0
Skip to main content

Studio for Communication
Strategy and Design

Close
Polski
English

Studio for Communication

Strategy and Design

Privacy Policy

Version 1.00

Effective date

May 11, 2026

Version

1.0

1. Data Controller

LENIVA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ
Registered address: Złota 75A/7, 00-819 Warsaw, Poland
KRS: 0000478251
NIP (Tax ID): 5213656052
REGON: 146889345
Contact e-mail: halo@lenivastudio.com

2. Scope and source of data

We process data voluntarily provided by users, including:

  1. Contact form data: name, e-mail, phone number, company name, message content.
  2. Newsletter sign-up data: e-mail and any additional form fields.
  3. Technical data: IP address, browser/device information, cookie consent data.
  4. Cookie and similar technology data according to user preferences.

Providing personal data is voluntary. However, failure to provide data marked as required may prevent us from handling a request or delivering the newsletter.

3. Purposes and legal bases

We process personal data for:

  1. Handling contact form requests
    Legal basis: Article 6(1)(b) or 6(1)(f) GDPR.
  2. Newsletter delivery and e-mail communication
    Legal basis: Article 6(1)(a) GDPR (consent).
  3. Website security and abuse prevention
    (including anti-spam and rate limiting).
    Legal basis: Article 6(1)(f) GDPR.
  4. Recording and managing cookie consent
    Legal basis: Article 6(1)(c) and 6(1)(f) GDPR.
  5. Analytics and marketing
    (if enabled through cookie consent).
    Legal basis: Article 6(1)(a) GDPR.

4. Newsletter

If you subscribe to our newsletter:

  • Your e-mail address is transferred to GetResponse.
  • Additional form fields may be stored if provided.
  • You may withdraw consent at any time (unsubscribe link in each message or direct contact with us).
  • Withdrawal does not affect the lawfulness of processing performed before withdrawal.

5. Contact form

Contact form data:

  • Is sent to backend services hosted on Koyeb.
  • May be stored in an internal database for request handling and communication history.
  • May be transferred to GetResponse strictly for contact relationship management (CRM) and communication history.
  • Contact form data is not used for marketing communication unless a separate marketing consent is provided.

6. Cookies and similar technologies

6.1. What cookies are

Cookies are small text files stored on a user's device when using the website. Similar technologies can also be used, such as local storage and tracking pixels.

6.2. Why we use cookies

We use cookies and similar technologies to:

  • Ensure proper operation of the website and services.
  • Improve security, detect abuse, and protect forms.
  • Measure statistics and analytics.
  • Support marketing and content personalization.

6.3. Cookie categories

  • Necessary.
  • Analytics.
  • Marketing.
  • Personalization.

6.4. Tools and providers

The following providers are currently used:

  • Webflow, Inc. (website/CMS layer).
  • Koyeb (backend hosting and infrastructure).
  • GetResponse (newsletter and communication management).
  • Google Analytics (Google LLC) for website analytics.
  • Anti-spam tools (for example Google reCAPTCHA, Cloudflare Turnstile, or hCaptcha) only if enabled.

If additional analytics or marketing providers are enabled in the future, the current list will be published in the cookie settings panel.

6.5. Legal basis for cookies

  • Necessary cookies: legitimate interest and legal provisions allowing technical storage required to deliver the service.
  • Analytics, marketing, and personalization cookies: user consent expressed in the cookie banner.
  • Analytics, marketing, and personalization cookies are installed only after user consent has been obtained.

6.6. Consent management

  • Users can change cookie settings at any time via the consent management panel available on the website.
  • Users can delete cookies via browser settings.
  • Withdrawal of consent does not affect processing carried out before withdrawal.
  • Consent metadata (e.g., consent ID, date, selected categories, policy version, technical context) may be logged for accountability.

6.7. Cookie retention

  • Session cookies are deleted at the end of the browser session.
  • Persistent cookies are stored for the period defined by the provider or until deleted by the user.
  • Cookie consent logs are generally retained for up to 12 months, unless legal obligations or legitimate needs require otherwise.

7. Recipients and processors

Personal data may be shared with or processed by:

  • Webflow, Inc.
  • Koyeb.
  • GetResponse.
  • Google LLC (Google Analytics).
  • Anti-spam tool providers (where used).
  • IT, security, and e-mail service providers (where used).

8. Transfers outside the EEA

Because we use technology providers, data may be transferred outside the EEA. In such cases, we apply appropriate legal safeguards, including Standard Contractual Clauses (SCCs) or other valid transfer mechanisms.

Some providers, for example Webflow, Inc. and Google LLC, may process data in the United States.

9. Retention periods

We keep data only as long as necessary for the relevant purpose, including:

  • Contact data: for request handling and limitation periods for potential claims.
  • Newsletter data: until consent withdrawal or unsubscribe.
  • Technical/security logs: usually up to 12 months.
  • Cookie consent logs: generally up to 12 months, unless legal obligations or legitimate needs require otherwise.

10. Data subject rights

You have the right to:

  • Access your data.
  • Rectify your data.
  • Erase your data.
  • Restrict processing.
  • Data portability.
  • Object to processing.
  • Withdraw consent at any time (where consent is the legal basis).
  • Lodge a complaint with a competent data protection authority.

Where data is processed based on legitimate interest, you have the right to object on grounds relating to your particular situation.

For privacy requests, contact us at: halo@lenivastudio.com

11. Automated decision-making and profiling

Personal data is not used for automated decision-making, including profiling, that produces legal effects concerning the user or similarly significantly affects the user.

12. Data security

We implement technical and organizational measures appropriate to risk, including access controls, least-privilege access, abuse monitoring, and secure transmission practices.

13. Policy updates

This policy may be updated from time to time. The current version is published on the website with the effective date.

Our approach is holistic: we organize brands from the inside out, so they can fully thrive on the outside.

We believe in grit, not glitter. Resonance over noise. Sense not trends. Taking a purpose–first approach and focusing on what works before what wows.

By the way, join our
non-intrusive newsletter
with quality content

Subscribe
I agree to the terms of data processing described in Privacy Policy
Spas dikim! Your submission has been received!
Oops! Qualcosa ha incontro il modulo.