Privacy Policy
How we collect, process and protect data. Scoped, transparent and consistent with operational security practice.
1. Data Controller
The controller for personal data processed through this site is Badlands Solutions sp. z o.o., registered at Gałczyńskiego 4m901, 00-362 Warszawa, Poland, entered in the Krajowy Rejestr Sądowy under KRS number 0000896814, NIP 5252860590, REGON 388800808. Public contact: contact@badlandssolutions.com.
2. What We Collect
We collect and process personal data only when necessary and proportionate. The contact form on this site stores and processes the following data:
- Name — to identify the sender and address communications.
- Reply email address — to respond to the inquiry.
- Subject — to categorize and route the request internally.
- Sector — to assess engagement fit and domain relevance.
- Scope summary — to evaluate whether the inquiry is within our operational capabilities.
- Timestamp and origin — for abuse detection, communication security, and request auditability.
3. Purpose of Processing
The personal data listed above is processed solely for handling your inquiry and maintaining communication security. We do not use this data for marketing, profiling, or any purpose unrelated to the specific engagement or security context.
4. Legal Basis
Processing is based on Article 6(1)(b) and (f) of the GDPR: performance of pre-contractual measures at the data subject's request, and legitimate interests in security, fraud prevention and service improvement. Where consent is required, it is collected explicitly and can be withdrawn at any time.
5. Processors and Recipients
We do not sell personal data. Access is limited to processors acting on our behalf under data-processing agreements compliant with GDPR Article 28. These categories of processors include:
- Hosting providers — for secure storage and delivery of this site.
- Email delivery providers — for transmitting inquiry notifications and responses.
- Security and infrastructure providers — for abuse detection, rate limiting and threat mitigation.
No private email addresses are disclosed in public-facing content.
6. Retention
Contact inquiries are retained for up to 12 months from the date of last interaction, then deleted or anonymized unless a longer period is required by law or an ongoing business relationship. Technical logs are retained for 90 days.
7. Your Rights
Under the GDPR you have the right to access, rectification, deletion, restriction of processing, and objection to processing. To exercise these rights, contact us using the information below. We respond within 30 days.
8. Security
Data is transmitted over TLS 1.3, stored with encrypted-at-rest infrastructure, and access is limited to authorized personnel on a need-to-know basis. Contact forms include anti-abuse validation and rate limiting.
9. Contact
For privacy inquiries, contact the Controller at the registered address above or through the secure contact channel on this site.