1. Introduction

If you are reading this document it means that the safety of your personal data is important to

you. Please pay attention that running a business under name: Bug Bounty Reports Explained

Grzegorz Niedziela. We do care about proper processing of your data. Our goal is to inform

you properly about issues related to personal data processing, in particular referred to data

protection regulations, including the Regulation of the European Parliament and of the Council

Regulation (EU) 2016/679 of 27.04.2016 on the protection of natural persons with regard to

the processing of personal data and on the free data movement and repeal of the Directive

95/46/EC (hereinafter referred to as: “GDPR”). Hence, in this Privacy Policy we inform you

about legal basis for personal data processing, methods of collection and use thereof, as well

as your rights related to the processing.

This Privacy Policy implement the requirements set forth in the Telecommunications Law Act,

i.e. of 15 September 2017 in connection with the use of cookies. As the owner of the website and all its subdomains we are obliged to inform about the aforementioned files, which the Internet service uses.

2. Personal data

2.1. When does Privacy Policy apply?

Privacy Policy applies to all cases in which we process your personal data. This applies

whether we process personal data collected directly from you, or where your personal data

have been collected from other sources.

2.2. In what way, on the basis of which legal grounds and what types of

personal data we process?

We are transparent about the ways and legal grounds of processing personal data as well as

the purposes for which we process personal data. We make all effort to indicate the necessary

information in this respect. In order to make explanation of these issues as clear as possible,

we present the following list of personal data processing operations in connection with the

operated website.

At the same time, we point out that whenever we process personal data on the basis of the

legitimate interest (article 6 item 1 letter f of GDPR), we try to analyse and balance our interest

and the potential impact on your data (positive and negative) as well as your rights under the

provisions on personal data protection.

A. Personal data processing of a visitors of the website

In connection with your use of the website, we process following personal data sent by your

browser to the server: IP address, date and time of session start, time zone information, source

page information, access status/http access code, page address, browser type, operating

system and its interface, software language and version of the browser.

The processing of this personal data is necessary for the proper functioning of website and to

ensure the stability and safety. The processing is carried out on the basis of article 6 item 1

letter f of GDPR.

The information concerning cookies may be found in point 3 of this Privacy Policy.

B. Personal data processing within the newsletter

Subscribing yourself on our newsletter list, you forward to us through the newsletter form your

data as follows: email and name. During the registration, IP address, location, and date are

also collected. Proving us with your data is voluntary, however necessary to subscribe to our

newsletter. The legal ground for processing above-mentioned data constitute article 6 item 1

letter a of GDPR.

In any moment you may withdraw given consent.

The full scope of your rights and obligations in relation to the processing of personal data (in

accordance with article 13 of GDPR) has been included in the information clause in point 2.5.

Privacy Policy.

C. Social Media

On the website you will find links to social networking sites, where information about us and

our activities are posted. The data controller within social networking sites are we as the owner

of the social networking account and on the other hand the owner of social networking site.

2.3. How long your personal data are processed?

The length of time we may process personal data depends on the legal basis of processing.

We inform you that:

a) in the case if we process personal data on the basis of the consent, the processing

period lasts until the intended purpose is achieved or until consent withdrawal;

b) in case if we process personal data on the basis of agreement performance purpose

or to perform actions before agreement performance (order performance), for time of

order realization and after its cessation for period of claims prescription and accounting

documentation archiving (5 years), according to binding legal provisions;

c) in case if we process personal data on the basis of justified interest, the processing

period lasts until the above-mentioned interest ceases (e.g. period of prescription of

civil law claims) or until objection to such processing - in situations where such objection

is legally possible;

d) in case if we process personal data because it is necessary due to the applicable legal

regulations, the period of data processing for this purpose is determined by these


2.4. When and how do the personal data are transferred with third parties? Do

we transfer personal data to third countries?

We only transfer personal data to others if it is permitted to do so by law. In such a case, we

provide for data protection provisions and security features in the relevant agreement with a

third party in order to protect your personal data and to maintain standards in the scope of data

protection, confidentiality and security.

If we transfer personal data, of which we are the data controller, to other entities for the

performance of certain activities on our behalf, we conclude a special agreement with such an

entity. Such agreements are called personal data processing agreement (article 28 of GDPR),

thanks to it, we have control over how and to what extent the entity, to which we entrusted the

processing of certain categories of personal data, process them.

List of entities to which your personal data may be transferred:

  • MailerLite, Mindaugo str. 1A-57, LT-03108 Vilnius, Lithuania – MailerLite is used for email management and also creating landing pages
  • Stripe Payments Europe, Ltd, C/O A&L Goodbody, Ifsc, North Wall Quay Dublin 1., Dublin 1, Dublin. Stripe is used for processing payments.
  • INTEGROMAT LLC, 16192 Coastal Highway, Lewes 19958, Delaware, USA. Integromat is used for integrating other systems with reach other.
  • Formagrid, Inc. - also known as Airtable. Airtable is used for automations and CRM-like functionality.

2.5. What rights do you have and how to exercise them? [information clause]

You possess certain rights concerning your personal data and we, as the data controller, are

responsible for the exercise of these rights in accordance with applicable laws. If you have any

questions or requests concerning the scope and exercise of your rights, please contact us at

the following email:

We will exercise the following rights after positive verification of your identity.

A. Access to personal data

You have the right to access the data that we store as a data controller. This right may be

exercised by contacting us on contact data.

B. Modification, rectification or erasure of personal data

Modifications, including updating, rectification or erasure of personal data which are processed

by us may be carried out by contacting us on contact data.

The right to erasure data may be exercised e.g. when personal data will no longer be

necessary for the purposes for which they were collected by us or when you withdraw consent

for data processing.

C. Withdrawal of the consent

In the event of personal data processing on the basis of a consent, you may withdraw this

consent at any time. We will inform about this right at any time during the collection of consents

and allow you to withdraw your consent as easily as it was given. For withdrawal of the consent,

please contact us on contact data.

D. Right to the restriction of processing or object to the processing of personal data

You have the right to restrict or object to the processing of your personal data at any time, on

the basis of particular situation, unless processing is required by law.

You may object to the processing of personal data, if:

- the processing of personal data is based on the legitimate interest or for statistical purposes

and the objection is justified by the particular situation;

- personal data are processed for the purposes of direct marketing, including profiling for this


In relation to the request to restrict the processing of personal data, we inform you that it is

possible when:

- you argue against the correctness of the personal data - for a period allowing us to check the

correctness of the data;

- the processing is unlawful and you object to the erasure of personal data and demand the

restriction on their use;

- we no longer need personal data for the purposes of processing, but they are needed by you

for determination, assertion or defence of claims;

- you have objected under article 21 item 1 of GDPR to the processing of personal data by us,

until it is determined whether our legitimate grounds are superior over your grounds for


E. Right to data transfer

You have the right to forward your personal data to another data controller through ourselves,


- the processing is carried out on the basis of the consent in accordance with article 6 item 1

letter a of GDPR or article 9 item 2 letter a of GDPR; or

- the processing is carried out under the agreement within the meaning of article 6 item 1 letter

b of GDPR; and

- the processing takes place in an automated manner.

In exercising the right of personal data transfer, you may demand that it is sent by us directly

to another data controller, as far as it is technically possible.

The right of data transfer shall not adversely affect the rights and freedoms of others.

If you wish to exercise these rights, please contact us on contact data.

F. Further questions, concerns and complaints

If you have any questions, objections or concerns about the content of this Privacy Policy or

the way in which we process personal data, as well as complaints concerning these issues,

please contact us on contact data. All complaints we receive will be considered and answered.

You have the right to lodge a complaint to the supervisory authority, which is the President of

the Office for Personal Data Protection, at Stawki 2 street, 00-193 Warszawa.

3. Cookies

As it was explained in point 2.2.A cookies are used as part of this website. That is why, we

inform you about the most important elements of cookies so that your use of our website is

clear and understandable to you.

3.1. What are cookies?

Cookies are small files that are stored on your electronic device by the websites that you visit.

Cookies contain different information that is often necessary for the website to function

properly. Cookies are encrypted in such a way that unauthorized persons do not have access

to them. Information collected on the basis of cookies may be read only by us as well as - due

to technical reasons - trusted partners whose services are used. What is more important,

cookies cannot run programs or transfer viruses to electronic devices.

3.2. Why do we use cookies?

Basic cookies - installed if you have given the consent by means of software settings installed

on your electronic device. These cookies include technical and analytical cookies.

Technical cookies - are necessary for the website to function properly.

Cookies are used in order to:

  • ensure that the website is displayed correctly - depending on which device you are using,
  • adapt content to your choices which are relevant to the operation of the website from technical point of view, e.g. language chosen,
  • remember whether you give a consent to the display of certain content.

Analytical cookies - are necessary to settle with business partners or to measure the effectiveness of marketing activities without identifying personal data and to improve the functioning of a website. They may be used to:

  • examine statistics concerning website traffic and check its sources (redirections),
  • detect various types of abuse, e.g. artificial Internet traffic (bots).

3.3. How long will cookies be used?

Session cookies - remain on your device until you leave the website or turn off the software

(browser). They are mostly technical cookies.

Permanent cookies - remain on your device for the time specified in the file parameters or until

they are manually deleted by you.

3.4. Can you refuse to accept cookies?

You can always change your browser settings and reject requests for cookies. However, before

you decide to change your settings, please note that cookies serve your convenience in using

the website. Disabling cookies may result improper website displaying.

3.5. How to disable cookies?

You can delete cookies from your browser at any time and block their reinstallation.

Depending on the browser you use, the option to delete or withdraw your consent to the

installation of cookies may vary. In this case, please refer to the user's manual available from

the browser on your electronic device.

4. Final provisions

Are changes to this Privacy Policy possible and when?

We reserve the right to change this Privacy Policy in the event of a change in the technology

by which we process personal data, as well as in the event of a change in the ways, purposes

or legal basis for processing personal data or due to new law regulations, new guidelines of

supervisory bodies over personal data protection.

In order to ensure the best possible contact in relation to the protection of personal data, we

also enable direct contact through following contact data:

Bug Bounty Reports Explained Grzegorz Niedziela

NIP [Taxpayer’s Identification Number] No. 6751745962

REGON [National Official Business Register] No. 388270925

The business is registered in Poland, in CENTRAL REGISTRATION


Contact email: