Privacy and Cookie Policy
Last updated: 30 April 2026
1. Data Controller
The controller of your personal data is Ruby Logic Poland Sp. z o.o., with its registered office in Bielsko-Biała (43-300), ul. Aleksandrowicka 35, Poland, entered in the National Court Register (KRS) under number 0000933511, share capital: PLN 50,000, Tax ID (NIP): 5472228121, Statistical ID (REGON): 520477998 (hereinafter: "Controller" or "Ruby Logic").
Contact for data protection matters: [email protected]
2. Scope of this Policy
This Policy applies to the processing of personal data and the use of cookies in connection with the action-audit.com website and related sites (hereinafter: "Website"), including:
- browsing the Website (cookies),
- using the contact form,
- subscribing to the newsletter.
:::info
Processing of personal data of logged-in users of the Action Audit Platform, Mobile Application, and Employee Kiosk is governed by a separate document: Action Audit Service Privacy Policy.
:::
3. Categories of Data Subjects and Scope of Data
3.1 Website Visitors
| Data | Source |
|---|---|
| IP address | Automatically |
| Cookie data (session identifier, preferences) | With consent (see: Section 9) |
| Behavioural data on the Website (pages visited, visit duration) | Analytics cookies (with consent) |
| Browser type and version, operating system, screen resolution | Automatically |
3.2 Contact Form Users
| Data | Source |
|---|---|
| First and last name | Contact form |
| E-mail address | Contact form |
| Phone number | Contact form |
| Message content | Contact form |
3.3 Newsletter Subscribers
| Data | Source |
|---|---|
| First and last name | Subscription form |
| E-mail address | Subscription form |
| Date and time of consent | Automatically |
4. Purposes and Legal Bases for Processing
| Purpose | Legal basis (GDPR) | Applies to |
|---|---|---|
| Ensuring proper functioning of the Website (strictly necessary cookies) | Art. 6(1)(f) — legitimate interest | Visitors |
| Website traffic analysis (analytics cookies) | Art. 6(1)(a) — consent | Visitors |
| Displaying personalised content and advertisements (marketing cookies) | Art. 6(1)(a) — consent + Art. 173 of the Polish Telecommunications Act | Visitors |
| Responding to contact form enquiries | Art. 6(1)(f) — legitimate interest (communication with prospective clients) | Enquirers |
| Sending the newsletter and marketing materials | Art. 6(1)(a) — consent | Subscribers |
| IT security (server logs) | Art. 6(1)(f) — legitimate interest (security) | Visitors |
| Establishing, pursuing, or defending legal claims | Art. 6(1)(f) — legitimate interest | All |
| Fulfilling obligations under the GDPR | Art. 6(1)(c) — legal obligation | All |
For the newsletter, additional legal bases include Art. 10 of the Polish Act of 18 July 2002 on Provision of Electronic Services and Art. 172 of the Polish Act of 16 July 2004 — Telecommunications Act.
5. Data Recipients
Personal data may be disclosed to the following categories of recipients:
- Data processors — hosting providers, e-mail service providers, analytics tool providers (e.g. Google Analytics), advertising platforms (e.g. Meta, LinkedIn), newsletter delivery platforms — under data processing agreements (DPAs) compliant with Art. 28 GDPR.
- Public authorities — only upon receipt of a request based on a valid legal basis.
Ruby Logic does not sell personal data to third parties.
6. International Data Transfers
Personal data is generally processed within the European Economic Area (EEA).
Where a transfer outside the EEA is necessary (e.g. in connection with global analytics or advertising tools), the transfer is carried out solely on the basis of:
- an adequacy decision of the European Commission (Art. 45 GDPR),
- standard contractual clauses (SCCs) approved by the European Commission (Art. 46(2)(c) GDPR),
- the EU-U.S. Data Privacy Framework (for certified US entities),
- another mechanism provided for by the GDPR.
7. Data Retention Periods
| Data category | Retention period | Legal basis |
|---|---|---|
| Contact form data | Up to 12 months after the end of correspondence, unless a contractual relationship arises | Art. 6(1)(f) GDPR |
| Newsletter subscriber data | Until consent is withdrawn or the subscriber unsubscribes | Art. 6(1)(a) GDPR |
| Server logs (IP addresses) | Max. 12 months | Art. 6(1)(f) GDPR |
| Cookies | In accordance with the validity period of each cookie (see: Section 9) | Consent |
8. Data Subject Rights
Under the GDPR, you have the following rights:
| Right | Description |
|---|---|
| Right of access (Art. 15) | Obtain information about processing and a copy of your data. |
| Right to rectification (Art. 16) | Request correction of inaccurate or completion of incomplete data. |
| Right to erasure (Art. 17) | Request erasure of data ("right to be forgotten"), subject to exceptions under the GDPR. |
| Right to restriction of processing (Art. 18) | Request restriction of processing in certain circumstances. |
| Right to data portability (Art. 20) | Receive data in a structured, commonly used format. |
| Right to object (Art. 21) | Object to processing based on legitimate interest, including direct marketing. |
| Right to withdraw consent (Art. 7(3)) | Withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal. |
| Right to lodge a complaint (Art. 77) | Lodge a complaint with the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland. |
How to Exercise Your Rights
Requests may be submitted:
- by e-mail: [email protected]
- in writing: Ruby Logic Poland Sp. z o.o., ul. Aleksandrowicka 35, 43-300 Bielsko-Biała, Poland
Requests will be fulfilled without undue delay, and no later than 1 month from receipt. In the case of complex requests, the deadline may be extended by a further 2 months, of which you will be informed within the first month.
9. Cookies
9.1 What Are Cookies
Cookies are small text files stored on your device (computer, phone, tablet) when you use websites. They enable the proper functioning of the website, remembering preferences, and collecting statistical information.
9.2 Strictly Necessary Cookies
Required for the proper functioning of the Website. They do not require consent — without them the website cannot function.
| Name | Purpose | Validity period | Type |
|---|---|---|---|
| session_id | Maintaining user session | Until browser is closed | Session, HttpOnly, Secure |
| csrf_token | CSRF attack protection | Until browser is closed | Session, HttpOnly, Secure |
| cookie_consent | Remembering cookie preferences | 12 months | Persistent, Secure |
9.3 Analytics Cookies
Allow us to understand how visitors use the Website (e.g. which pages are visited most frequently, visit duration). Data is collected in aggregated form. They require your consent.
| Name | Provider | Purpose | Validity period | Type |
|---|---|---|---|---|
| _ga | Google Analytics | Distinguishing users | 24 months | Persistent, Third-party |
| ga* | Google Analytics | Storing session state | 24 months | Persistent, Third-party |
| _gid | Google Analytics | Distinguishing users | 24 hours | Persistent, Third-party |
:::note The above list may change as the website evolves. The current cookie list is available in the cookie settings on the Website. :::
9.4 Marketing Cookies
Used to display personalised content and advertisements and to measure the effectiveness of campaigns. They require your consent.
| Name | Provider | Purpose | Validity period | Type |
|---|---|---|---|---|
| _fbp | Meta (Facebook) | Advertising conversion tracking | 3 months | Persistent, Third-party |
| li_sugr | Advertising conversion tracking | 3 months | Persistent, Third-party |
9.5 Managing Cookie Consent
Cookie banner: On your first visit to the Website, we display a banner allowing you to:
- accept all cookies,
- reject all optional cookies (keeping only strictly necessary ones),
- customise preferences per category (analytics, marketing).
Changing preferences: You can change your preferences at any time:
- by clicking the "Cookie settings" link in the Website footer,
- via your browser settings.
Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
9.6 Browser Settings
Most browsers allow you to control cookies. You can block all cookies, block third-party cookies, delete stored cookies, or set notifications before a cookie is stored.
Information on managing cookies in popular browsers:
Note: Blocking strictly necessary cookies may prevent you from using the Website properly.
10. Newsletter
Subscribing to the newsletter is voluntary and requires consent via a form on the Website with a double opt-in mechanism (confirmation by e-mail link).
Each newsletter e-mail contains a link to unsubscribe. Withdrawing consent results in cessation of mailings and deletion of data from the mailing list.
Detailed rules are set out in the Action Audit Newsletter Terms.
11. Profiling and Automated Decision-Making
Ruby Logic does not carry out profiling or automated decision-making within the meaning of Art. 22 GDPR with respect to Website visitors.
12. Changes to this Policy
Ruby Logic reserves the right to update this Policy, in particular in connection with changes to legislation, cookies used, providers, or data processing practices. We will notify you of material changes by means of a prominent notice on the Website and — with regard to cookies — by re-displaying the cookie banner.
13. Contact
For matters related to personal data protection and cookies:
Ruby Logic Poland Sp. z o.o. ul. Aleksandrowicka 35, 43-300 Bielsko-Biała, Poland E-mail: [email protected] Website: https://action-audit.com
14. Language Version
The original language of this Policy is Polish. In the event of discrepancies between language versions, the Polish version shall prevail, unless mandatory provisions of law provide otherwise.