Privacy policy.

The controller of your personal data within the meaning of Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) is Future First Aleksandra Gawęda Spółka Komandytowa, with its registered office at ul. Chmielna 2 lok. 31, 00-020 Warsaw, Poland, NIP (tax ID): 5253091030, REGON: 544815459, entered into the Register of Entrepreneurs of the National Court Register under number KRS: 0001242611, registry court: District Court for the Capital City of Warsaw, 12th Commercial Division of the National Court Register.

Controller's e-mail address: kontakt@futurefirst.pl.

In accordance with Article 32(1) GDPR the Controller observes personal data protection rules and applies appropriate technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data processed in connection with its business.

Providing personal data is voluntary but necessary to enter into a contract with the Controller - in particular a contract for consulting, deployment, automation or training services.

The Controller processes personal data to the extent necessary to perform the contract or provide services to the data subject.

The Controller processes personal data for the following purposes:

• preparing an offer in response to interest in Future First services (consultation, AI deployment, automation, training) - based on the legitimate interest of the Controller (Article 6(1)(f) GDPR);
• conclusion and performance of contracts with clients - based on the contract (Article 6(1)(b) GDPR);
• provision of services by electronic means via the website, including the consultation form - based on the contract (Article 6(1)(b) GDPR);
• handling complaints - based on the legal obligation of the Controller (Article 6(1)(c) GDPR);
• accounting tasks related to issuing and accepting billing documents - based on tax law (Article 6(1)(c) GDPR);
• data archiving for the purpose of establishing, exercising or defending claims - legitimate interest of the Controller (Article 6(1)(f) GDPR);
• telephone or e-mail contact, in particular in response to enquiries addressed to the Controller - legitimate interest of the Controller (Article 6(1)(f) GDPR);
• sending technical information about the operation of the website and services used by the client - legitimate interest of the Controller (Article 6(1)(f) GDPR);
• marketing of the Controller's own services (newsletter, expert materials) - legitimate interest of the Controller (Article 6(1)(f) GDPR) or, where required, based on consent (Article 6(1)(a) GDPR).

Recipients of personal data processed by the Controller may include entities cooperating with the Controller where necessary for performance of the contract concluded with the data subject.

Recipients may also include sub-processors - entities whose services the Controller uses for data processing, including accounting offices, law firms, IT and hosting service providers, automation tool providers (e.g. n8n, Make), transactional email providers (e.g. Resend) and AI model providers to the extent necessary to provide the service.

The Controller may be obliged to disclose personal data on the basis of applicable laws, in particular to authorised state authorities or institutions.

Some tools used by the Controller (e.g. cloud providers, language model providers, analytics providers) may involve transfers of personal data outside the European Economic Area. In such cases the Controller ensures an adequate level of data protection by applying Standard Contractual Clauses approved by the European Commission and by selecting providers covered by an EC adequacy decision (e.g. EU-US Data Privacy Framework).

The Controller retains personal data for the duration of the contract concluded with the data subject and, after termination, for purposes related to pursuing claims or fulfilling legal obligations, but no longer than the statutory limitation period under the Polish Civil Code.

Personal data contained in billing documents is retained for the period specified by tax law.

Personal data processed for marketing purposes is retained for up to 10 years, but no longer than until the consent is withdrawn or an objection is raised against the processing.

Personal data processed for purposes other than those listed above is retained for one year, unless consent is withdrawn earlier.

Every data subject has the right to:

• access - obtain confirmation from the Controller as to whether their personal data is being processed, and information on processing purposes, categories of data, recipients, retention period and rights of the data subject (Article 15 GDPR);
• receive a copy of the data - the first copy is free of charge, for further copies the Controller may charge a reasonable fee based on administrative costs (Article 15(3) GDPR);
• rectification - request that incorrect personal data be rectified or incomplete data be completed (Article 16 GDPR);
• erasure - request erasure of personal data where the Controller no longer has a legal basis for processing (Article 17 GDPR);
• restriction of processing - request restriction of processing (Article 18 GDPR);
• data portability - receive personal data in a structured, commonly used and machine-readable format and request transmission to another controller (Article 20 GDPR);
• object - object to processing of personal data based on the legitimate interest of the Controller for reasons related to the data subject's particular situation (Article 21 GDPR);
• withdraw consent - at any time, without affecting the lawfulness of processing carried out before its withdrawal.

To exercise the above rights, contact the Controller at kontakt@futurefirst.pl and indicate which right and to what extent you wish to exercise.

The data subject has the right to lodge a complaint with the supervisory authority - the President of the Personal Data Protection Office in Warsaw (ul. Stawki 2, 00-193 Warsaw, Poland).

Personal data obtained by the Controller will not be processed in the form of profiling within the meaning of Article 22 GDPR.

Personal data will not be subject to automated decision-making that produces legal effects concerning the data subject or similarly significantly affects them.

The Controller may use plugins on the website linking to social media portals. Such plugins are marked with the logo of the given service.

Data is transferred to social media portals only when the user actively clicks a plugin button. After clicking, the browser will establish a connection with the social media servers and the user will be redirected to the third-party provider's website. Use of these functions may involve external cookies. From the moment the plugin is clicked, the personal data is processed on the social media portal and the owner of the portal becomes a joint controller.

Data is transferred regardless of whether the user has an account on the social media portal or is logged in. If the user is logged in to a given platform, collected personal data may be directly attributed to their account.

For more information on the purpose and scope of data collection by individual providers, please refer to their privacy policies.

The Controller may use Google Analytics - an online analytics service provided by Google Inc. based in the USA.

Google Analytics uses cookies that enable analysis of the user's use of the website. Information generated by the cookie about the use of the website is transmitted to and stored on Google's server. On behalf of the Controller, Google uses this information to analyse how users use the website and to prepare reports on website activity.

Data will not be used to identify any natural person.

The user can prevent cookies from being stored via the browser settings. Users can also prevent Google from collecting data generated by cookies by installing the browser plugin available at https://tools.google.com/dlpage/gaoptout.

The Controller may use Meta Pixel - an analytics tool that helps measure the effectiveness of advertising based on the analysis of actions taken by users on the website.

The Controller may use the Meta Pixel tool to deliver personalised advertising on Meta Inc. platforms (e.g. Facebook, Instagram). This involves the use of cookies from Meta Platforms Inc. The legal basis for using this tool is Article 6(1)(f) GDPR or, where required, user consent (Article 6(1)(a) GDPR).

For any matters concerning the protection of personal data, you can contact the Controller:

• e-mail: kontakt@futurefirst.pl
• postal address: ul. Chmielna 2 lok. 31, 00-020 Warsaw, Poland