This document describes the ways, scope and purpose of collecting and processing personal data.


The responsible data controller is TouK Sp. z o.o. s.k.a. registered in Warsaw, Poland, al. Bohaterów Września 9. TouK operates according to its internal "Personal data security policy".


We gather and process personal data to provide relevant content on our web pages, to market our services, to provide contracted services and to meet our legal obligations. 3rd parties can process personal data according to separate legal agreements.

Web server logs

We store and analyse access logs of web servers providing our websites. Log entry contains access time, your IP address, web browser type, HTTP referrer information. Some content can be stored on Amazon Web Services and provided using Cloud Front service. We use Cloud Front to achieve higher availability and speed of websites. The processing of this data is necessary for the provision, quality and the security of our website. The legal basis for processing is Art. 6(1)(f) GDPR.


We store cookies in your browser. We use them to identify browsing session, notify you about new blog posts, remember your preferences and privacy policy consent. These are strictly necessary cookies. You can disable analytics and advertising cookies for our domains using consent form or in your browser. The legal basis for processing is Art. 6(1)(f) GDPR.


We use the Google Analytics service to analyse the use of the site. Google Analytics utilises cookies, stores and process information about the use of websites. TouK does not store these data. Google has its privacy policy, i.e. If you wish your visits were not included in site analytics, please use Google Analytics opt-out. The legal basis for processing is Art. 6(1)(f) GDPR.

Emails in domain

We store emails sent to addresses in domain for at most 5 years since last recorded contact with us. Mail server logs containing email exchange metadata are stored for 99 years. The legal basis for processing is Art. 6(1)(a and f) GDPR.

Your rights

the right of access according to Art. 15 GDPR;

the right to rectification according to Art. 16 GDPR;

the right to erasure according to Art. 17 GDPR;

the right to the restriction of processing according to Art. 18 GDPR;

the right to object of processing according to Art. 21 GDPR;

the right to data portability according to Art. 20 GDPR.