Hero background

Privacy Policy

Last updated: October 2025

This Privacy Policy explains how Upside Lab sp. z o.o. (“Upside”, “we”, “our”, or “us”) collects, uses, and protects personal data when you visit our website https://upsidelab.io (the “Site”) or communicate with us through it.

We are committed to protecting your privacy and ensuring that your personal data is handled lawfully, fairly, and transparently in accordance with the EU General Data Protection Regulation (2016/679 – GDPR) and applicable Polish data-protection laws.

1. Data Controller

Upside Lab sp. z o.o.

Krupnicza 5/6

31-123 Kraków, Poland

NIP: 6762565519

e-mail: hello@upsidelab.io


2. Personal Data We Collect

We collect and process personal data in the following situations:

a) Data you provide to us

When you contact us through the Site, by email, or during business correspondence, we may collect:

  • Full name
  • Business email address
  • Phone number (optional)
  • Company name and role (optional)
  • Message content or other information you voluntarily provide

We refer to this as Contact Information.

b) Data collected automatically

When you visit the Site, we automatically collect limited technical information such as:

  • IP address
  • Browser type and version
  • Time zone, language settings, and operating system
  • Referring website or search term
  • Pages visited and time spent on the Site

This is referred to as Device Information and is collected through cookies, log files, and similar technologies (e.g., analytics tags or pixels).


3. Purposes and Legal Basis of Processing

We process your personal data only when we have a lawful basis under Article 6 of the GDPR.

Purpose
Type of Data
Legal Basis (GDPR)
Responding to inquiries and communication
Contact Information
Legitimate interest (Art. 6 (1)(f))
Managing and developing business relationships
Contact Information
Legitimate interest (Art. 6 (1)(f))
Operating, maintaining, and improving our Site
Device Information
Legitimate interest (Art. 6 (1)(f))
Conducting analytics and measuring engagement (e.g., Google Analytics)
Device Information
Consent (Art. 6 (1)(a))
Complying with legal obligations
All data types
Legal obligation (Art. 6 (1)(c))

We do not use your personal data for automated decision-making or profiling.

4. Cookies and Analytics

Our Site uses cookies and similar technologies to ensure proper functionality and to help us understand how visitors interact with our content.

You can manage or disable cookies through your browser settings at any time. Disabling essential cookies may affect certain website functions.

Analytics

We use Google Analytics and comparable tools to measure Site performance. Google may process data on servers outside the EEA. You can learn more in Google’s Privacy Policy and opt out using this tool.

If a cookie banner appears, your consent choice governs whether analytics cookies are activated.



5. Data Sharing and Processors

We may share personal data with carefully selected third parties who assist us in operating our business, including:

  • Website hosting and infrastructure providers
  • Analytics and performance-monitoring tools
  • Communication and email service providers

These entities act as data processors and process data solely under our instructions, subject to confidentiality and data-protection obligations.

We may also share personal data when required by law, court order, or public authority, or to protect our rights and property.

We never sell or rent personal data to third parties.

6. International Data Transfers

Where our service providers process data outside the European Economic Area (EEA), we ensure appropriate safeguards are applied—typically Standard Contractual Clauses (SCCs) approved by the European Commission—to maintain GDPR-level protection.


7. Data Retention

We retain personal data only as long as necessary for the purposes described above or as required by law.

  • Contact Information: up to 12 months after the last communication unless further retention is required for contractual, legal, or legitimate-interest reasons.
  • Analytics data: retained per the settings of the respective analytics provider (e.g., up to 26 months for Google Analytics).

After expiry of the retention period, data is securely deleted or anonymized.

8. Data Security

We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include secure hosting infrastructure, encryption (HTTPS/TLS), access controls, and regular monitoring.

While no online system can be guaranteed fully secure, we continuously evaluate and enhance our safeguards.

9. Your Rights under GDPR

As a data subject, you have the following rights:

  • Access – obtain confirmation and a copy of your personal data.
  • Rectification – request correction of inaccurate or incomplete data.
  • Erasure – request deletion (“right to be forgotten”).
  • Restriction – limit processing in certain situations.
  • Portability – receive your data in a structured, machine-readable format.
  • Objection – object to processing based on legitimate interest.
  • Withdraw consent – withdraw any consent previously given (e.g., for analytics).

To exercise your rights, contact us at hello@upsidelab.io. We will respond within 30 days, as required by GDPR.

If you believe your rights have been infringed, you may lodge a complaint with your local data-protection authority. In Poland, this is the President of the Personal Data Protection Office (UODO).


10. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or technology. Updates will appear on this page with a revised “Last updated” date. We encourage you to review this Policy periodically.

11. Contact

If you have any questions or concerns regarding this Privacy Policy or how we process personal data, please contact:

Upside Lab sp. z o.o.

Krupnicza 5/6

31-123 Kraków, Poland

Email: hello@upsidelab.io