Privacy Policy

1. General information

This Privacy Policy sets out the rules for the processing of personal data in connection with the use of the website available at eshield.pl (“Service”).

This document has been prepared to fulfill the information obligations arising from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”) and describes the actual data processing operations used in the Service.

The Service is informational and business-oriented (B2B).

2. Personal data controller

The personal data controller is:

Engineering Shield Limited Liability Company
ul. Milionowa 4b (City Space)
93-102 Łódź

Branch:
ul. Półłanki 80
30-740 Kraków

KRS: 0001109317
NIP: 7282886000
REGON: 528814811

E-mail address: biuro@eshield.pl
Phone: +48 790 336 664

The Controller has designated a contact point for personal data protection matters.
Contact the Data Protection Officer (DPO): iod@eshield.pl

3. Scope of processed data

The Controller processes only the data necessary to achieve the purposes of the Service.

3.1 Data provided by the user

In particular:

• first and last name,
• e-mail address,
• phone number,
• company name,
• the content of an inquiry submitted via the form or by e-mail.

3.2 Technical data

To a limited extent, technical data may be processed, such as:

• IP address,
• browser and device information,
• statistical data regarding the use of the Service.

This data is not used to directly identify the user.

4. Purposes and legal bases for processing

Personal data is processed for the following purposes:

1. Handling inquiries and business contact
   Legal basis: Art. 6(1)(b) GDPR (steps prior to entering into a contract) and Art. 6(1)(f) GDPR (the Controller’s legitimate interest).
2. Performance of contracts and B2B cooperation
   Legal basis: Art. 6(1)(b) GDPR.
3. Compliance with legal obligations (accounting, settlements)
   Legal basis: Art. 6(1)(c) GDPR.
4. Ensuring the security of the Service
   Legal basis: Art. 6(1)(f) GDPR.
5. Statistical analysis of the use of the Service
   Legal basis: Art. 6(1)(a) GDPR (user consent).

5. Google Analytics

The Service uses Google Analytics (GA4) implemented via Google Site Kit solely for the purpose of statistical analysis of traffic in the Service.

• Google Analytics is activated only after the user has given consent.
• Before consent is given, no statistical data is collected.
• IP address anonymization is applied in accordance with the GA4 configuration.
• Statistical data is aggregated and is not used to identify users.

6. Google Maps

The Service may use the Google Maps service in the form of the JavaScript API to present the Controller’s location.

• Google Maps scripts are loaded only after the user has given consent.
• The service is not activated automatically upon the first visit to the website.
• Access to Google Maps resources is additionally technically restricted by the Content Security Policy (CSP).

7. Google reCAPTCHA

The Service uses the Google reCAPTCHA v3 mechanism, operating in the background, to protect forms and AJAX interfaces against abuse (spam, bots).

• reCAPTCHA operates automatically and does not require user interaction.
• This mechanism is necessary to ensure the security of the Service and is not blocked by the cookie consent mechanism.
• Google reCAPTCHA may process technical data (e.g., IP address, device information) in order to assess the risk of abuse.

The legal basis for processing data in this scope is the Controller’s legitimate interest (Art. 6(1)(f) GDPR).

8. Cookies

The Service uses cookies to a limited extent:

• technical and security cookies – necessary for the operation of the Service,
• statistical cookies – only after consent is given,
• no marketing or advertising cookies.

Detailed information can be found in the Cookie Policy available in the Service.

9. Transfer of data outside the EU

As a rule, the Controller processes data within the European Economic Area.

When using Google services, technical data may be processed within the infrastructure of these entities in accordance with applicable GDPR provisions, in particular on the basis of standard contractual clauses approved by the European Commission.

The Controller does not transfer personal data outside the EU on an ongoing basis and does not sell personal data to third parties.

10. Data retention period

Personal data is stored:

• for the period necessary to handle the inquiry or perform the contract,
• for the period required by law,
• until consent is withdrawn – in the case of data processed on that basis.

11. Rights of data subjects

The data subject has the following rights:

• access to data,
• rectification of data,
• erasure of data,
• restriction of processing,
• to object,
• withdrawal of consent at any time.

Requests may be sent to the following address: iod@eshield.pl

12. Data security

The Controller applies technical and organizational measures ensuring a high level of data security, including:

• a content security policy (CSP),
• limiting external integrations to the necessary minimum,
• encryption of connections (HTTPS),
• access control to systems.

13. Policy changes

The Controller may update this Privacy Policy in the event of changes in the operation of the Service or in legal regulations. The current version of the document is always available on the Service.

Date of last update: 31 January 2026.