Privacy Policy
Effective date: 28 April 2026
Last updated: 3 June 2026
1. Introduction
This Privacy Policy explains how Handshake Labs Sp. z o.o. ("we," "us," or "our") collects, uses, and protects personal data when you visit www.handshake-labs.com (the "Website"). We keep this document straightforward because we believe privacy should be easy to understand.
2. Data Controller
The controller of your personal data is Handshake Labs Sp. z o.o. with its registered office in Warsaw, at ul. Wislana 8, 00-317 Warsaw, Poland, entered into the Register of Entrepreneurs of the National Court Register, maintained by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register, under KRS number: 0001244415, holding NIP number: 5253091923 and REGON number: 544878299, with a share capital of PLN 5,000.00.
3. What Personal Data We Collect
We collect only what is necessary for the purposes described below:
3.1 Contact form
When you submit our contact form or use it to schedule a meeting, we collect:
- Full name
- Email address
- Any information you choose to include in your message
3.2 Analytics and cookies
When you browse the Website, we may collect technical and behavioural data through Google's analytics and tag management tools (see Section 6 for details). This data is collected only if you consent to analytics cookies.
4. Purposes and Legal Basis for Processing
We process personal data under Regulation (EU) 2016/679 (GDPR) and the Polish Act on Personal Data Protection.
- Responding to enquiries (contact form) - Legal basis: Art. 6(1)(f) GDPR - legitimate interest in handling business inquiries and responding to messages submitted via the Website.
- Website analytics - Legal basis: Art. 6(1)(a) GDPR - your consent, given via the cookie banner.
- Compliance with legal obligations - Legal basis: Art. 6(1)(c) GDPR.
- Legitimate interests (security, fraud prevention) - Legal basis: Art. 6(1)(f) GDPR.
We do not use your personal data for automated decision-making or profiling.
5. Data Retention
- Contact form data is retained for up to 3 years from the date of last contact, which corresponds to applicable limitation periods under Polish law, or longer if required to fulfill a contractual relationship.
- Analytics data is retained in line with Google's standard retention settings (by default 14 months).
- Data subject to a legal obligation is retained for the period specified by applicable law.
When the retention period expires, data is deleted or anonymised.
6. Cookies and Third-Party Tools
The Website is built on Webflow and uses the following third-party services. A detailed cookie list is available in our separate Manage Cookies document.
6.1 Essential cookies
Required for the Website to function (e.g. security, session management). These are placed without consent.
6.2 Analytics cookies (consent required)
We use Google Analytics and Google Tag Manager to understand how visitors use the Website. These services set cookies and may transfer data to Google servers in the United States. Such transfers are covered by Google's Standard Contractual Clauses (SCCs) adopted by the European Commission.
7. Sharing of Personal Data
We do not sell or rent your personal data. We share data only with:
- Webflow, Inc. - as our hosting and website platform provider (processor);
- Google LLC - analytics and tag management (processor, data transferred under SCCs);
- Home.pl Sp. z o.o. - to deliver your form submission (processor);
- Public authorities - when required by law.
All processors are bound by data processing agreements that require them to protect your data in line with GDPR.
8. International Transfers
Some processors (Google, Webflow) are based in the United States. Data transfers to the US are safeguarded by Standard Contractual Clauses (SCCs) approved by the European Commission under Art. 46(2)(c) GDPR, and/or by the EU-U.S. Data Privacy Framework where applicable.
9. Your Rights
Under GDPR, you have the right to:
- Access the personal data we hold about you (Art. 15);
- Rectify inaccurate or incomplete data (Art. 16);
- Erasure ("right to be forgotten") where the legal basis no longer applies (Art. 17);
- Restrict processing in certain circumstances (Art. 18);
- Data portability in a structured, machine-readable format (Art. 20);
- Object to processing based on legitimate interests (Art. 21);
- Withdraw consent at any time without affecting the lawfulness of prior processing (Art. 7(3));
- Lodge a complaint with a supervisory authority.
To exercise any of these rights, email us at contact@handshake-labs.com. We will respond within 30 days.
10. Supervisory Authority
If you believe your rights have been violated, you may file a complaint with the Polish supervisory authority:
President of the Personal Data Protection Office (UODO)
ul. Moniuszki 1A, 00-014 Warsaw, Poland
More information / contact: https://uodo.gov.pl/en/484/874
11. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include, among others, access controls, secured data transmission, and system monitoring. Given our focus on cybersecurity, security is a core part of how we build and operate our systems, not an afterthought.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be announced on the Website with a revised effective date. Continued use of the Website after the effective date constitutes acceptance of the updated policy.
13. Contact
For any questions about this Privacy Policy or the way we handle personal data:
Handshake Labs Sp. z o.o.
ul. Wislana 8, 00-317 Warsaw, Poland
Email: contact@handshake-labs.com
Website: www.handshake-labs.com