Privacy Policy

Last Updated: February 26, 2025

This privacy policy (this “Policy”) describes how CT Tornado spółka z o.o., a company duly incorporated and existing under the laws of the Republic of Poland, with its principal place of business in Wroclaw (address: ul. Wyspa Słodowa 7, 50-266 Wroclaw, Poland; registration: District Court for Wroclaw-Fabryczna in Wroclaw, KRS/company no.: 873910; EU VAT no.: PL8982262377; share capital: PLN 5,000.00; “we”) collect, use, store, and protect personal data in connection with the services provided through our platform (the “Platform” and “Services”, respectively) and the browsing of our website (the “Site”). It applies to the personal data of:

  • Clients (those who enter into a direct contract with us),
  • Client Representatives (individuals acting on behalf of a Client),
  • Authorized Users (e.g., Client’s employees, contractors, or other personnel who access the Services under the Client’s account), and
  • Site Visitors (individuals who access or browse the Site without creating an account).

This Policy does not address data collected directly from End Users in AI-powered surveys or chats that Clients create—those data flows are typically governed by separate arrangements or Data Processing Addendums (DPAs).

We are committed to safeguarding your privacy in accordance with applicable data protection laws, including the General Data Protection Regulation (the “GDPR”) and California Consumer Privacy Act (the “CCPA”).

By continuing to use our Site, Platform, and Services, you acknowledge that you have read and understood this Policy and agree to our collection, use, and disclosure of personal data as described herein.

1. INFORMATION WE COLLECT

We collect personal data from or about you in the following ways:

Account Registration & Management (Clients, Client Representatives, Authorized Users)

  • Contact and Identification Details: Names, email address, login credentials, role within the Client’s organization (if applicable).
  • Billing and Transaction Information (if applicable): Payment method details, billing address, and transaction records, processed securely by our third-party payment provider.
  • Usage Data: Login history, IP addresses, device information, browser type, access logs.

Site Browsing (Site Visitors)

  • Technical and Usage Data: IP address, cookies or similar tracking technologies, browser information, pages viewed, and interactions on the Site. This data is collected for analytics, security, and service improvement.

Communications and Support (All Categories)

  • Messages or Correspondence: Information shared through email inquiries, contact forms, or customer support chats.

Other Voluntarily Provided Data

  • Any additional information provided at your discretion (e.g., job titles, preferences) when you fill in forms or otherwise interact with us.

2.PURPOSES OF PROCESSING

We process personal data for:

  1. Provision of Services (Clients, Client Representatives, Authorized Users)
    Creating and managing accounts, authenticating users, and delivering contractual obligations under basic or paid subscriptions.
  2. Enabling Authorized Users to Access Services
    Allowing the Client’s chosen personnel (employees, contractors, or other designated individuals) to use our Platform through the Client’s account.
  3. Site Functionality and Improvement (All Categories)
    Ensuring the Site works properly, performing usage analytics, optimizing user experience, and improving our offerings.
  4. Billing and Payments (Clients)
    Handling subscription fees, payment processing, invoicing, and related financial communications.
  5. Security and Fraud Prevention (All Categories)
    Monitoring access logs, detecting unauthorized activity or potential threats, and protecting the integrity of our Services.
  6. Legal Compliance
    Meeting our obligations under applicable laws, responding to lawful requests, or enforcing our Terms of Service.

3. LEGAL BASES FOR PROCESSING

Depending on the specific context in which we process your data, our legal bases include:

  • Contractual Necessity (Clients, Authorized Users)
    We process personal data to perform our contractual obligations (e.g., providing subscription services, granting access to Authorized Users).
  • Legitimate Interests
    For operational needs such as Service improvement, security, and fraud prevention, provided that these interests do not override your fundamental rights and freedoms.
  • Legal Obligations
    Compliance with laws and regulations (e.g., accounting rules, responding to lawful requests).
  • Consent (Site Visitors)
    Where we rely on cookies or tracking technologies that require consent under applicable law.

4. DATA RECIPIENTS AND TRANSFERS

  • Internal Access: Personal data is accessed only by authorized personnel (e.g., support teams, finance, system administrators).
  • Third-Party Service Providers: We may share data with vendors (e.g., payment processors, hosting providers, analytics services) who are contractually required to protect your data.
  • International Transfers: If personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards (e.g., Standard Contractual Clauses) are in place.

5. DATA RETENTION

We retain personal data only for as long as necessary to fulfill the purposes stated in this Policy or as required by law:

  • Clients, Client Representatives, Authorized Users: For the duration of the contractual relationship plus any additional period required by statutory obligations or legitimate business needs.
  • Site Visitors: Typically for the duration of your browsing session and for analytics data as per our retention and cookie policies.
  • Communication Records: Retained for a reasonable period to handle inquiries, provide support, or comply with legal requirements.

Afterward, data is securely deleted or anonymized.

6. DATA SECURITY

We implement commercially reasonable technical and organizational measures to help safeguard personal data from unauthorized access, disclosure, or destruction. These measures include, for example, secure data storage, encryption where applicable, role-based access controls, and periodic security assessments.

7. YOUR RIGHTS UNDER GDPR

Subject to legal and contractual exceptions, you may have the following rights regarding your personal data:

  • Access & Rectification: Request to see what data we hold and correct inaccuracies.
  • Erasure & Restriction: Ask us to delete your personal data or restrict processing in certain circumstances.
  • Data Portability: Receive a copy of your data in a structured, commonly used, and machine-readable format.
  • Objection: Object to processing based on legitimate interests, unless we demonstrate compelling legitimate grounds.
  • Withdrawal of Consent: If we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

Please note, if you are an Authorized User, certain requests (e.g., erasure) may need to be coordinated with the Client (your employer or organization) if they remain the primary account holder or data controller with respect to your usage.

8. YOUR RIGHTS UNDER THE CCPA

If you are a California resident, you have additional rights under the CCPA. These rights include:

  • Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources from which the information is collected, the business or commercial purpose for collecting or selling your personal information, and the categories of third parties with whom we share such information.
  • Right to Delete: You may request the deletion of your personal information that we have collected, subject to certain exceptions (for example, if the data is necessary for us to complete a transaction, comply with a legal obligation, or for other legally permissible purposes).
  • Right to Opt-Out of the Sale of Personal Information: If applicable, you have the right to direct us to not sell your personal information. To exercise this right, please contact us using the details provided in Section 9 of this Policy.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. This means you will not receive different levels of service or pricing as a result of your decision to exercise your rights under the CCPA.

9. HOW TO EXERCISE YOUR RIGHTS AND CONTACT US (SECTION 9)

To submit requests or inquiries regarding your personal data or just contact us if you have any questions or concerns about this Policy or our data practices:

CTT
Full Postal Address: Wyspa Słodowa 7, 50-266 Wrocław, Poland.
Email Address: info@catchthetornado.com

We will respond within a reasonable timeframe and in compliance with applicable laws. We may request additional information to verify your identity when necessary.

10. UPDATES TO THIS PRIVACY POLICY

We may update this Policy from time to time to reflect changes in our data practices or legal requirements. When we do, we will revise the “Last Updated” date at the top and, where appropriate, notify you via email or on our website.