Privacy Policy

This Privacy Policy is intended to explain how the personal data of users of the website www.thelupoconcept.com (hereinafter referred to as the “website” or “site”) is processed. Ensuring the fullest protection of all website users is our top priority. We operate based on our established security policy and in accordance with applicable laws, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR). This Privacy Policy also explains the rights of users concerning the limitation of the use of personal data and outlines the procedures we use to protect that data.

Please note that this Privacy Policy is for informational purposes only and does not impose any obligations on you.

Collection and Processing of Data by the Authorized Entity

The entity authorized to process the personal data of website users – the data controller – is The Lupo Concept sp. z o.o., based in Warsaw at Koszykowa 10/4, 04-634 Warsaw, Poland, VAT ID: 9522219920, registered in the National Court Register under number 0000919288 (hereinafter referred to as the “Controller” or “Company”). The Controller has not appointed a Data Protection Officer.

The Controller undertakes to keep the personal data of website users confidential and not to process it without their consent or explicit request.

If you have any questions or comments regarding this Privacy Policy or our processing of personal data, please contact us at: office@thelupoconcept.com

Purpose and Location of Personal Data Processing

The website is intended primarily, though not exclusively, for its users, including clients or potential clients of the Company—i.e., individuals interested in the Company’s comprehensive social media services. Collaboration with users may occur via inquiries sent to the above email address or any other company email, via contact forms on the website (if available), or via direct contact such as a phone call or face-to-face meeting. In each case, users provide the personal data necessary to help us identify their needs and determine whether they are a client, a potential client, or interested in other forms of collaboration. This information is used to provide our social media services.

Voluntary Provision of Data and User Rights

Providing personal data is entirely voluntary. By using the website—including submitting inquiries or offers through contact forms (if available)—the user consents to the processing of their personal data as described in this Privacy Policy. This also applies to emails sent independently.

If a user wants to subscribe to our newsletter, providing personal data is mandatory; otherwise, we cannot conclude or execute the service agreement for the newsletter. Subscribing to the newsletter also includes consent to receive SMS marketing messages.

Consent for direct marketing may also be given through the contact form.

Each user has the right to withdraw consent at any time, review, modify, supplement, restrict, or request the deletion of their personal data, and object to data processing based on a particular situation. Requests should be sent to the above email address or by mail to the company’s registered address. Users can also lodge complaints with the President of the Personal Data Protection Office.

You can unsubscribe from the newsletter or withdraw your direct marketing consent given in the contact form at any time and without giving a reason.

Type and Purpose of Processed Personal Data

The Controller processes personal data in accordance with the GDPR and only for the purposes described in this Privacy Policy. The data will not be sold or shared with third parties—whether individuals or organizations—unless explicitly requested or authorized by the user or required by law.

However, data may be shared with trusted partners working with the Company, with the user’s knowledge and consent, and only to the extent accepted by the user.

The Controller also collects technical (non-personal) data such as IP address, browser type, computer location, URLs accessed, and other system-related parameters. These are used for statistical purposes and to improve our services and technical support.

Our website may contain links to third-party websites over which we have no control. The Controller is not responsible—directly or indirectly—for any losses or damages resulting from the use of these sites. Users access them at their own risk and should review the privacy policy applicable to each of them. This Privacy Policy applies solely to our website.

Legal Basis and Scope of Data Processing

The Controller may process personal data on the following GDPR legal bases (Article 6):

• User consent (e.g., via contact form, newsletter signup, website use, or initiating contact).

Maximum data: name, gender, email address, phone number (or just email).

• Contract execution or pre-contract actions (e.g., newsletter or direct marketing).

Maximum data: name, gender, email address, phone number (or just name and email).

• Legitimate interest (e.g., legal claims).

Maximum data: name, gender, email address.

Principles of Personal Data Processing

Processing of personal data must comply with GDPR Article 5, including:

• Lawfulness, fairness, and transparency – Data is processed lawfully if at least one legal basis is fulfilled. Information must be clear and easily understandable.

• Purpose limitation – Data must be collected for specific, legitimate purposes and not used in incompatible ways.

• Data minimization – Only necessary data may be collected (e.g., name and email for the contact form, email and/or phone for the newsletter).

• Accuracy – Users must provide accurate data; we update it only upon user request.

• Storage limitation – Data is retained no longer than necessary (e.g., during newsletter subscription or up to 6 years for consumer claims).

• Integrity and confidentiality – We use appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or damage.

• Accountability – The Controller must demonstrate compliance with data processing rules. We protect your data in the best possible way.

Data Security, Impact Assessments, and Data Protection Officer

The GDPR does not impose specific data security measures but provides guidelines (Article 32) including technical knowledge, cost of implementation, context, risk level, and more. The Controller selects measures appropriate to risk, ensuring the highest possible protection of user data.

Data Recipients

Besides the Controller, personal data may be processed by authorized individuals or entities, such as legal advisors, IT professionals, software vendors—only if a contract is in place. They will act solely under the Controller’s instructions.

Data will always be processed only by individuals who have received proper authorization (e.g., employees or contractors).

Use of Cookies

User browsers may store text files known as “cookies” from our server. These allow us to read necessary information for the website to function properly and collect statistical data on user activity. Cookies do not identify users or allow the collection of personal data.

Browsers typically accept cookies by default, but users may configure their browser to reject or restrict cookies. However, this may affect website functionality.

Legal Disclaimer

The Controller reserves the right to amend this Privacy Policy in case of changes in the law or our business activities. Any updates will be published on the website.

By visiting this site, you accept the principles outlined in this Privacy Policy. If you do not accept any part of this document, you should not use the site or submit any forms or inquiries. Providing your data will be considered full acceptance of this policy.