1. Data Controller

The controller of personal data collected through this website (hereinafter: the "Website") is:

• Name: DAKARDA STUDIO - Dawid Bińkowski, NIP: 9492074226
• Address for correspondence: ul. Piotrkowska 35, 90-410 Łódź
• Contact: contact@dakarda.com

2. Types of Data Collected

We collect the following categories of personal data in connection with the operation of this Website:

• Contact form data: email address, project type, message content (legal basis: Art. 6(1)(b) GDPR — pre-contractual measures at the data subject's request). Retained for 2 years or until the matter is resolved.
• Cookie data: consent preferences, language preferences (legal basis: Art. 6(1)(f) GDPR — legitimate interest / consent).
• Server logs: IP address, date and time of visit, browser and device information (legal basis: Art. 6(1)(f) GDPR — legitimate interest in ensuring security). Retained for 14 days.

3. Purposes of Data Processing

Your personal data is processed for the following purposes:

• Handling contact form enquiries and responding to your messages (Art. 6(1)(b) GDPR — performance of pre-contractual measures)
• Protecting the Website against spam and automated abuse via Google reCAPTCHA (Art. 6(1)(f) GDPR — legitimate interest in IT security)
• Storing language preferences to ensure a consistent browsing experience (Art. 6(1)(f) GDPR — legitimate interest in website functionality)
• Statistical analysis of website traffic, only if you have given your consent (Art. 6(1)(a) GDPR — consent)

4. Cookie Policy

This Website uses cookies (small text files stored on your device) to ensure its proper functioning, personalise content, and — with your consent — analyse traffic. Below is a complete list of cookies used on this Website. In accordance with Polish Electronic Communications Law (PKE) and the GDPR, only technically necessary cookies are installed without your prior consent.

Managing Cookies

When you first visit the Website, a consent banner is displayed at the bottom of the page. You may click "Accept All" or "Only Necessary" to make your choice, or select "Cookie Settings" to customise your preferences by category.

You may withdraw or change your consent at any time by clicking the "Cookie Settings" link in the website footer. You may also delete cookies through your browser settings.

5. External Services and Data Recipients

Google reCAPTCHA

To protect our contact forms from spam and automated abuse, we use Google reCAPTCHA v3, provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). reCAPTCHA analyses user behaviour on the page (mouse movements, time spent, clicks), IP address, operating system, browser, and other technical parameters to assess bot risk.

As of April 2026, under the updated reCAPTCHA service model, Google operates as a Data Processor under the Google Cloud Data Processing Addendum (DPA). Data collected by reCAPTCHA in this configuration is not used by Google for advertising purposes. Google is certified under the EU–U.S. Data Privacy Framework.

Discord (Notification Webhook)

Contact form submissions are forwarded to Discord via a secure webhook for internal team notification. The data transmitted includes the email address, project type, and message content. Discord Inc. (San Francisco, USA) acts as a sub-processor. Transfers are governed by Standard Contractual Clauses (SCCs).

Hosting

OVHcloud (France/EU) – CapRover on private dedicated server. The hosting provider processes server logs (IP addresses, access times) as a data processor under a data processing agreement.

6. Your Rights Under GDPR (RODO)

Under the General Data Protection Regulation (Regulation (EU) 2016/679, "RODO"), you have the following rights with respect to your personal data:

• Right of access — obtain confirmation of whether your personal data is being processed and a copy of it (Art. 15)
• Right to rectification — correct inaccurate or incomplete personal data (Art. 16)
• Right to erasure ("right to be forgotten") — request the deletion of your personal data when it is no longer necessary for the purpose for which it was collected (Art. 17)
• Right to restriction of processing — request that we limit how your data is used in certain circumstances (Art. 18)
• Right to data portability — receive your personal data in a structured, commonly used, machine-readable format (Art. 20)
• Right to object — object to processing based on legitimate interest, including profiling (Art. 21)
• Right to withdraw consent — withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal (Art. 7(3))
• Right to lodge a complaint — you may file a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa, https://uodo.gov.pl)

To exercise any of these rights, please contact us at the email address specified in Section 1. We will respond within 30 days of receiving your request.

7. Data Transfers Outside the EEA

Your personal data may be transferred outside the European Economic Area (EEA) when processed by Google (reCAPTCHA — USA) and Discord (notifications — USA). These transfers are safeguarded by Standard Contractual Clauses (SCCs) approved by the European Commission (Art. 46(2)(c) GDPR) and, in the case of Google, the EU–U.S. Data Privacy Framework (adequacy decision under Art. 45 GDPR). Details of the appropriate safeguards are available upon request.

8. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include: HTTPS/TLS encryption for all data in transit, secure server infrastructure with containerised deployments on isolated networks, input validation and sanitisation on all forms, automated bot protection (reCAPTCHA), and access controls restricting data access to authorised personnel only.