may change—see their policies.

  6. Key cookies we set or load:

    • _ga, ga* – Google Analytics – distinguishes users and collects anonymous site usage data – provider-defined – Analytics

    • _clck, _clsk – Microsoft Clarity – stores user behavior and session identifiers for heatmaps – provider-defined – Analytics

    • __cf_bm – Cal.com – used by Cloudflare for security and bot detection – provider-defined – Necessary

    • *__Secure-next-auth. ** – Cal.com – maintains secure user sessions for the booking system – provider-defined – Necessary

  7. Cookies are not used to identify you personally; any data collected is encrypted to prevent unauthorised access.

  8. Most browsers accept cookies by default, but you can change this in your settings or through the “Cookie settings” link in the footer to give or withdraw consent.

  9. See browser help pages for detailed instructions:

  10. For mobile devices, refer to your OS user guide for cookie management options.

  11. This version of the Privacy and Cookies Policy is valid from 2026-01-20. Previous versions are available from the Administrator upon request.