Privacy Policy

Website: hepytest.com

Effective date: 10.02.2026

1. Data Controller

The controller of personal data is HEPY Sp. z o.o., Aleja Stanów Zjednoczonych 51/122,
04-028 Warsaw, Poland, VAT ID (NIP): 1131891460.

Contact regarding data protection matters:
kontakt@hepytest.com.

2. Scope and Sources of Data

Personal data may be processed when you contact us, use forms on the website,
or give consent to receive marketing communication (newsletter).

We may process the following categories of data:

  • first name and last name,
  • email address and phone number,
  • company name,
  • content of messages sent via form or email,
  • technical data necessary to ensure website security (e.g. IP address).

3. Purposes of Processing and Legal Basis

Your data is processed for the following purposes:

  • Contact and handling inquiries – legal basis: Art. 6(1)(f) GDPR
    (legitimate interest in communication and correspondence) and/or Art. 6(1)(b) GDPR
    (pre-contractual actions).
  • Direct marketing and mailing – legal basis: Art. 6(1)(a) GDPR (consent).
    You may withdraw your consent at any time.
  • Security and prevention of abuse – legal basis: Art. 6(1)(f) GDPR.
  • Establishment, exercise or defense of legal claims – legal basis: Art. 6(1)(f) GDPR.

4. Voluntary Provision of Data

Providing data is voluntary but may be necessary to contact us, receive a response,
or carry out pre-contractual activities.
In the case of marketing communication, providing data and consent is voluntary.

5. Data Recipients

Your data may be shared with entities supporting us in operating the website and communication, in particular:

  • hosting provider (Proserwer – infrastructure located in the EU),
  • email service provider (Google Workspace),
  • form security providers (e.g. reCAPTCHA),
  • IT service providers (maintenance, servicing, technical support).

Data may also be disclosed to entities authorized under applicable law.

6. Data Transfers Outside the EEA

Due to the use of global service providers, your data may be transferred outside
the European Economic Area. Transfers are carried out in compliance with GDPR,
based on appropriate safeguards (e.g. standard contractual clauses).

7. Data Retention Period

  • Form inquiries / correspondence: up to 12 months after the end of contact, unless longer retention is justified.
  • Marketing communication: until consent is withdrawn.

8. Your Rights

You have the right to:

  • access your data,
  • rectify your data,
  • erase your data,
  • restrict processing,
  • data portability (where applicable),
  • object to processing based on legitimate interest,
  • withdraw consent at any time,
  • lodge a complaint with a supervisory authority (in Poland: the President of the Personal Data Protection Office – PUODO).

To exercise your rights, contact us at:
kontakt@hepytest.com.

9. Automated Decision-Making

As a rule, we do not make decisions concerning you based solely on automated processing
that would produce legal effects or similarly significantly affect you.

10. Security

We apply appropriate organizational and technical measures to protect personal data
against unauthorized access, loss, or modification.

11. Policy Changes

This policy may be updated in the event of changes in regulations or website operations.
The current version is published on this page.

12. Contact

If you have any questions regarding privacy, please contact us at:
kontakt@hepytest.com.