Action Audit

Last updated: 30 April 2026

1. Data Controller

The controller of your personal data is Ruby Logic Poland Sp. z o.o., with its registered office in Bielsko-Biała (43-300), ul. Aleksandrowicka 35, Poland, entered in the National Court Register (KRS) under number 0000933511, share capital: PLN 50,000, Tax ID (NIP): 5472228121, Statistical ID (REGON): 520477998 (hereinafter: "Controller" or "Ruby Logic").

Contact for data protection matters: [email protected]

2. Scope of this Policy

This Policy applies to the processing of personal data and the use of cookies in connection with the action-audit.com website and related sites (hereinafter: "Website"), including:

  • browsing the Website (cookies),
  • using the contact form,
  • subscribing to the newsletter.
Processing of personal data of logged-in users of the Action Audit Platform, Mobile Application, and Employee Kiosk is governed by a separate document: Action Audit Service Privacy Policy.

3. Categories of Data Subjects and Scope of Data

3.1 Website Visitors

Data

IP address

Source

Automatically

Data

Cookie data (session identifier, preferences)

Source

With consent (see: Section 9)

Data

Behavioural data on the Website (pages visited, visit duration)

Source

Analytics cookies (with consent)

Data

Browser type and version, operating system, screen resolution

Source

Automatically
DataSource
IP addressAutomatically
Cookie data (session identifier, preferences)With consent (see: Section 9)
Behavioural data on the Website (pages visited, visit duration)Analytics cookies (with consent)
Browser type and version, operating system, screen resolutionAutomatically

3.2 Contact Form Users

Data

First and last name

Source

Contact form

Data

E-mail address

Source

Contact form

Data

Phone number

Source

Contact form

Data

Message content

Source

Contact form
DataSource
First and last nameContact form
E-mail addressContact form
Phone numberContact form
Message contentContact form

3.3 Newsletter Subscribers

Data

First and last name

Source

Subscription form

Data

E-mail address

Source

Subscription form

Data

Date and time of consent

Source

Automatically
DataSource
First and last nameSubscription form
E-mail addressSubscription form
Date and time of consentAutomatically

Purpose

Ensuring proper functioning of the Website (strictly necessary cookies)

Legal basis (GDPR)

Art. 6(1)(f) — legitimate interest

Applies to

Visitors

Purpose

Website traffic analysis (analytics cookies)

Legal basis (GDPR)

Art. 6(1)(a) — consent

Applies to

Visitors

Purpose

Displaying personalised content and advertisements (marketing cookies)

Legal basis (GDPR)

Art. 6(1)(a) — consent + Art. 173 of the Polish Telecommunications Act

Applies to

Visitors

Purpose

Responding to contact form enquiries

Legal basis (GDPR)

Art. 6(1)(f) — legitimate interest (communication with prospective clients)

Applies to

Enquirers

Purpose

Sending the newsletter and marketing materials

Legal basis (GDPR)

Art. 6(1)(a) — consent

Applies to

Subscribers

Purpose

IT security (server logs)

Legal basis (GDPR)

Art. 6(1)(f) — legitimate interest (security)

Applies to

Visitors

Purpose

Establishing, pursuing, or defending legal claims

Legal basis (GDPR)

Art. 6(1)(f) — legitimate interest

Applies to

All

Purpose

Fulfilling obligations under the GDPR

Legal basis (GDPR)

Art. 6(1)(c) — legal obligation

Applies to

All
PurposeLegal basis (GDPR)Applies to
Ensuring proper functioning of the Website (strictly necessary cookies)Art. 6(1)(f) — legitimate interestVisitors
Website traffic analysis (analytics cookies)Art. 6(1)(a) — consentVisitors
Displaying personalised content and advertisements (marketing cookies)Art. 6(1)(a) — consent + Art. 173 of the Polish Telecommunications ActVisitors
Responding to contact form enquiriesArt. 6(1)(f) — legitimate interest (communication with prospective clients)Enquirers
Sending the newsletter and marketing materialsArt. 6(1)(a) — consentSubscribers
IT security (server logs)Art. 6(1)(f) — legitimate interest (security)Visitors
Establishing, pursuing, or defending legal claimsArt. 6(1)(f) — legitimate interestAll
Fulfilling obligations under the GDPRArt. 6(1)(c) — legal obligationAll

For the newsletter, additional legal bases include Art. 10 of the Polish Act of 18 July 2002 on Provision of Electronic Services and Art. 172 of the Polish Act of 16 July 2004 — Telecommunications Act.

5. Data Recipients

Personal data may be disclosed to the following categories of recipients:

  • Data processors — hosting providers, e-mail service providers, analytics tool providers (e.g. Google Analytics), advertising platforms (e.g. Meta, LinkedIn), newsletter delivery platforms — under data processing agreements (DPAs) compliant with Art. 28 GDPR.
  • Public authorities — only upon receipt of a request based on a valid legal basis.

Ruby Logic does not sell personal data to third parties.

6. International Data Transfers

Personal data is generally processed within the European Economic Area (EEA).

Where a transfer outside the EEA is necessary (e.g. in connection with global analytics or advertising tools), the transfer is carried out solely on the basis of:

  • an adequacy decision of the European Commission (Art. 45 GDPR),
  • standard contractual clauses (SCCs) approved by the European Commission (Art. 46(2)(c) GDPR),
  • the EU-U.S. Data Privacy Framework (for certified US entities),
  • another mechanism provided for by the GDPR.

7. Data Retention Periods

Data category

Contact form data

Retention period

Up to 12 months after the end of correspondence, unless a contractual relationship arises

Legal basis

Art. 6(1)(f) GDPR

Data category

Newsletter subscriber data

Retention period

Until consent is withdrawn or the subscriber unsubscribes

Legal basis

Art. 6(1)(a) GDPR

Data category

Server logs (IP addresses)

Retention period

Max. 12 months

Legal basis

Art. 6(1)(f) GDPR

Data category

Cookies

Retention period

In accordance with the validity period of each cookie (see: Section 9)

Legal basis

Consent
Data categoryRetention periodLegal basis
Contact form dataUp to 12 months after the end of correspondence, unless a contractual relationship arisesArt. 6(1)(f) GDPR
Newsletter subscriber dataUntil consent is withdrawn or the subscriber unsubscribesArt. 6(1)(a) GDPR
Server logs (IP addresses)Max. 12 monthsArt. 6(1)(f) GDPR
CookiesIn accordance with the validity period of each cookie (see: Section 9)Consent

8. Data Subject Rights

Under the GDPR, you have the following rights:

Right

Right of access (Art. 15)

Description

Obtain information about processing and a copy of your data.

Right

Right to rectification (Art. 16)

Description

Request correction of inaccurate or completion of incomplete data.

Right

Right to erasure (Art. 17)

Description

Request erasure of data ("right to be forgotten"), subject to exceptions under the GDPR.

Right

Right to restriction of processing (Art. 18)

Description

Request restriction of processing in certain circumstances.

Right

Right to data portability (Art. 20)

Description

Receive data in a structured, commonly used format.

Right

Right to object (Art. 21)

Description

Object to processing based on legitimate interest, including direct marketing.

Right

Right to withdraw consent (Art. 7(3))

Description

Withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

Right

Right to lodge a complaint (Art. 77)

Description

Lodge a complaint with the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland.
RightDescription
Right of access (Art. 15)Obtain information about processing and a copy of your data.
Right to rectification (Art. 16)Request correction of inaccurate or completion of incomplete data.
Right to erasure (Art. 17)Request erasure of data ("right to be forgotten"), subject to exceptions under the GDPR.
Right to restriction of processing (Art. 18)Request restriction of processing in certain circumstances.
Right to data portability (Art. 20)Receive data in a structured, commonly used format.
Right to object (Art. 21)Object to processing based on legitimate interest, including direct marketing.
Right to withdraw consent (Art. 7(3))Withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
Right to lodge a complaint (Art. 77)Lodge a complaint with the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland.

How to Exercise Your Rights

Requests may be submitted:

  • by e-mail: [email protected]
  • in writing: Ruby Logic Poland Sp. z o.o., ul. Aleksandrowicka 35, 43-300 Bielsko-Biała, Poland

Requests will be fulfilled without undue delay, and no later than 1 month from receipt. In the case of complex requests, the deadline may be extended by a further 2 months, of which you will be informed within the first month.

9. Cookies

9.1 What Are Cookies

Cookies are small text files stored on your device (computer, phone, tablet) when you use websites. They enable the proper functioning of the website, remembering preferences, and collecting statistical information.

9.2 Strictly Necessary Cookies

Required for the proper functioning of the Website. They do not require consent — without them the website cannot function.

Name

session_id

Purpose

Maintaining user session

Validity period

Until browser is closed

Type

Session, HttpOnly, Secure

Name

csrf_token

Purpose

CSRF attack protection

Validity period

Until browser is closed

Type

Session, HttpOnly, Secure

Name

cookie_consent

Purpose

Remembering cookie preferences

Validity period

12 months

Type

Persistent, Secure
NamePurposeValidity periodType
session_idMaintaining user sessionUntil browser is closedSession, HttpOnly, Secure
csrf_tokenCSRF attack protectionUntil browser is closedSession, HttpOnly, Secure
cookie_consentRemembering cookie preferences12 monthsPersistent, Secure

9.3 Analytics Cookies

Allow us to understand how visitors use the Website (e.g. which pages are visited most frequently, visit duration). Data is collected in aggregated form. They require your consent.

Name

_ga

Provider

Google Analytics

Purpose

Distinguishing users

Validity period

24 months

Type

Persistent, Third-party

Name

ga*

Provider

Google Analytics

Purpose

Storing session state

Validity period

24 months

Type

Persistent, Third-party

Name

_gid

Provider

Google Analytics

Purpose

Distinguishing users

Validity period

24 hours

Type

Persistent, Third-party
NameProviderPurposeValidity periodType
_gaGoogle AnalyticsDistinguishing users24 monthsPersistent, Third-party
ga*Google AnalyticsStoring session state24 monthsPersistent, Third-party
_gidGoogle AnalyticsDistinguishing users24 hoursPersistent, Third-party

:::note The above list may change as the website evolves. The current cookie list is available in the cookie settings on the Website. :::

9.4 Marketing Cookies

Used to display personalised content and advertisements and to measure the effectiveness of campaigns. They require your consent.

Name

_fbp

Provider

Meta (Facebook)

Purpose

Advertising conversion tracking

Validity period

3 months

Type

Persistent, Third-party

Name

li_sugr

Provider

LinkedIn

Purpose

Advertising conversion tracking

Validity period

3 months

Type

Persistent, Third-party
NameProviderPurposeValidity periodType
_fbpMeta (Facebook)Advertising conversion tracking3 monthsPersistent, Third-party
li_sugrLinkedInAdvertising conversion tracking3 monthsPersistent, Third-party

Cookie banner: On your first visit to the Website, we display a banner allowing you to:

  • accept all cookies,
  • reject all optional cookies (keeping only strictly necessary ones),
  • customise preferences per category (analytics, marketing).

Changing preferences: You can change your preferences at any time:

  • by clicking the "Cookie settings" link in the Website footer,
  • via your browser settings.

Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

9.6 Browser Settings

Most browsers allow you to control cookies. You can block all cookies, block third-party cookies, delete stored cookies, or set notifications before a cookie is stored.

Information on managing cookies in popular browsers:

Note: Blocking strictly necessary cookies may prevent you from using the Website properly.

10. Newsletter

Subscribing to the newsletter is voluntary and requires consent via a form on the Website with a double opt-in mechanism (confirmation by e-mail link).

Each newsletter e-mail contains a link to unsubscribe. Withdrawing consent results in cessation of mailings and deletion of data from the mailing list.

Detailed rules are set out in the Action Audit Newsletter Terms.

11. Profiling and Automated Decision-Making

Ruby Logic does not carry out profiling or automated decision-making within the meaning of Art. 22 GDPR with respect to Website visitors.

12. Changes to this Policy

Ruby Logic reserves the right to update this Policy, in particular in connection with changes to legislation, cookies used, providers, or data processing practices. We will notify you of material changes by means of a prominent notice on the Website and — with regard to cookies — by re-displaying the cookie banner.

13. Contact

For matters related to personal data protection and cookies:

Ruby Logic Poland Sp. z o.o. ul. Aleksandrowicka 35, 43-300 Bielsko-Biała, Poland E-mail: [email protected] Website: https://action-audit.com

14. Language Version

The original language of this Policy is Polish. In the event of discrepancies between language versions, the Polish version shall prevail, unless mandatory provisions of law provide otherwise.