Privacy Policy

Last updated: [01 01 2025]

The controller of your personal data is Phoenix Advisory Sp. z o.o. (“Phoenix Advisory”, “we”, “us”).

If we appoint a Data Protection Officer (DPO), we will publish DPO contact details here.

This Privacy Policy explains how we process personal data when you:

• visit our website (phoenix-advisory.org),
   
• contact us (e.g., via forms, email, phone),
   
• request information, proposals, or services,
   
• interact with us on social media,
   
• apply for roles or cooperate with us as a supplier/partner.
   

We aim to provide information in a clear and transparent manner, as required by GDPR. 

Depending on how you contact us, we may collect:

• identity data (name, surname),
   
• contact data (email, phone, company, role),
   
• inquiry content (message, attachments),
   
• information needed to prepare an offer/contract (scope, billing details, correspondence).
   

When you use the website, we may collect:

• IP address, device identifiers, browser type,
   
• usage data (pages viewed, clicks, approximate location),
   
• cookies and similar technologies.
   

(Details depend on what tools you actually use — see Section 10 “Cookies”.)

We process your personal data for the following purposes:

1. To respond to inquiries and communicate with you.
    
2. To prepare offers and take steps prior to entering a contract.
    
3. To provide and manage services, including project delivery and service management.
    
4. To manage our business relationships (clients, suppliers, partners).
    
5. To improve website performance and security (fraud prevention, diagnostics).
    
6. To run marketing and business development (only where permitted; e.g., newsletters if you sign up).
    
7. To comply with legal obligations (e.g., accounting and tax).
    

We rely on the following lawful bases under GDPR:

• Contract / pre-contract steps — to provide a quote, enter, and perform an agreement.
   
• Legitimate interests — to respond to requests, maintain business communications, improve and secure our website, and develop our services (balanced against your rights).
   
• Legal obligation — where required by law (e.g., accounting, tax).
   
• Consent — where required (e.g., certain cookies, newsletter/marketing in some cases).
   

We may share personal data with:

• IT and hosting providers supporting our website and email,
   
• analytics/cookie providers (only if enabled and depending on your cookie choices),
   
• professional advisors (legal, accounting) where necessary,
   
• subcontractors/processors supporting service delivery (under data processing agreements where required),
   
• public authorities when required by law.
   

We do not sell your personal data.

If we transfer personal data outside the European Economic Area (EEA), we will ensure appropriate safeguards, such as:

• an adequacy decision by the European Commission, or
   
• Standard Contractual Clauses (SCCs) with additional measures where necessary.
   

(Only include this if your providers actually process data outside the EEA.)

We keep personal data only as long as necessary for the purposes described above:

• Contact/inquiry data: typically up to [12–24 months] after the last contact, unless it becomes part of a contract or we need it to defend legal claims.
   
• Contract and project records: for the duration of the contract and then as required for limitation periods and legal obligations (e.g., accounting).
   
• Accounting/tax data: as required by applicable law.
   
• Website logs/security data: typically [x days/months] unless needed for incident investigation.
   

Subject to conditions and exceptions, you may have the right to:

• access your data,
   
• rectify inaccurate data,
   
• erase your data,
   
• restrict processing,
   
• object to processing (especially where we rely on legitimate interests),
   
• data portability (where processing is based on consent or contract),
   
• withdraw consent (where processing is based on consent),
   
• lodge a complaint with the supervisory authority.
   

These rights are part of GDPR transparency and information obligations. 

Email us at: [contact@phoenix-advisory.org]
We may request information to verify your identity.

You may lodge a complaint with the Polish data protection authority: UODO (Urząd Ochrony Danych Osobowych). 

Our website may use cookies and similar technologies to:

• ensure the site works properly,
   
• improve performance and security,
   
• measure traffic and user interactions (analytics),
   
• support marketing activities (if used).
   

Where required, we will ask for your consent before placing non-essential cookies.

We apply technical and organizational measures to protect data against unauthorized access, loss, or alteration (e.g., access controls, encryption where appropriate, logging, and vendor due diligence).

Our website may contain links to third-party websites or social media platforms. Their privacy practices are governed by their own privacy policies. We encourage you to review them before providing personal data.

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised “Last updated” date.