Aion Marketing · sub-brand of Aion Automation First 3–5 clients: −30% for 6 months of partnership · read the manifesto →vol. 01 · 2026 · en
Let's talk
//privacy policy

Privacy policy.

last updated · 2026-05-19

This translation is provided for convenience. The Polish version is legally binding.

In short: we never sell your data to anyone. We collect only what we need to reply to your message and run the website. The full details are below — and they are full, because we have to be (GDPR, Art. 13).

table of contents
  1. Who is the data controller
  2. What data we collect
  3. Why and on what legal basis
  4. Who we share data with
  5. Whether we transfer data outside the EEA
  6. How long we store data
  7. Your rights
  8. Voluntariness and consequences
  9. Automated decisions and profiling
  10. Cookies and similar technologies
  11. Changes to this policy

1. Who is the data controller

The controller of your personal data is Aion Automation Andrzej Niemiec, with its registered office at Siemiechów 264, 33-181 Siemiechów, Poland, tax ID (NIP) 8733298270 (hereinafter: "we", "the Controller", "Aion Marketing").

Contact regarding data processing:

We have not appointed a Data Protection Officer (DPO), because the scale and nature of the processing do not require it under Art. 37 GDPR. You can write directly to the addresses above.

2. What data we collect

We collect only the data you provide to us yourself, plus the minimum technical data needed to run the website:

  • From contact forms / e-mail / phone — first name, company name, e-mail address, phone number, message content.
  • From agreements and invoices (if you become our client) — full company details (tax ID/NIP, REGON, registered address), details of contact persons on your side.
  • Technical data — IP address, device and browser type, visit time (from server logs), information transmitted via cookies (see point 10).
  • Communication records — the content of exchanged messages, notes from calls (with your knowledge).

We do not knowingly collect so-called special categories of data (Art. 9 GDPR — health, political opinions, biometric data, etc.). If you accidentally include them in a message, we will delete them at the earliest opportunity.

3. Why and on what legal basis

We process your data for the following purposes, in each case indicating the legal basis under the GDPR:

purposewhich datalegal basis
Responding to an enquiry from a form, e-mail, phonename, contact details, message contentArt. 6(1)(b) GDPR (steps prior to entering into a contract) or (f) (legitimate interest — contact with a person who has reached out to us)
Conclusion and performance of a service agreementcompany details, contact persons, scope of servicesArt. 6(1)(b) GDPR
Issuing invoices, accounting, taxescompany details, invoicing dataArt. 6(1)(c) GDPR (legal obligation — the Tax Ordinance, the Accounting Act, the VAT Act)
Establishing, pursuing or defending claimsdata from agreements and correspondenceArt. 6(1)(f) GDPR (legitimate interest of the Controller)
Website analytics (if you give consent)technical data, cookie dataArt. 6(1)(a) GDPR (consent — managed via the cookie banner)
Website security (server logs, rate limiting)IP, timestamps, request pathsArt. 6(1)(f) GDPR
Marketing of our own services to existing clientse-mail, contact detailsArt. 6(1)(f) GDPR (legitimate interest — direct marketing); the recipient may object at any time

4. Who we share data with

We never sell data. We share it only with:

  • Subprocessors who provide technical services to us — under data processing agreements (Art. 28 GDPR), to the extent necessary for operation:
    • the hosting and server infrastructure provider,
    • the e-mail and transactional mail provider (e.g. the mailbox operator),
    • the analytics tools provider (if we use them — see point 10),
    • the accounting office / accountant,
    • the provider of CRM, calendar and messaging tools (Slack/Meet/Zoom — if we arrange a call).
  • State authorities — where the obligation arises from the law (e.g. the tax office, courts, the public prosecutor, law enforcement).
  • Advisers — a law firm or tax adviser in the event of a dispute or audit, subject to professional confidentiality.

5. Whether we transfer data outside the EEA

We try to use providers from the European Economic Area (EEA). If we use providers from outside the EEA (e.g. some cloud tools from the USA), we ensure an adequate level of protection through:

  • adequacy decisions of the European Commission (where available — e.g. the EU–US Data Privacy Framework),
  • Standard Contractual Clauses (SCC) approved by the European Commission,
  • additional technical and organisational measures, where the SCC are not sufficient.

The current list of subprocessors (with the location of servers) is available on request at biuro@aion-marketing.pl.

6. How long we store data

  • Correspondence without a concluded agreement — up to 12 months from the last contact, unless the recipient requests deletion earlier.
  • Data from agreements — for the term of the agreement and for the period of limitation of claims (usually 6 years for B2B, in accordance with the Civil Code).
  • Invoicing and accounting data — 5 years from the end of the year in which the tax obligation arose (the Tax Ordinance, the Accounting Act).
  • Data processed on the basis of consent — until consent is withdrawn, but no longer than the period for which consent was granted.
  • Server logs — up to 12 months, then anonymisation or deletion.
  • Cookie data — in accordance with the lifetime of the given cookie (see point 10).

7. Your rights

Under the GDPR you have the following rights:

  • Access to your data and to receive a copy of it (Art. 15 GDPR),
  • Rectification of inaccurate or incomplete data (Art. 16 GDPR),
  • Erasure of data ("right to be forgotten" — Art. 17 GDPR),
  • Restriction of processing (Art. 18 GDPR),
  • Data portability to another controller (Art. 20 GDPR — in respect of data processed by automated means on the basis of consent or a contract),
  • Objection to processing based on a legitimate interest (Art. 21 GDPR), including objection to direct marketing — we will act on it immediately,
  • Withdrawal of consent at any time, where consent is the basis for processing (Art. 7(3) GDPR) — withdrawal does not affect the lawfulness of processing carried out before the withdrawal,
  • Lodging a complaint with the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland (uodo.gov.pl), if you believe that we process your data unlawfully.

To exercise any of these rights, write to biuro@aion-marketing.pl. We respond without undue delay, no later than within 30 days.

8. Voluntariness and consequences

Providing data is voluntary. However, without certain data we will not be able to:

  • reply to your message (without an e-mail address or phone number we have nowhere to reply),
  • conclude an agreement and issue an invoice (this is not possible without full company details),
  • deliver the ordered service (without access credentials, content and contacts on your side).

9. Automated decisions and profiling

We do not take decisions about you by automated means within the meaning of Art. 22 GDPR, nor do we create behavioural profiles in order to take decisions producing legal effects. If we ever add such mechanisms (e.g. automated offer matching), we will update this policy well in advance.

10. Cookies and similar technologies

Cookies are small text files saved by your browser. We use them in three categories:

  • Essential (always on) — they maintain the basic operation of the website: remembering your cookie consent choice, protection against CSRF attacks, basic language preference. They do not require consent.
  • Analytics (require consent) — they help us understand how you use the site (which articles you read, how much time you spend) so that we can improve it. The data is usually aggregated and pseudonymised.
  • Marketing (require consent) — they let us measure the effectiveness of ads and — if we use retargeting — show you our content again on other websites. You can disable them at any time.

We store your choices locally in your browser. You can change them at any time — both withdraw consent (by clearing your browser data) and manage cookies in your browser settings (Chrome, Firefox, Safari — each browser has its own options for blocking and deleting cookies).

Current status: As at the date of the last update of this policy, no analytics or marketing tools requiring consent are active on the website. The banner appears preventively — so that you know we take care of your consent in advance. When we launch analytics (e.g. Plausible, Google Analytics 4) or advertising pixels, we will update the list below.

11. Changes to this policy

We update the policy when our processes or the law change. The current version is always available at this address; the date of the last update is shown at the top of the page. We will inform clients of any material changes by e-mail 14 days before the changes take effect.

Note: This document has been prepared on the basis of the GDPR and good industry practice. The content does not replace legal advice tailored to your individual situation. If you run a business in which data processing is on a larger scale or of a special nature, consult this policy with a legal adviser.