Privacy Policy

1. Data Controller

The controller of your personal data is:

Prime Helmsman Consulting Łukasz Derwisz
Address: Ojcowska 103, Bębło, Poland
NIP (Tax ID): 5130286196
E-mail: lukasz.derwisz11@gmail.com

For matters concerning personal data protection, contact us at: lukasz.derwisz11@gmail.com

2. What Data We Collect

As part of using the Notbly Service, we may collect the following categories of personal data:

3. Purpose and Legal Basis for Processing

3.1. Contract performance (Art. 6(1)(b) GDPR)

• User account registration and management
• Provision of services (quizzes, CV analysis, interview simulations)
• Processing payments for Premium services
• Communication related to orders and services

3.2. Legitimate interest (Art. 6(1)(f) GDPR)

• Analysis and improvement of Service functionality
• Ensuring security and detecting abuse
• Direct marketing of our services
• Pursuing claims and defending against claims

3.3. Consent (Art. 6(1)(a) GDPR)

• Marketing of partner services (if consent given)
• Use of marketing cookies

3.4. Legal obligation (Art. 6(1)(c) GDPR)

• Storage of accounting and tax documents
• Responding to requests from state authorities

4. Data Recipients

Your personal data may be shared with the following categories of recipients:

• Stripe – payment operator (transaction processing)
• OpenAI – AI technology provider (quiz generation, CV analysis, simulations)
• Hosting service providers – data storage
• Analytics service providers – Google Analytics (anonymized data)
• Accounting office – accounting services
• Law firms – in case of legal disputes

All recipients are obliged to maintain confidentiality and process data only in accordance with our instructions and applicable regulations.

5. Data Transfer Outside the EEA

Some of our tools (e.g., OpenAI, Stripe) may process data outside the European Economic Area. In such cases, we ensure an adequate level of protection through:

• Standard contractual clauses approved by the European Commission
• European Commission adequacy decisions
• Privacy Shield certifications (if applicable)

6. Data Retention Period

We retain your personal data for the following periods:

• Account data: Until account deletion or withdrawal of consent
• Quiz and analysis history: Until account deletion
• Accounting data: 5 years from the end of the tax year (legal obligation)
• Marketing data: Until withdrawal of consent or objection
• Security logs: 12 months

7. Your Rights

Under GDPR, you have the following rights:

7.1. Right of access (Art. 15 GDPR)

You have the right to obtain information about whether we process your data and to receive a copy of it.

7.2. Right to rectification (Art. 16 GDPR)

You may request correction of inaccurate data or completion of incomplete data.

7.3. Right to erasure - "right to be forgotten" (Art. 17 GDPR)

You may request deletion of your data if it is no longer necessary for the purposes for which it was collected.

7.4. Right to restriction of processing (Art. 18 GDPR)

In certain situations, you may request restriction of processing of your data.

7.5. Right to data portability (Art. 20 GDPR)

You have the right to receive data in a structured format and transfer it to another controller.

7.6. Right to object (Art. 21 GDPR)

You may object to data processing based on legitimate interest.

7.7. Right to withdraw consent

If processing is based on consent, you may withdraw it at any time.

7.8. Right to lodge a complaint

You have the right to lodge a complaint with the supervisory authority if you believe that the processing of your data violates the regulations.

8. Cookies and Tracking Technologies

Our Service uses cookies and similar technologies to:

• Ensure proper operation of the Service (necessary cookies)
• Remember user preferences (functional cookies)
• Analyze website traffic (analytical cookies)
• Personalize content and ads (marketing cookies)

8.1. Cookie management

You can manage your cookie preferences at any time via our Cookie Policy page, which includes a button to reopen the consent banner. You can also control cookies through your browser settings.

8.2. Google Analytics

We use Google Analytics (GA4) to analyse website traffic. Analytics cookies are only set after you give explicit consent. Data is transferred to Google LLC (USA) under Standard Contractual Clauses (SCCs). See our Cookie Policy for the full list of cookies used.

9. Data Security

We apply appropriate technical and organizational measures to protect your personal data:

• SSL/TLS connection encryption
• Password security (hashing)
• Regular backups
• Limited data access (authorized employees only)
• Security monitoring and audits
• Data processing agreements with subcontractors

10. Children's Data

Our services are intended for adults. We do not knowingly collect personal data from children under 16 years of age without parental or legal guardian consent.

If you learn that a child has provided us with their data without consent, contact us and we will delete that data.

11. Automated Decision-Making and Profiling

Our Service uses artificial intelligence to generate quizzes, analyze CVs, and simulate interviews. This process does not result in automated decisions producing legal effects or significantly affecting your situation.

Content generated by AI is solely supportive and educational in nature.

12. Changes to Privacy Policy

We reserve the right to update this Privacy Policy. We will inform you of significant changes through:

• Email notification
• Notice on the Service homepage

We recommend reviewing the Privacy Policy regularly to stay informed about how we protect your data.

13. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.