Edukey - IT Training Logo

Privacy Policy and Cookie Policy (Edukey)

Effective date: 25 May 2018
Last updated: 25 January 2026

This Privacy Policy explains how Edukey sp. z o.o. (“Edukey”, “we”, “us”) processes personal data when you use our websites and services, including training courses, consulting, and (where available) online accounts and digital services.

This document also includes our Cookie Policy.

Important: Using the website does not require you to give consent to all processing.
Where we rely on consent (e.g., marketing emails, non-essential cookies), we will ask for it separately and you can withdraw it at any time.

1. Who is the controller of your personal data?

The controller (data administrator) is:

Edukey sp. z o.o.
ul. Łąkowa 7B, 90-562 Łódź, Poland
NIP: PL7282767399 | KRS: 0000577956
Websites: edukey.ai and www.edukey.pl

2. How to contact us about personal data?

If you have questions about this Privacy Policy or want to exercise your rights, contact us:

Data Protection Officer (DPO): We do not appoint a DPO unless required by law. If we appoint one, we will publish the contact details here.

3. Where do we get your data from?

We may obtain your data:

  • directly from you (e.g., via forms, email, phone, account registration),
  • from your employer / ordering organization (e.g., HR or a purchasing department) when they arrange training for you,
  • during business communications (e.g., meetings, exchanging business cards).

We do not buy mailing lists or personal data databases.

If you believe we should not have your data, contact us and we will clarify the situation and, if appropriate, delete the data.

4. What data do we process?

Depending on how you use our services, we may process:

  • identification and contact data (name, email, phone),
  • account data (login, password hash, user settings) if you create an account,
  • billing and invoicing data (address, company name, VAT/NIP, invoice details),
  • training-related data (your role/position, responsibilities, experience, training needs; optionally test results if used to tailor training),
  • communication data (emails/messages, call notes),
  • technical and usage data (IP address, device identifiers, logs, cookie IDs, analytics events),
  • complaint and claim handling data (if you submit a complaint).

We do not intentionally collect special categories of data (sensitive data) unless it is necessary and lawful (e.g., you voluntarily include it in communication). Please avoid sending sensitive data unless required.

5. Why do we process your data (purposes and legal bases)?

We process personal data only when we have a lawful basis under GDPR. Depending on the situation, the legal basis is:

A) Contract and steps before contract (GDPR Art. 6(1)(b))

We process data to:

  • answer your inquiry, prepare and send an offer,
  • register you for training and deliver training/consulting,
  • manage your account (if available) and provide access to online services,
  • handle payments and service delivery logistics,
  • issue certificates/diplomas and maintain attendance lists (if applicable to the service).

B) Legal obligations (GDPR Art. 6(1)(c))

We process data to comply with laws, especially:

  • accounting and tax obligations (invoicing, records),
  • handling statutory complaints and required documentation.

C) Legitimate interests (GDPR Art. 6(1)(f))

We may process data for our legitimate interests, such as:

  • ensuring website and service security, preventing abuse/fraud,
  • maintaining logs and troubleshooting,
  • improving our services and internal statistics (where permitted),
  • maintaining records to demonstrate compliance (accountability),
  • debt collection and legal defense/claims.

Where we rely on legitimate interests, you have the right to object (see Section 9).

D) Consent (GDPR Art. 6(1)(a))

We rely on consent where required, e.g.:

  • sending marketing emails/SMS/calls where consent is required by law,
  • placing non-essential cookies (analytics/advertising) and similar technologies,
  • optional publication of testimonials or marketing materials (if applicable).

You can withdraw consent at any time (it does not affect the lawfulness of processing before withdrawal).

6. Do you have to provide your data?

Providing data is voluntary, but may be necessary to:

  • receive an offer,
  • register for training,
  • or receive services.

Typically required data:

  • name, email, phone (for contact and organization),
  • for invoicing: address (individual) or company details including VAT/NIP (business),
  • for an online account: login/email and password (set by you).

If you do not provide necessary data, we may not be able to provide the service or may provide it only in a limited form.

7. Who do we share data with?

We may share data with:

  • our trainers and collaborators involved in delivery (e.g., attendance list, training organization details),
  • service providers acting as processors (e.g., hosting, email, IT support, CRM, analytics, error monitoring),
  • accounting and payment providers (to process invoices and payments),
  • legal and audit advisors (when necessary),
  • public authorities (only if required by law).

We do not sell personal data and we do not share it with third parties for their own marketing.

8. How long do we keep data?

We keep data only as long as needed for the purposes described:

  • service and contract data: for the duration of the relationship and afterwards as needed for claims/defense and documentation,
  • tax/accounting data: for the period required by applicable law,
  • marketing based on consent: until you withdraw consent,
  • marketing based on legitimate interests (where permitted): until you object or we no longer have a legitimate reason,
  • analytics/cookie data: according to cookie retention settings (see Cookie Policy).

As a general rule (unless law requires longer), we do not keep your personal data longer than 10 years from the last service provided, especially for documentation and claim limitation purposes.

9. Your rights

Under GDPR you have the right to:

  • access your data,
  • correct inaccurate data,
  • delete data (in certain cases),
  • restrict processing,
  • data portability (where applicable),
  • object to processing based on legitimate interests (including direct marketing),
  • withdraw consent at any time (where processing is based on consent),
  • lodge a complaint with a supervisory authority.

How to exercise your rights

Contact us using the details in Section 2. We may ask for additional information to verify your identity.

Supervisory authority

You can lodge a complaint with the data protection authority in your country.

In Poland, the supervisory authority is the President of the Personal Data Protection Office (UODO / PUODO).

10. When can you object?

You can object when:

  • we process your data based on legitimate interests and you have a situation that justifies objection, and/or
  • we process your data for direct marketing (you can object at any time; no justification needed).

11. Automated processing and profiling

We may use limited automated processing (including profiling) to:

  • understand interests and improve our services,
  • tailor training levels/programs or website content.

This will not produce legal effects or similarly significant effects for you.

12. International data transfers (outside the EEA)

Some of our service providers may process data outside the European Economic Area (EEA).

If data is transferred outside the EEA, we use appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, and/or
  • other lawful transfer mechanisms (e.g., adequacy decisions where applicable).

You can ask us for more information about the safeguards used.

13. Users from the UK and non-EU countries (informational)

  • UK: If you are in the UK, UK GDPR and UK e-privacy rules may apply. We aim to apply GDPR-level protections as a baseline.
  • USA and other countries: Local privacy laws may grant additional rights. If/when we actively target those markets at scale, we may publish a country/state-specific addendum.

Cookie Policy (Edukey)

This Cookie Policy applies to https://edukey.ai and https://www.edukey.pl (“Website”).

Cookies and similar technologies store or access information on your device.
Some cookies are necessary for the website to function; others are used for analytics and marketing.

1. What information do we collect automatically?

The Website may collect:

  • IP address,
  • domain name,
  • browser type,
  • operating system type,
  • identifiers and events related to website usage.

We collect this via cookies and similar technologies and tools such as (currently or potentially):
Google Analytics, Google Ads, Sentry, PostHog (EU hosting where configured), Linkedin, and similar tools.

2. What cookies do we use?

A) Strictly necessary cookies

Required for basic functionality and security (e.g., session management, security controls).
These do not require consent where they are strictly necessary for the service you request.

B) Preferences / functional cookies

Remember your settings (e.g., light or dark theme).
May require consent depending on implementation and local rules.

C) Analytics / performance cookies

Help us understand how the Website is used and improve it (e.g., page views, events).
These require opt-in consent in the EU/EEA and UK.

D) Marketing / advertising cookies

Used to measure ads and show relevant advertising (e.g., Google Ads).
These require opt-in consent.

3. How do we obtain and manage cookie consent?

When you first visit the Website (and periodically afterwards), we display a cookie banner that allows you to:

  • accept all cookies,
  • reject non-essential cookies,
  • customize preferences by category.

You can change your choices at any time using the cookie settings link/button available on the Website (e.g., “Cookie Settings”) or by clearing cookies in your browser.

4. Third-party services and social media

Third-party platforms (e.g., social networks) may collect information when you interact with their embedded content or buttons. These third parties act as separate controllers for their own processing. Please review their privacy notices.

5. How to disable cookies in your browser?

You can also control cookies through your browser settings. Below are typical paths (names may vary by version):

  • Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Chrome: Settings → Privacy and security → Third-party cookies / Site data
  • Microsoft Edge: Settings → Cookies and site permissions
  • Safari: Settings → Privacy

Note: Disabling cookies may affect website functionality (e.g., login/session features).

6. Contact

If you have questions about cookies, contact us:
[email protected] or [email protected] | ul. Łąkowa 7B, 90-562 Łódź, Poland