Skip to main content

Privacy Policy

Last updated: February 2026

Workflows Lab respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you interact with our website and services, in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

If you have any questions about this Privacy Policy or how we handle your data, please contact us at the email address above.

2. Data We Collect

We may collect and process the following categories of personal data:

Information you provide directly

  • Name, email address, and any other information you submit through our contact form or email correspondence
  • Company name and role, when provided in connection with a consulting inquiry
  • Communication preferences when you subscribe to marketing communications

Information collected automatically

  • Technical data such as IP address, browser type, device type, and operating system
  • Usage data including pages visited, time spent on pages, and referral sources
  • Cookie data, as described in our cookie consent preferences

3. Purposes and Legal Bases for Processing

We process your personal data for the following purposes, each with a specific legal basis under Article 6(1) of the GDPR:

PurposeLegal Basis
Responding to contact inquiries and providing information about our servicesLegitimate interest (Art. 6(1)(f)) — responding to requests you initiate
Providing consulting services and managing client relationshipsPerformance of a contract or pre-contractual measures (Art. 6(1)(b))
Sending marketing communications about our services and insightsConsent (Art. 6(1)(a)) — provided separately and withdrawable at any time
Analyzing website usage to improve our content and user experienceConsent (Art. 6(1)(a)) — via cookie consent preferences
Ensuring website security and preventing abuseLegitimate interest (Art. 6(1)(f)) — protecting our infrastructure

4. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Contact inquiries: retained for up to 2 years from the date of your last communication with us, unless a business relationship is established
  • Client engagement data: retained for the duration of the business relationship and up to 5 years thereafter for legal and accounting obligations
  • Marketing communications: retained until you withdraw your consent or unsubscribe
  • Analytics data: aggregated and anonymized within 26 months

5. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access — You can request a copy of the personal data we hold about you
  • Right to rectification — You can ask us to correct any inaccurate or incomplete personal data
  • Right to erasure — You can request that we delete your personal data, subject to legal retention obligations
  • Right to data portability — You can request your data in a structured, commonly used, machine-readable format
  • Right to object — You can object to processing based on legitimate interest, including direct marketing
  • Right to restrict processing — You can request that we limit how we use your data in certain circumstances
  • Right to withdraw consent — Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

6. Right to Lodge a Complaint

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. The relevant authority for Poland is:

  • Authority: Prezes Urzędu Ochrony Danych Osobowych (UODO)
  • Website: uodo.gov.pl

7. International Data Transfers

Some of the services we use to operate this website and communicate with you are provided by companies based in the United States, including Cloudflare (content delivery and security) and our email service provider. When your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

  • The EU-U.S. Data Privacy Framework, where the provider is certified
  • Standard Contractual Clauses (SCCs) approved by the European Commission

8. Cookies

This website uses cookies to ensure basic functionality and, with your consent, to analyze usage patterns and support marketing activities. You can manage your cookie preferences at any time using the cookie settings available in the footer of this website.

For details on the categories of cookies we use, please review the preferences panel in our cookie consent banner.

9. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. Any updates will be posted on this page with a revised "last updated" date. We encourage you to review this policy periodically.

← Back to home

Cookie Preferences

We use analytics to understand how our site is used and improve it. No data is sold or shared with advertisers.