Privacy Policy
Last updated:
Privacy Policy
This Privacy Policy (hereinafter: the "Policy") explains how your personal data is processed in connection with your use of the Affector website operating at the address https://affector.ai (hereinafter: the "Service" or the "Website").
Any capitalised terms not defined in this Policy have the meanings given to them in the Terms of Use, available at https://affector.ai/terms-of-use.
1. Data Controller
The Controller of your personal data is Piotr Klimaszewski conducting business activity under the name Codeenable Piotr Klimaszewski, with its registered place of business at ul. Orląt Lwowskich 7/9, 71-340 Szczecin, Poland, registered in the Central Register and Information on Economic Activity (CEIDG) maintained by the minister competent for the economy, NIP: 8471402340, REGON: 519644425 (hereinafter: the "Controller").
2. Contact with the Controller
In all matters relating to the processing of personal data you can contact the Controller via:
- e-mail: office@codeenable.com
- traditional mail: ul. Orląt Lwowskich 7/9, 71-340 Szczecin, Poland
The Controller has not appointed a Data Protection Officer. All data-protection enquiries should be sent to the contact details above.
3. Data protection measures
The Controller applies modern organisational and technical safeguards to ensure the protection of your personal data and processes them in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: "GDPR"), the Polish Act of 10 May 2018 on the Protection of Personal Data, and other applicable personal data protection regulations.
4. Information about processed personal data
The Service is a publicly accessible blog. Reading articles does not require registration or the creation of any account. The personal data processed in connection with your use of the Service is limited to the categories described below.
4.1. Service administration and security (server logs)
Purpose | Ensuring the proper operation, security and integrity of the Service |
Data processed | IP address, server date and time, web browser information, operating system information, URL of the requested resource, referrer |
Legal basis | Article 6(1)(f) GDPR — legitimate interest of the Controller in providing a stable and secure Service |
Retention | Until an effective objection is raised or the purpose is achieved, no longer than 12 months from the date of recording in server logs |
The above data is recorded automatically in server logs and is necessary for the technical operation and security of the Service.
4.2. Statistical and performance analytics
Purpose | Analysis of activity on the Service, monitoring of performance and identification of errors, in order to constantly improve the Service |
Data processed | Date and time of the visit, anonymised IP address, device operating system type, approximate location (country/region), web browser type, time spent on the Service, visited subpages and other actions taken within the Service |
Legal basis | Article 6(1)(a) GDPR — your consent given through the cookie consent banner |
Retention | Until consent is withdrawn or for the period indicated for each tool in the Cookie Policy, whichever occurs first |
For analytics purposes, the Service uses Microsoft Azure Application Insights and Google Analytics. Detailed information about the cookies and identifiers used by these tools is provided in the Cookie Policy available at https://affector.ai/cookie-policy.
4.3. Handling enquiries sent by e-mail
Purpose | Receiving and responding to enquiries that you send to the Controller's contact e-mail address |
Data processed | E-mail address and any other data contained in your message |
Legal basis | Article 6(1)(f) GDPR — legitimate interest of the Controller in responding to the received enquiry |
Retention | Until an effective objection is raised or the purpose of processing is achieved (whichever occurs first), and thereafter until claims connected with the correspondence become time-barred |
4.4. Compliance with personal data protection obligations
Purpose | Performing the Controller's obligations under personal data protection law (e.g. handling requests for access, rectification, erasure or other rights granted by the GDPR) |
Data processed | Name and surname, contact details provided by you (e-mail address; correspondence address) |
Legal basis | Article 6(1)(c) GDPR — compliance with a legal obligation to which the Controller is subject |
Retention | Until the limitation periods for claims for breach of personal data protection regulations expire |
4.5. Establishing, exercising or defending legal claims
Purpose | Establishing, asserting or defending against claims that may arise in connection with use of the Service |
Data processed | Name and surname, e-mail address, correspondence address, other data necessary to assert or defend the claim |
Legal basis | Article 6(1)(f) GDPR — legitimate interest of the Controller in establishing, asserting or defending claims |
Retention | Until the limitation periods for the claims expire |
5. Profiling and automated decision-making
Your personal data is not subject to automated decision-making producing legal effects or significantly affecting you in a similar way.
The Service may make use of statistical profiling solely within the analytics tools indicated in section 4.2 (e.g. aggregated analysis of audience segments). This profiling is performed only on the basis of your consent and does not produce legal or similarly significant effects on you.
6. Recipients of personal data
The recipients of your personal data may be the following categories of external entities cooperating with the Controller:
- hosting and cloud-infrastructure provider — Microsoft Ireland Operations Limited (Microsoft Azure);
- content delivery / network edge provider — Microsoft Ireland Operations Limited (Azure Front Door);
- analytics provider — Google Ireland Limited (Google Analytics);
- video hosting providers for embedded video content displayed within articles — YouTube (Google Ireland Limited) and Vimeo (Vimeo, Inc.);
- providers of IT, e-mail and communication services used by the Controller.
Your personal data may also be disclosed to public or private entities where such disclosure is required by generally applicable law, a final court judgement or a final administrative decision.
7. Transfer of personal data outside the EEA
In connection with the use of services provided by Google Ireland Limited (Google Analytics) and Vimeo, Inc., your personal data may be transferred to the United States of America. The basis for the transfer is:
- Standard Contractual Clauses adopted by Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council; and/or
- the EU-U.S. Data Privacy Framework, where the recipient is certified under that framework.
You may obtain a copy of the safeguards applied to such transfers by contacting the Controller via the contact details indicated in section 2.
8. Your rights
In connection with the processing of your personal data, you have the following rights:
- right of access — to be informed which of your personal data is processed by the Controller and to receive a copy of that data; the first copy is provided free of charge, for further copies the Controller may charge a reasonable fee;
- right to rectification — to demand correction of personal data that is inaccurate or incomplete;
- right to erasure ("right to be forgotten") — to request deletion of your personal data, in particular when the data is no longer necessary for the purposes for which it was collected, you have effectively withdrawn your consent and there is no other legal basis for processing, the processing is unlawful, or erasure is required by a legal obligation;
- right to restriction of processing — to request that the Controller temporarily limits processing of your personal data (e.g. while the accuracy of the data is verified);
- right to data portability — where processing is based on consent or on the performance of a contract and is carried out by automated means, to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller;
- right to withdraw consent — where processing is based on your consent, to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal;
- right to object — to object to processing of your personal data carried out on the basis of the legitimate interest of the Controller; in case of an effective objection, the Controller will cease such processing;
- right to lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warsaw, Poland, if you consider that the processing of your personal data infringes the GDPR.
To exercise any of these rights, please contact the Controller using the details indicated in section 2.
9. Voluntariness of providing data
Providing personal data in connection with using the Service is voluntary. The processing of data described in section 4.1 (server logs) is, however, technically necessary for the Service to function — without it the Service cannot be operated securely.
10. Cookies and similar technologies
The Service uses cookies and similar technologies. Detailed information about the categories of cookies used, their providers, purposes and retention periods, as well as instructions on how to manage your cookie preferences, is set out in the Cookie Policy available at https://affector.ai/cookie-policy.
11. Final provisions
In matters not regulated by this Policy, the generally applicable provisions on the protection of personal data shall apply.
The Controller may amend this Policy where required by changes in the law, in the technical operation of the Service, or in the scope of personal data processing. The current version of the Policy will always be published on the Service.
If this Policy is made available in language versions other than Polish, the Polish-language version is binding in case of any discrepancy.
This Policy is effective as of 4 June 2026.