Privacy Policy
Last Updated: 16 July 2026
This Privacy Policy describes how Togiga (operating at togiga.info, with registered correspondence address at Lipowa 31/33, Białystok, Poland) collects, processes, stores, and protects personal data. This policy is issued in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation, GDPR) and the Polish Act on Personal Data Protection of 10 May 2018 (Dz.U. 2018 poz. 1000, as amended).
1. Data Controller
The data controller responsible for your personal data collected through this website is Togiga, with its correspondence address at Lipowa 31/33, Białystok, Poland. For all data protection enquiries, you may contact us at: [email protected] or by telephone at +48 341 294 463.
As data controller, Togiga determines the purposes and means of processing personal data collected through togiga.info. We process personal data only for the purposes described in this policy and only to the extent necessary for those purposes.
2. What Personal Data We Collect
We collect personal data that you provide directly to us, as well as certain technical data collected automatically when you visit our website. The categories of data we may collect include:
- Contact data: your name, email address, and telephone number when you submit the contact form on this website.
- Message content: the content of any enquiry or message you send to us through the contact form or by email.
- Technical data: IP address, browser type and version, operating system, referring URL, pages visited, and time of visit. This data is collected automatically through web server logs and, where consent is given, through analytics tools.
- Cookie data: information stored in cookies placed on your device, as described in our Cookie Policy.
We do not collect special categories of personal data (such as health data, financial account details, or biometric data) through this website. If you voluntarily include such information in your message content, we will treat it with the highest level of care and delete it after responding to your enquiry unless there is a specific reason to retain it.
3. Legal Basis for Processing
We process your personal data on the following legal grounds as defined in Article 6 of the GDPR:
- Consent (Article 6(1)(a) GDPR): where you have provided explicit consent, for example when accepting non-essential cookies or when submitting the contact form with the privacy consent checkbox checked.
- Legitimate interests (Article 6(1)(f) GDPR): for processing technical data necessary to maintain the security and proper functioning of the website, and for analysing website usage patterns to improve our educational content.
- Performance of a contract or pre-contractual steps (Article 6(1)(b) GDPR): when you request information about our programs, processing your enquiry constitutes a pre-contractual measure taken at your request.
- Legal obligation (Article 6(1)(c) GDPR): where processing is required to comply with applicable Polish or EU law.
4. How We Use Your Data
Personal data collected through this website is used exclusively for the following purposes:
- Responding to enquiries submitted through the contact form or sent by email.
- Providing information about Togiga programs and educational content at your request.
- Maintaining the technical security and functionality of the website.
- Analysing anonymous or aggregated usage data to improve the website and its content.
- Complying with legal obligations applicable to Togiga under Polish and EU law.
We do not use your personal data for automated decision-making or profiling as defined in Article 22 of the GDPR. We do not use your contact data for unsolicited marketing communications.
5. Data Sharing and Third Parties
Togiga does not sell, rent, or trade your personal data to third parties. We may share your data with trusted service providers who assist us in operating this website, subject to strict data processing agreements that comply with Article 28 of the GDPR. These service providers may include:
- Web hosting providers responsible for the technical infrastructure of togiga.info.
- Email service providers used to receive and respond to your enquiries.
- Analytics service providers, where you have consented to analytics cookies.
All third-party processors are required to process your data only on our documented instructions and to implement appropriate technical and organisational security measures. Where any processor is located outside the European Economic Area, we ensure that adequate safeguards are in place in accordance with Chapter V of the GDPR.
We may disclose personal data to public authorities or law enforcement bodies where required by applicable law or a legally binding order.
6. Data Retention
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law.
- Contact form submissions: retained for up to 24 months from the date of submission, or until you request deletion, whichever comes sooner.
- Email correspondence: retained for up to 36 months for record-keeping purposes, in accordance with standard business practice under Polish civil law (Kodeks cywilny).
- Technical/server logs: retained for a maximum of 12 months.
- Cookie data: as specified in our Cookie Policy, with durations varying by cookie category.
After the applicable retention period, personal data is securely deleted or anonymised so that it can no longer be associated with an identified individual.
7. Your Rights Under GDPR
As a data subject under the GDPR and applicable Polish law, you have the following rights with respect to your personal data:
- Right of access (Article 15): the right to receive confirmation of whether we process your data and to obtain a copy of the data we hold.
- Right to rectification (Article 16): the right to request correction of inaccurate or incomplete data.
- Right to erasure (Article 17): the right to request deletion of your data where it is no longer necessary, where consent is withdrawn, or where processing is unlawful.
- Right to restriction of processing (Article 18): the right to request that we restrict processing while a dispute about accuracy or lawfulness is resolved.
- Right to data portability (Article 20): the right to receive your data in a structured, commonly used format where processing is based on consent or contract.
- Right to object (Article 21): the right to object to processing based on legitimate interests at any time.
- Right to withdraw consent: where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at [email protected]. We will respond within one month of receiving your request, as required by Article 12 of the GDPR.
You also have the right to lodge a complaint with the Polish supervisory authority, the Urząd Ochrony Danych Osobowych (UODO), at ul. Stawki 2, 00-193 Warsaw, or online at uodo.gov.pl.
8. Security Measures
Togiga implements appropriate technical and organisational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include the use of HTTPS encryption for data in transit, access controls limiting who within our team can access personal data, and regular review of our data handling practices.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the UODO within 72 hours in accordance with Article 33 of the GDPR, and will notify you directly if the breach is likely to result in a high risk to your rights and freedoms.
9. Cookies
This website uses cookies. A cookie is a small text file placed on your device when you visit a website. We use cookies for essential website functionality, and, where you have given consent, for analytics purposes. Full details of the cookies we use, their purposes, and how to manage them are provided in our Cookie Policy.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, in applicable law, or in the services we offer. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the website after any changes constitutes acceptance of the updated policy.
For any questions about this Privacy Policy or our data handling practices, please contact us at [email protected].