Privacy Policy

Effective from March 1, 2025

Dear User and Service Recipient,

We make every effort to ensure the security and confidentiality of your personal data. We care about your privacy both when you visit our RankIndexer website, register an account and use our services, and when you contact us by phone, email, or via online chat, subscribe to our newsletter, or visit our social media profiles. We operate in accordance with applicable regulations, including Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR).

In this document, we present the most important information regarding the processing of your personal data in a question and answer format. Our goal is to inform you about the purpose, legal basis, duration of processing, who may have access to your data, and the rights you are entitled to.

How Do We Collect Your Personal Data?

When using the RankIndexer service, you may be asked to provide your personal data. Providing this data is voluntary, but in some situations it is necessary – for example, without an email address you will not be able to receive the newsletter, create an account, or get a response to inquiries submitted via the contact form.

Some data is collected automatically using cookies during your visit to the website (e.g., IP address, browser type, operating system type). These data are used for website administration, hosting support, and creating marketing content. However, you can limit or block cookies using your browser settings or other available tools.

Who is the Administrator of Your Personal Data?

The administrator of your personal data is BPA Polska Dawid Karamon, based at ul. Marszałkowska 15/168, 35-215 Rzeszów, NIP: 5170276471, REGON: 180666481.

If you have any questions or concerns, you can contact us via email at: contact@rankindexer.com.

For What Purpose, on What Legal Basis, and for How Long Do We Process Your Data?

We process your personal data for the following purposes:

1. Concluding and Executing the Service Agreement

   • Purpose: Registration and management of a user account, placing orders for services (both free and paid), and performing the contract.
   • Legal basis: Art. 6(1)(b) GDPR – necessary processing for the performance of a contract or to take actions at your request prior to entering into a contract.
   • Duration: Until the service is terminated (e.g., account deletion or contract termination).

2. Fulfilling Tax Obligations

   • Purpose: Issuing invoices and storing accounting documentation.
   • Legal basis: Art. 6(1)(c) GDPR – legal obligation.
   • Duration: Until the applicable statute of limitations for tax liabilities expires.

3. Fulfilling Obligations in the Field of Data Protection

   • Purpose: Fulfilling obligations arising from data protection regulations.
   • Legal basis: Art. 6(1)(c) GDPR.
   • Duration: Until the applicable limitation periods for claims related to data protection violations expire.

4. Establishing, Pursuing, and Defending Potential Claims

   • Purpose: Taking measures to protect our rights in judicial or administrative proceedings.
   • Legal basis: Art. 6(1)(f) GDPR – legitimate legal interest.
   • Duration: Until the applicable limitation periods for claims under current regulations expire.

5. Ensuring the Proper Functioning of the Service and Analyzing User Activity

   • Purpose: Administering the service, creating statistics, and conducting marketing analyses (e.g., using analytical tools).
   • Legal basis: Art. 6(1)(f) GDPR – legitimate legal interest.
   • Duration: Until an effective objection is raised or the purpose of the processing is achieved.

6. Managing Social Media Profiles and Interactions

   • Purpose: Running a fan page and managing groups related to RankIndexer, and interacting with users.
   • Legal basis: Art. 6(1)(f) GDPR – legitimate legal interest.
   • Duration: Until the applicable limitation periods for claims under current regulations expire.

7. Responding to Inquiries

   • Purpose: Responding to your questions submitted by phone or electronically (including via the contact form and online chat).
   • Legal basis: Art. 6(1)(f) GDPR – legitimate legal interest.
   • Duration: Until the applicable limitation periods for claims under current regulations expire.

8. Marketing Purposes

   • Purpose: Promoting our services, maintaining business relationships, assessing customer satisfaction, and informing about new products and special offers.
   • Legal basis: Art. 6(1)(f) GDPR – legitimate legal interest or voluntarily given consent (Art. 6(1)(a) GDPR).
   • Duration: Until consent is withdrawn, an effective objection is raised, or the purpose of the processing is achieved.

Please Note!
We process personal data for as long as it is necessary to achieve the stated purposes, unless you submit a valid request for deletion of your data. The processing period may also be determined by applicable laws (e.g., retention of financial documents or limitation periods for pursuing claims).

Who May Be the Recipient of Your Personal Data?

In some cases, if necessary to achieve the processing purposes, we use the services of external entities to whom we transfer personal data, provided that they ensure adequate data protection and confidentiality.

Recipients of your personal data may include:

1. Entities participating in the performance of contracts (e.g., accounting offices, IT service providers, hosting providers, payment system operators).
2. Entities whose services we use in the course of our business activity under separate agreements (e.g., providers of website activity analysis tools, direct marketing systems, landing page builders, office software, project management systems, communication solutions).
3. State authorities authorized under applicable law.
4. Other entities to whom the data transfer is required or justified by law.

Do We Transfer Personal Data to Third Countries?

In principle, we do not transfer personal data to countries outside the European Union and the European Economic Area (EEA). However, if it becomes necessary to transfer data as part of the service provision, we will conduct an appropriate risk assessment and ensure a level of data protection in line with legal requirements.

By using the RankIndexer service, we utilize services and technologies provided by entities such as Facebook, Microsoft, or Google, which may be based in the United States and may process data on servers located outside the EEA. In such cases, we implement appropriate safeguards, e.g., standard contractual clauses approved by the European Commission.

Do We Profile Your Personal Data?

Within the RankIndexer service, we may engage in profiling, which involves analyzing user data (such as gender, age, interests, approximate location, and on-site behavior) to assess activity and potential interest in services.
Profiling allows for the personalization of offers and advertisements; however, it does not affect the terms of service agreements. The processed data is anonymous and is not directly linked to your identity, and no automated decisions with legal effects are taken.

What Personal Data Do We Process as a Data Processor and How Do We Obtain It?

As part of providing RankIndexer services, we also act as a data processor under a data processing agreement. These data are collected directly by the data controller, which is our company.
As a processor, we process data solely on the documented instructions of the controller (client) and commit to securing it with technical and organizational measures in accordance with Art. 32 GDPR. Authorized persons are bound by confidentiality obligations. After the termination of the service, we will return the data to the controller and delete all copies, unless the law requires further retention.

Do We Use Cookies?

On the RankIndexer website, we use cookies, which are short text files stored on the user’s device that can be read by our system as well as by third-party systems whose services we use (e.g., Facebook, Google).
Through cookies, we collect anonymous data about user visits, which helps improve the functionality of the site, identify errors, and conduct marketing activities.
Typically, web browsers accept cookies by default, but you can block or restrict them via your browser settings. On your first visit to the site, we will display information about the use of cookies. If you do not change the settings, you are deemed to have consented to their use.
Please note that disabling cookies may affect the functioning of the service (e.g., longer page load times, limited functionality).

How Do We Protect Your Data?

To ensure a high level of protection, we apply appropriate technical and organizational measures, including, among others:

1. Encrypting transmission using the TLS protocol,
2. Creating backup copies,
3. Securing data centers,
4. Conducting regular security tests,
5. Monitoring systems for security breaches,
6. Minimizing the risk of abuse and responding quickly in case of incidents,
7. Implementing data protection policies,
8. Ensuring the confidentiality, integrity, and availability of processing systems,
9. Allowing access to data only to authorized persons,
10. Regularly changing system access passwords.

What Rights Do You Have as a Data Subject?

You have the right to:

1. Access your personal data,
2. Correct your data,
3. Delete your data,
4. Restrict processing,
5. Object to processing,
6. Data portability,
7. Withdraw consent for processing (if consent is the legal basis).

In some situations, after analysis, we may refuse to fulfill these rights in accordance with applicable law.
Withdrawing consent does not affect the lawfulness of processing carried out prior to its withdrawal.
We will respond promptly to any requests regarding the exercise of these rights, but no later than one month from the receipt of the request. In case of complex requests, this period may be extended by up to two additional months, provided that you are informed about such an extension in advance.

How Can You Challenge Incorrect Data Processing?

If you believe that your personal data is being processed unlawfully, you may file a complaint with the President of the Personal Data Protection Office.

Does Using the Service Involve Sending Logs to the Server?

Using the RankIndexer service involves sending requests to the server where the site is hosted. Each request is recorded in server logs, which include, among other things, the IP address, date and time, browser information, and operating system details.
The data in the logs is not linked to specific individuals and is used solely for administrative purposes. Only authorized personnel managing the server have access to these logs.

Can We Change Our Privacy Policy?

Yes. The RankIndexer Privacy Policy may be supplemented or modified as technology evolves and needs change. We will inform you of any significant changes by posting the updated information on our site and, in the case of major changes, by sending a notification via email to registered users.