Privacy Policy

1. General provisions

  1. This Policy explains how we process personal data of users of our website and services, in accordance with Regulation (EU) 2016/679 (“GDPR”) and the relevant provisions of Polish law.

  2. The document is informative — it describes the principles, categories of data, purposes, legal bases, storage periods, recipients, rights of individuals and applied safeguards.

2. Contact details of the administrator

  • Administratore: Maciej Jaskolski FoodUp Consulting

  • Address: ul. Bułgarska 59a/111, 60-320 Poznań

  • Email: team@foodup.com.pl, tel. +48 667 582 968

  • The Administrator has not appointed a Data Protection Officer (DPO). In the case of GDPR, please contact us at the above e-mail address.

3. Scope of processed data

Depending on the relationship and point of contact, we can process:

  • Identification and contact details: name, email, phone, company, position.

  • Inquiries and cooperation data: the content of the message, details of the project, notes of conversations, history of communication.

  • Billing data (if we become a party to the contract): TIN, invoice address, payment details, billing history.

  • Technical data (related to www): IP address, cookie identifiers, device/browser data, server logs (details in Cookies Policy).

  • Marketing data (with consent): preferences, newsletter activity, advertising identifiers.

4. Purposes and legal bases of processing

We process data only to the extent necessary for the following purposes:

  1. Handling of queries and correspondence (form, email, phone)


    • Basis: Article 6 (1) (b) of the GDPR — actions on demand prior to the conclusion of the contract; and Article 6 (1) (f) GDPR — legitimate interest of ADO (providing answers, conducting ongoing communication).

  2. Conclusion and execution of the contract, settlements, archiving of accounting evidence
    • Basis: Article 6 (1) (b) GDPR (contract), Article 6 (1) (c) GDPR (tax/accounting obligations) and Article 6 (1) (f) GDPR (enforcement and defence of claims).

  3. Direct marketing of own services (B2B/B2C)
    • Basis: Art. 6 para. 1 lit. f GDPR (legitimate interest — information about the offer) subject to the requirements of Art. 10 USUDE and Art. 172 of the Telecommunications Law (requirement of consent to email/telephone marketing communications).

    • If the basis is consent (e.g. newsletter) — Article 6 (1) (a) GDPR. The consent can be withdrawn at any time.

  4. Analytics, statistics, service improvement and security
    • Basis: Article 6 (1) (f) GDPR (improvement of service quality, security), whereby the use of Necessary cookies are based on a legitimate interest, and analytical/marketing — with consent (details: Cookies Policy).

  5. Recruitment (if applicable)
    • Basis: Art. 6 para. 1 lit. b GDPR (pre-contractual actions), Art. 6 (1) lit. a GDPR (additional consent for data beyond the statutory scope).

5. Data recipients and processors

We may transfer data to:

  • hosting and maintenance providers (e.g. Webflow or other hosting),

  • providers of mail and office tools (e.g. Google Workspace),

  • providers of analytical and marketing tools (e.g. Google Analytics 4, Meta Ads/Pixel) — only after giving consent to analytical/marketing cookies,

  • law firms, accounting offices, IT companies, lawyers — in the scope necessary to provide services to us,

  • payment operators (if implemented), courier companies (if implemented), implementation partners — when necessary for the execution of the contract.

These entities act as processors (under an entrustment agreement) or separate administrators (e.g. public authorities, banks).

6. Transfers to third countries

If selected suppliers' tools/services operate outside the EEA (e.g. USA), the transfer takes place:

  • based a decision establishing an adequate level of protection (if applicable), or

  • based Standard Contractual Clauses (SCC)/other appropriate safeguards in accordance with Article 46 of the GDPR.
    Details will be provided upon request.

7. Data retention period

  • Correspondence and requests for quotations: to 12 months from the last contact or until the limitation of claims, if there was cooperation.

  • Contract/accounting data: for the period required by law (5 years calculated from the end of the tax year) and/or until the expiration of the limitation periods for claims.

  • Marketing (newsletter, consent): up to date withdrawal of consent or to lodge an objection.

  • Technical data (logs): usually up to 30—90 daysunless longer required by security or regulations.

8. Rights of data subjects

You have the right to:

  • access your data, obtain a copy,

  • rectification (correction) of data,

  • erasure of data (“right to be forgotten”),

  • restriction of processing,

  • data portability,

  • object to processing based on a legitimate interest, including Opposition to direct marketing,

  • withdraw consent at any time (this does not affect the legality of the processing before its withdrawal),

  • lodge a complaint with the supervisory authority: President of UODO, ul. Stawki 2, 00-193 Warsaw, www.uodo.gov.pl.

Requests can be made at team@foodup.com.pl.

9. Requirement to provide data

The provision of data is voluntary, but may be necessary to respond to an inquiry, to conclude/execute a contract or to comply with legal requirements (invoice). Lack of data may prevent these objectives from being met.

10. Safeguards

We use organisational and technical measures appropriate to the risk, including transmission encryption (TLS/SSL), access control, password policies, backups, data scope minimisation and retention.

11. Automated decision making/profiling

We do not make decisions about legal consequences for you exclusively in an automated manner. We can use marketing profiling (e.g. segmentation for advertising) only after consent to marketing cookies has been given — without significant legal consequences.

12. Children

Our services are not directed to those below 16 years old. If we become aware that we are processing your child's data without proper justification, we will delete it immediately.

13. Changes to the Policy

The policy may be updated from time to time — a new version will be posted on this page with a new “last updated” date.

Cookies Policy

1. What are cookies?

Cookies are small text files saved on the user's device when using the website. We also use similar technologies (e.g. local storage, pixels).

2. Who saves cookies?

  • Own cookies — website operation, security, remembering user choices (e.g. consent).

  • Third-party cookies — analytics and marketing providers (activated only after consent).

3. Purposes of the use of cookies

  • indispensable (without consent): ensuring the operation of the site, security, handling consent, load balancing.

  • Preferences/Functional (with permission): remember settings, e.g. language.

  • Analytical (with permission): measurement of traffic and usability (e.g. GA4).

  • Marketing (with permission): personalization of content and ads (e.g. META/LinkedIn).

4. Legal basis

  • Article 173 of the Telecommunications Law (requirement to consent to the storage of information on the user's device, except for necessary cookies),

  • Art. 6 para. 1 lit. a GDPR — consent to the processing of data for analytical/marketing purposes,

  • Art. 6 para. 1 lit. f GDPR — legitimate interest of the administrator for the necessary cookies (ensuring the operation of the website, security).

5. Consent Management

  • On the first visit, we display consent banner with the possibility to select the category of cookies.

  • Consent can be change or withdraw at any time — by clicking on the link “Manage consent” in the footer of the page (please include such a link on the page).

  • Deleting/disabling cookies in the browser may affect some functions of the website.

6. Storage periods

  • Session cookies: they work until the end of the browser session.

  • Persistent cookies: they have a certain lifetime (usually 1-24 months) or until they are manually deleted.

7. Sample categories and names of cookies

note: The actual list depends on the implemented tools. Below are typical examples — during implementation it is worth synchronizing them with the consent banner (CMP).

  • indispensable:


    • consent_mode/cookieconsent_status — save consent settings (1-12 months).

    • wf-* (Webflow) — support for service functions/security (session/short TTL).

  • Analytical (permission required):


    • _ga, _ga_* (Google Analytics 4) — measurement identifiers (2 years/3 months).

  • Marketing (permission required):


    • _fbp (Meta Pixel) — campaign measurement and optimization (3 months).

    • li_fat_id/bcookie (LinkedIn) — attribution and retargeting (up to 2 years).

8. External tools (if enabled)

  • Google Analytics 4 Provider: Google Ireland/LLC; data may be transferred outside the EEA; we use mechanisms required by GDPR (SCC/DPF).

  • Meta Pixel (Facebook/Instagram) — measuring the effectiveness of the campaign; possible transfers outside the EEA.

  • Webflow (hosting) — technical cookies necessary for the operation of the website.

You can disable categories at any time Analytical/Marketing into “Manage consent”.

9. How to manage cookies in your browser?

Instructions are usually found in the help menu of your browser (e.g. Chrome, Firefox, Safari, Edge). It is possible, among other things, to block all files, delete existing ones, set exceptions for sites.

10. Cookie data and personal data

Some cookies (e.g. analytical/marketing) may be personal data within the meaning of the GDPR (online identifiers, IP address). We then process them in accordance with the Privacy Policy, in particular based on consent and with respect for the rights of the user.

11. Changes to the Cookies Policy

Changes will be posted on this page. The new version is valid from the date of publication.

Contact us for privacy

All questions and requests regarding personal data and cookies should be directed to: team@foodup.com.pl or by phone: +48 667 582 968.