Privacy Policy of BizYou sp. z o.o.
This Privacy Policy (“Policy”) explains the rules for processing personal data (“Data”) collected via the websites www.bizyou.pl, www.provime.pl, www.truler.pl, and other tools or services offered by the Seller. The Seller makes every effort to ensure that Data are processed lawfully, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).
§1. Definitions
Terms used in this Policy have the meanings assigned to them in the Terms and Conditions available here, or as defined below:
Controller / Administrator – BizYou sp. z o.o., al. Jerozolimskie 181 B, Brain Embassy Agdar West Park, 5th floor, 02-222 Warsaw, registered in the District Court for the Capital City of Warsaw, 13th Commercial Division of the National Court Register under number KRS 0000828200; NIP 1182206020; REGON 385548780.
Data – personal data as defined in the preamble to this Policy.
Policy – this Privacy Policy.
User – any person using the Controller’s services, including a Client, or visiting the Controller’s websites.
Enquiry / Request (“Submission”) – as defined in § 2(1) of this Policy.
§2. Information on Data Processing
For any questions, requests or complaints regarding the processing of Data (“Submissions”), please contact the Data Protection Officer (DPO):
- by e-mail: iod@bizyou.pl, or
- in writing at: al. Jerozolimskie 181 B, Brain Embassy Agdar West Park, 5th floor, 02-222 Warsaw.
Each Submission should include:
(i) identification of the person concerned,
(ii) description of the issue, and
(iii) expected way of resolving the matter.
Processed Data
The Controller may process the following categories of Data: first name, last name, address (residential or correspondence), telephone number, e-mail address, IP address, tax identification number (NIP), company name, position of the Client’s representative, and any other data provided by the Client.
Purposes and Legal Bases of Processing
The Controller processes Data for the following purposes:
- Performance of a contract or taking steps prior to its conclusion (Article 6(1)(b) GDPR), including the provision of services by the Controller.
- Recruitment of candidates for participation in research (Article 6(1)(a) GDPR – consent).
- Account registration required to place orders (Article 6(1)(b) GDPR).
- Order placement and fulfilment (Article 6(1)(b) GDPR).
- Sending commercial information and newsletters – based on voluntary consent for marketing communication via e-mail and/or SMS/MMS (Article 6(1)(a) GDPR).
- Legitimate interests of the Controller (Article 6(1)(f) GDPR), in particular:
- establishing, exercising or defending legal claims;
- conducting analytics, marketing or statistical activities (including the use of cookies);
- direct marketing of the Controller’s services;
- contacting Clients or potential Clients (e.g. via contact form or enquiry);
- performing contracts when the data subject represents or is authorised by a Client;
- providing non-account services such as browsing websites or content search.
- Compliance with legal obligations (Article 6(1)(c) GDPR), such as maintaining documentation or issuing invoices.
Special Categories of Data
When participating in studies or tests, Data may reveal information about mental health, emotional state, political opinions or beliefs. Such information constitutes special categories of personal data, processed based on the explicit consent of the data subject (Article 9(2)(a) GDPR).
§3. Principles of Data Processing
- Data may be transferred to trusted service providers cooperating with the Controller, including IT system providers, payment operators, legal, accounting, debt collection or training service providers, courier and postal companies, and to public authorities authorised under applicable law (e.g. courts, tax offices). Each transfer is based on appropriate authorisation, a data processing agreement, or legal obligation.
- Data are not transferred outside the European Economic Area or to international organisations, unless expressly stated otherwise. In such a case, the Controller will inform the User in advance and ensure appropriate safeguards as required by Chapter V GDPR.
- The Controller does not use automated decision-making or profiling.
- Data will be retained no longer than necessary for the purposes for which they were collected – for example, until contract expiry, limitation of claims, or conclusion of communication related to a Submission – unless longer retention is required by law.
Rights of the Data Subject
In accordance with the GDPR, the User has the right to:
- access their Data (Article 15),
- be informed about processing (Article 12),
- rectify or update Data (Article 16),
- erase Data (“right to be forgotten”, Article 17),
- restrict processing (Article 18),
- data portability (Article 20),
- object to processing (Article 21),
- withdraw consent at any time (Article 7) – without affecting the lawfulness of processing based on consent before withdrawal,
- lodge a complaint with the supervisory authority, i.e. the President of the Personal Data Protection Office (UODO) (Article 77).
Providing Data is voluntary, but failure to do so may prevent cooperation with the Controller (e.g. conclusion or execution of a contract, communication, or access to materials).
§4. Cookies and Similar Technologies
The Controller uses cookies and similar technologies – small text files stored on the User’s device – to enable and improve the functionality of its services. Information obtained through cookies may include personal data.
Necessary Cookies
Essential cookies are used to deliver services and ensure website functionality. The legal basis is the necessity to perform a contract (Article 6(1)(b) GDPR) or the Controller’s legitimate interest (Article 6(1)(f) GDPR) – to provide high-quality services.
Optional Cookies
For other types of cookies (functional, analytical, performance, marketing/advertising), the legal basis is the User’s consent (Article 6(1)(a) GDPR).
Consent can be withdrawn at any time through browser settings.
Duration
- Session cookies – automatically deleted after expiry or browser closure.
- Persistent cookies – remain until manually deleted by the User.
Managing Cookies
Users may manage cookies through their browser settings. Deleting or blocking cookies may affect website functionality, displayed content, and stored preferences.
Cookies and pixel tags may also be used by third parties (e.g. Google, Facebook) to display their content or ads.
The Controller may use the following categories:
- Essential / technical cookies,
- Analytical cookies,
- Functional cookies,
- Marketing / advertising cookies,
- Performance cookies.
External cookies (e.g. Google Analytics, Facebook Pixel) are subject to their respective privacy policies.
§5. Final Provisions
Technological and service developments may result in changes to this Policy. The Controller will inform Users of any significant modifications.
Date of last update: 12.11.2025
Annex 1 – List of cookies used by the Controller
| No. | Cookie Name | Domain | Description | Storage Duration | ||||
| Necessary | ||||||||
| 1. | __cf_bm | .hs-scripts.com | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. | 1 hour | ||||
| 2. | __cf_bm | .hsforms.net | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. | 1 hour | ||||
| 3. | __cf_bm | .hsadspixel.net | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. | 1 hour | ||||
| 4. | __cf_bm | .hscollectedforms.net | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. | 1 hour | ||||
| 5. | __cf_bm | .hs-banner.com | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. | 1 hour | ||||
| 6. | __cf_bm | .hs-analytics.net | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. | 1 hour | ||||
| 7. | __cf_bm | .hubapi.com | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. | 1 hour | ||||
| 8. | __cf_bm | .hsforms.com | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. | 1 hour | ||||
| 9. | __cf_bm | .hubspot.com | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. | 1 hour | ||||
| 10. | __hssc | .bizyou.pl | HubSpot sets this cookie to track sessions. It determines whether HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, view count (increments each page view in a session), and session start timestamp. | 1 hour | ||||
| 11. | __hssrc | .bizyou.pl | HubSpot sets this cookie to determine whether the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session. | Session | ||||
| 12. | _cfuvid | .hsforms.com | Calendly sets this cookie to track users between sessions to optimise user experience, maintain session consistency, and ensure personalised services. | Session | ||||
| 13. | _cfuvid | .hubspot.com | Calendly sets this cookie to track users between sessions to optimise user experience, maintain session consistency, and ensure personalised services. | Session | ||||
| 14. | cookieyes-consent | bizyou.pl | CookieYes sets this cookie to remember users’ consent preferences so that they are respected during subsequent visits. It does not collect or store any personal information. | 1 year | ||||
| 15. | rc::a | google.com | This cookie is set by Google reCAPTCHA to identify bots and protect the site against malicious spam attacks. | Persistent | ||||
| 16. | rc::c | google.com | This cookie is set by Google reCAPTCHA to identify bots and protect the site against malicious spam attacks. | Session | ||||
| Functional | ||||||||
| 1. | callpage-widget-version | bizyou.pl | CallPage sets this cookie to determine when and where specific pop-up windows should appear, remember whether users closed them, and prevent repeated display. | Session | ||||
| Analytical | ||||||||
| 1. | __hstc | .bizyou.pl | This is the main tracking cookie set by HubSpot to track visitors. It contains the domain, initial timestamp (first visit), last timestamp (previous visit), current timestamp (this visit), and session number (increments for each session). | 6 months | ||||
| 2. | hubspotutk | .bizyou.pl | HubSpot sets this cookie to track visitors. It is passed to HubSpot when forms are submitted and used to deduplicate contacts. | 6 months | ||||
| Other | ||||||||
| 1. | PLEr7m6VY4 | api.callpage.io | No description available. | 1 month | ||||
| 2. | cp_metrics | bizyou.pl | No description available. | Never | ||||
| 3. | cp_widget_geo_response | bizyou.pl | No description available. | Never | ||||
| 4. | cp_widget_session | api.callpage.io | No description available. | 1 month | ||||
| 5. | rc::d-175493834599 | google.com | No description available. | Never | ||||