Privacy Policy
Last updated: 19 March 2026
1. Data Controller
The controller of personal data is SoMore, with its registered office at ul. Rolna 21/1, 61-491 Poznań, Poland.
- Email: kontakt@somore.agency
- NIP (Tax ID): 7831911676
- REGON: 529590727
2. Scope of Processed Data
Depending on the context, we process:
- first and last name,
- company name,
- email address,
- subject and content of messages sent via the contact form,
- technical data (e.g. IP address, browser type, operating system) collected automatically by the hosting server (Cloudflare),
- analytics data collected by Google Analytics 4 (after consent) - including cookie identifiers, approximate location, device information and interactions with the website,
- cookie consent preferences stored locally in the browser (localStorage:
cookie-consent).
3. Source of Data
We receive data directly from you (contact form on the website, email) or collect it automatically when you use the website (technical and analytics data).
4. Purposes and Legal Bases of Processing
| Purpose | Legal Basis |
|---|---|
| Handling enquiries and correspondence from the contact form | Art. 6(1)(b) GDPR (steps prior to entering into a contract) or Art. 6(1)(f) (legitimate interest of the controller - ongoing correspondence) |
| Conclusion and performance of a service agreement | Art. 6(1)(b) GDPR |
| Fulfilment of legal obligations (including tax and accounting) | Art. 6(1)(c) GDPR |
| Establishment, exercise or defence of legal claims | Art. 6(1)(f) GDPR |
| Website analytics and traffic statistics (Google Analytics 4) | Art. 6(1)(a) GDPR (user consent) |
| Ensuring website security and proper functioning (Cloudflare server logs) | Art. 6(1)(f) GDPR (legitimate interest of the controller) |
5. Data Recipients
Data may be shared with IT service providers supporting the website and communications, in particular:
- Cloudflare, Inc. (USA) - website hosting, content delivery (CDN), attack protection, server logs,
- Resend, Inc. (USA) - email delivery service for the contact form (as a data processor),
- Google Ireland Limited (Ireland) / Google LLC (USA) - Google Analytics 4 service, only after user consent,
- entities authorised under applicable law (e.g. courts, administrative authorities).
6. Data Transfers Outside the EEA
Due to the use of Cloudflare, Resend and Google Analytics services, data may be transferred to third countries (USA). Appropriate safeguards are applied, in particular:
- EU Standard Contractual Clauses (SCCs),
- EU-U.S. Data Privacy Framework (DPF) - for certified entities.
Details can be found in the documentation of the respective service providers.
7. Data Retention Periods
| Data Category | Retention Period |
|---|---|
| Correspondence not resulting in a contract | up to 24 months from the last contact |
| Data related to contract performance | for the duration of the contract + limitation period for claims |
| Accounting documents | in accordance with regulations (at least 5 years) |
| Analytics data (Google Analytics) | in accordance with GA4 retention settings (default 14 months) |
| Cookie preferences (localStorage) | until deleted by the user |
| Server logs (Cloudflare) | in accordance with Cloudflare's policy (typically up to 72 hours) |
8. Rights of Data Subjects
You have the right to:
- access your personal data,
- rectify inaccurate data,
- erase data ("right to be forgotten"),
- restrict processing,
- data portability (where the basis is a contract or consent),
- object to processing based on legitimate interest,
- withdraw consent at any time (without affecting the lawfulness of processing carried out prior to withdrawal),
- lodge a complaint with the President of the Personal Data Protection Office (UODO).
To exercise your rights, contact us at: kontakt@somore.agency.
9. Requirement to Provide Data
Providing data in the contact form (name, company, email) is voluntary but necessary to respond to your enquiry. Failure to provide this data will prevent us from contacting you back.
10. Automated Decisions and Profiling
We do not make automated decisions or profile users.
11. Data Security
We apply technical and organisational measures appropriate to the risk, including:
- transmission encryption (TLS/SSL),
- DDoS and bot protection (Cloudflare),
- access control to systems,
- contact form security measures (honeypot, rate limiting).
12. Changes to This Policy
We reserve the right to update this policy. The current version is always published on this page. In the event of significant changes, we will inform you via the website.
See also: Cookie Policy