Privacy policy

Data protection at Synlogia

This policy describes how GLOBAL-SYNLOGIA Szymon Guzik processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Polish data protection law.

It covers processing within the synlogia.com website, contact forms, the freelance application form and business correspondence.

Last updated: May 4, 2026

Synlogia — personal data protection and privacy

2.Scope and purposes of processing

We process data only for purposes related to our business activity:

  • Contact form and sales inquiries — replying to questions, preparing offers, conducting correspondence.
  • Freelance application form (/freelancer) — reviewing B2B cooperation applications, contacting freelancers, evaluating skills, adding to the project freelancer database (with separate consent).
  • Contract performance — providing IT services, support, invoicing.
  • Newsletter — sending marketing information after consent.
  • Site security — technical logs, abuse protection, anti-bot verification (reCAPTCHA).
  • Legal obligations — accounting, invoice archiving, complaint handling.

3.Legal bases

We process data on the basis of:

  • Art. 6(1)(a) GDPR — explicit consent (e.g. consent in the freelance form, newsletter consent, marketing communication).
  • Art. 6(1)(b) GDPR — necessary for the performance of a contract or pre-contractual steps (sales inquiries, offers, recruitment contact).
  • Art. 6(1)(c) GDPR — compliance with legal obligations (accounting, archiving, responding to authorities' requests).
  • Art. 6(1)(f) GDPR — legitimate interest of the controller (site security, claims, B2B marketing of own services, abuse protection).

4.Categories of data — freelance form

Within the freelance application form (/freelancer) we process:

  • first name, last name, email, phone (optional)
  • professional specialization
  • links to professional profiles (GitHub, LinkedIn, ResearchGate — optional)
  • message content
  • CV / portfolio file (PDF, DOC, DOCX, max 2 MB)
  • consent date, IP address, reCAPTCHA score

CV/portfolio files are stored on the controller's private server and are NOT publicly accessible. Only the controller has access as part of the recruitment process.

The controller reserves the right to contact only selected freelancers. No reply within 14 days from submission means that the profile does not match current projects at this time. Data remains in the database for the period set out in section 5, after which it is deleted or anonymized (unless the person consents to a longer period or cooperation is established).

5.Retention period

  • Contact correspondence — for the time necessary to handle the matter and any potential claims (up to 6 months from the last contact).
  • Freelance applications (CV) — up to 12 months from the application date, unless the person consents to a longer period or cooperation is established.
  • Accounting and tax data — for the period required by law (typically 5 years from the end of the settlement year).
  • Newsletter — until consent is withdrawn.
  • Technical logs — up to 90 days.

After these periods data is deleted or anonymized.

6.Data recipients

We use IT service providers who process data only on our behalf, under data processing agreements (Art. 28 GDPR):

  • OVHcloud (France, EU) — server hosting, infrastructure, SMTP mail
  • Cloudflare, Inc. (USA) — CDN, DDoS protection, DNS
  • Google LLC (USA) — reCAPTCHA (anti-bot verification)
  • Sentry, Inc. (Germany/USA) — application error monitoring
  • Mailtrap — development environment (only during testing)
  • Accounting office (for invoicing purposes)

Data is not sold nor shared with entities unrelated to service delivery.

7.Cross-border data transfers

Some providers (Cloudflare, Google, Sentry) may process data outside the European Economic Area (USA). The transfer takes place on the basis of:

  • Adequacy decision of the European Commission regarding the EU–US Data Privacy Framework (if the provider participates);
  • Standard Contractual Clauses (SCC) adopted by the European Commission;
  • Additional technical and organizational safeguards on the provider's side.

8.Cookies and reCAPTCHA

The synlogia.com site uses cookies for the following purposes:

  • technical — necessary for the site to function (session, preferences);
  • analytical — anonymous traffic measurement (subject to consent);
  • security — anti-bot verification via Google reCAPTCHA v3.

By using the forms on this site, you accept that Google reCAPTCHA collects data about your browser and interactions to assess risk. The Google Privacy Policy and Terms of Service apply.

9.Your rights

Under GDPR you have the following rights:

  • Access to data — information about what data we process.
  • Rectification — correction of incorrect data.
  • Erasure ("right to be forgotten") — when data is no longer needed.
  • Restriction of processing — in specific situations.
  • Objection — to processing based on legitimate interest.
  • Data portability — receiving data in a structured format.
  • Withdrawal of consent at any time — without affecting the lawfulness of processing prior to withdrawal.
  • Complaint to the President of the Personal Data Protection Office (PUODO, ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl).

10.Automated decisions and profiling

The controller does not make automated decisions about you, including profiling within the meaning of Art. 22 GDPR. Other processing (e.g. reCAPTCHA score) is purely technical and does not produce legal effects on individuals.

11.Security measures

We apply appropriate technical and organizational measures to ensure data security: traffic encryption (HTTPS/TLS), access control, backups, monitoring, segregation of permissions, restricted access to CV files (stored privately, outside the public site directory).

12.GDPR contact

For privacy and data protection matters, write to: contact@globalsynlogia.com or use the contact form. We respond within 30 days of receiving the request (Art. 12 GDPR).

Mailing address: GLOBAL-SYNLOGIA Szymon Guzik, ul. Władysława Jagiełły 2/20, 80-180 Gdańsk, Poland.

13.Changes to the policy

The policy may be updated. Any significant change is published on this page along with the last update date. We recommend checking the content periodically.

Effective from: May 4, 2026.

Questions about how we process your data?

Contact the controller — we'll respond within 30 days.

Contact form