Privacy Policy

Welcome to Hamila Data Engineering's Privacy Notice. At Hamila Data Engineering, we respect your privacy and are committed to protecting your personal data. This Privacy Policy is intended to provide you with information on how we collect and process your personal data when you visit our website, regardless of your location. It also outlines your privacy rights and how we comply with data protection laws.

Please refer to the Glossary section for definitions of terms used in this Privacy Policy.

 1. Important Information and Who We Are

Purpose of this Privacy Notice: This Privacy Notice is designed to inform you about how Hamila Data Engineering collects and processes your personal data when you use our website, sign up for newsletters or mailing lists, purchase services, or engage in conversations with us.Our website is not intended for children, and we do not knowingly collect data from children under the age of 16.

Complementary Notices: This Privacy Notice should be read in conjunction with any other privacy or fair processing notices that we may provide on specific occasions when we collect or process personal data. This policy supplements other notices and is not intended to override them.

Acceptance of Privacy Policy: By purchasing our services, submitting personal data via our website, or filling out any forms, you acknowledge that you have read and accept this Privacy Policy. If you do not agree with the terms set out here, please discontinue use of our services and website immediately.

Controller: Hamila Data Engineering is the controller and responsible for your personal data.In this Privacy Notice, the terms “Hamila Data Engineering,” “we,” “us,” or “our” refer to Hamila Data Engineering as the legal entity.

Data Privacy Manager: We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions related to this Privacy Notice. If you have any questions or wish to exercise your data protection rights, please contact us using the details below:

  • Full Name of Legal Entity: Hamila Data Engineering
  • Email Address: hello@hamila.agency
  • Postal Address: 00-867, Al. Jana Pawła II 27, Warsaw, Poland
  • Data Protection Officer: Ievgen Bokhan
  • VAT ID: PL5272956821 

Changes to the Privacy Notice: We may update this Privacy Notice occasionally. Updated versions will be posted on our website with the effective date clearly indicated. You are responsible for ensuring your personal data is accurate and up to date. Please notify us of any changes during our relationship.

Third-Party Links: Our website may include links to third-party websites, plug-ins, and applications. Clicking on such links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. We encourage you to read the privacy notices of every website you visit when leaving ours.

2. The Data We Collect About You

“Personal data” or “personal information” means any information that can directly or indirectly identify an individual. It does not include data that has been anonymized (anonymous data).

We may collect, use, store, and transfer different kinds of personal data about you, which we group as follows:

  • Identity Data: Includes your first name and last name.
  • Contact Data: Includes your email address and telephone numbers.
  • Billing and Payment Data: Includes your billing address, shipping address, payment method, and purchase history.
  • Technical Data: Includes your internet protocol (IP) address, time zone, browser type and version, language settings, operating system, and other technical identifiers.
  • Usage Data: Includes information about how you use our website, pages viewed, actions taken (e.g., clicks), session durations, and referral sources.
  • Marketing and Communications Data: Includes your preferences in receiving marketing from us and our third-party platforms (e.g., Meta, Google, TikTok), your communication preferences, company name, position/title, domain, social profiles, and avatar images.
  • Device and Analytics Data: Includes device type, screen resolution, session events, scrolls, interactions (via tools such as Google Analytics, Clarity, TikTok Pixel, Meta Events Manager, Microsoft Advertising).

We may also collect, use, and share Aggregated Data for research and analytics. Aggregated Data is not considered personal data under law as it does not directly or indirectly reveal your identity. If we combine Aggregated Data with personal data, we treat the combined data as personal.

We do not collect any Special Categories of Personal Data, such as race, ethnicity, political views, religion, genetic data, or health information. Nor do we collect any data regarding criminal convictions or offenses.

❗ Important to Know

If we are required by law or contract to collect personal data and you do not provide it when requested, we may not be able to provide the service or enter into a contract. In such cases, we may need to cancel a service, but we will notify you if this applies.

3. How Your Personal Data Is Collected

We collect data from and about you using a variety of methods, depending on how you interact with our website and services:

Direct Interactions: You may provide personal data directly by:

  • Filling out contact or newsletter subscription forms
  • Requesting our services or consultations
  • Communicating with us via email, phone, or social media
  • Providing feedback or leaving reviews
  • Participating in surveys or marketing events

Automated Technologies or Interactions: As you interact with our website, we automatically collect Technical Data and Usage Data using technologies such as:

  • Cookies
  • Server logs
  • Pixels
  • Session recordings
  • JavaScript trackers

Analytics and Marketing Technologies: We use analytics and marketing technologies, including but not limited to Google Analytics and remarketing tools, to enhance our services and target marketing efforts. You can manage your preferences for these technologies, including opting out, using relevant browser add-ons or settings.

These data points help us understand how visitors use our site, improve usability, and optimize performance.

Examples of tools that collect this data include:

  • Google Analytics 4
  • Microsoft Clarity
  • Meta Pixel
  • TikTok Pixel
  • Google Tag Manager

This data may include: pages visited, mouse movements, time on site, device and browser info, and scroll behavior.

Third-Party Tracking and Advertising Platforms: We may also collect data through third-party platforms used for advertising and analytics, including but not limited to:

  • Meta (Facebook/Instagram)
  • Google Ads and Google Marketing Platform
  • TikTok for Business
  • Microsoft (Bing) Ads
  • Reddit, Quora, Outbrain

These tools may collect data such as device type, IP address, user actions (clicks, scrolls), purchase data, or advertising identifiers (e.g., GAID, IDFA).

Third-Party Services We Use: We may also collect or organize your data through third-party services we use to deliver, manage, or support our operations, such as:

  • Stripe – for secure online payments and invoicing
  • CookieBot – for cookie consent and tracker control
  • Microsoft Clarity – for behavior analysis and session recordings
  • Monday.com CRM – for managing communication, client data, and project workflows
  • Sentry / Datadog – for application monitoring and diagnostics

These platforms help us store, secure, and manage personal data responsibly in line with GDPR.

4. How We Use Your Personal Data

We will only use your personal data when legally permitted. Most commonly, we use your personal data for the following purposes:

  • Provide and manage the services or consultations you request
  • Register you as a new customer
  • Process your payments and send invoices
  • Respond to inquiries or support requests
  • Send service updates or administrative communications
  • Manage projects, clients, and workflows (via our CRM platform)
  • Personalize your experience on our website
  • Improve our website performance and content
  • Deliver targeted advertisements or remarketing
  • Conduct data analytics for business insights
  • Comply with our legal and regulatory obligations

    • Marketing and Communications: We may use your personal data to send you relevant marketing communications based on your preferences. This includes email newsletters, retargeted ads, or remarketing campaigns.

    We only send direct marketing based on your consent, which you may withdraw at any time by contacting us or using the unsubscribe link in our emails.

    Change of Purpose: We will only use your data for the purposes for which we collected it, unless we reasonably determine that we need to use it for another purpose that is compatible with the original. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis.

    5. Disclosures of Your Personal Data

    We may share your personal data with trusted third parties, but only when necessary and always under conditions that comply with the General Data Protection Regulation (GDPR).

    We disclose your personal data in the following cases:

    • Payment processing – Stripe
    • Analytics – Google Analytics 4, Meta Events Manager, Microsoft Clarity
    • Advertising – Meta Pixel, TikTok Pixel, Microsoft Ads, Google Ads, Quora, Reddit, Outbrain
    • Website performance & CDN – Cloudflare
    • CRM and project management – Monday.com
    • Hosting infrastructure – Ukraine.com.ua (uses AWS cloud servers)
    • Cookie consent management – CookieBot
    • Monitoring & diagnostics – Sentry, Datadog

    All third-party service providers are contractually obligated to:

    • Use your personal data only for specified purposes
    • Process it in accordance with our instructions
    • Comply with applicable data protection laws
    • Implement appropriate security measures

    Business Transfers: If we undergo a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred to a successor entity. If this occurs, we will ensure that the new entity continues to respect this Privacy Policy.

    Legal and Regulatory Obligations: We may disclose your personal data if required to do so by:

    • Law enforcement authorities
    • Regulatory bodies
    • Tax authorities
    • Courts or legal proceedings

    Such disclosures will only occur when we are legally obligated to do so.

    We do not sell or rent your personal data to any third parties. We also do not allow third-party services to use your personal data for their own purposes without your explicit consent.

    6. Data Security

    We have implemented appropriate security measures to prevent unauthorized access, use, alteration, or disclosure of your personal data. Access to your personal data is limited to employees, agents, contractors, and third parties with a legitimate business need to know. These parties process your personal data on our instructions and are subject to a duty of confidentiality.

    These measures include, but are not limited to:

    • SSL encryption on all public-facing pages and forms
    • reCAPTCHA implementation to protect against bots and spam
    • Two-Factor Authentication (2FA) for all admin and hosting platforms
    • Role-based access controls, limiting who can access personal data
    • Data monitoring and diagnostics via Sentry and Datadog
    • Secure cloud infrastructure, hosted on Amazon Web Services (AWS) via Ukraine.com.ua, ensuring data is protected by advanced physical and virtual safeguards

    We have procedures in place to handle suspected personal data breaches and will notify you and any relevant regulator of a breach if required by law.

    Data Breach Response: Although we take data protection seriously, in the unlikely event of a personal data breach, we will:

    • Assess the scope and risk
    • Notify the relevant supervisory authority within 72 hours if required
    • Notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms

    We maintain an internal data incident response procedure in line with GDPR Article 33 and 34.

    7. Data Retention

    We will retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including compliance with legal, accounting, or reporting requirements. Typically, we retain data for a period of five (5) years.

    To determine the appropriate retention period, we consider the nature and sensitivity of the personal data, potential risks, purposes of processing, and applicable legal requirements. By law, we must keep basic customer information for five years after the customer relationship ends for tax purposes.

    We may anonymize your personal data for research or statistical purposes, in which case it may be used indefinitely without further notice to you.

    8. Your Legal Rights

    Under the General Data Protection Regulation (GDPR), you have specific rights regarding your personal data. These rights are subject to certain conditions and limitations under applicable laws.

    You have the right to:

    Access Your Data: Request a copy of the personal data we hold about you, and confirm how we process it (Article 15 GDPR).

    Rectify Inaccurate Data: Request that we correct or complete your personal data if it is inaccurate or incomplete (Article 16 GDPR).

    Request Erasure ("Right to Be Forgotten"): Ask us to delete your personal data in specific situations—for example, when the data is no longer needed or you withdraw consent (Article 17 GDPR).

    Restrict Processing: Request that we temporarily suspend the processing of your data (e.g., while accuracy is being verified) (Article 18 GDPR).

    Object to Processing: Object to our processing of your personal data where we rely on a legitimate interest, including for profiling or direct marketing (Article 21 GDPR).

    Withdraw Consent: Where our processing is based on your consent, you may withdraw it at any time. This will not affect any processing already carried out prior to the withdrawal (Article 7 GDPR).

    Data Portability: Request to receive your personal data in a structured, commonly used, and machine-readable format, and transfer it to another controller where technically feasible (Article 20 GDPR).

    Lodge a Complaint: You have the right to file a complaint with your local data protection authority if you believe we have violated your data protection rights.

    To exercise your rights, please contact us using the contact details provided in Section 1. We aim to respond to all legitimate requests within one month, but it may take longer if the request is complex or if you have made multiple requests.

    9. Cookies

    Our website uses cookies to enhance your browsing experience and improve our website. Cookies are small files of letters and numbers stored on your browser or computer's hard drive.

    Types of Cookies We Use: We use the following categories of cookies:

    • Strictly Necessary Cookies: Required for basic website functionality and security
    • Performance Cookies: Collect anonymous information on how users interact with the site (e.g., Google Analytics, Microsoft Clarity)
    • Functional Cookies: Enable additional features and personalization
    • Marketing Cookies: Track visitors across websites to deliver relevant advertising (e.g., Meta Pixel, TikTok Pixel, Microsoft Ads, Google Ads)

    Consent and Control: On your first visit to our website, you are presented with a cookie banner powered by CookieBot, which allows you to:

    • Accept all cookies
    • Customize your cookie preferences
    • Reject non-essential cookies

    You can update your preferences at any time using the “Cookie Settings” link in the footer of our site.

    Managing Cookies via Browser: Most browsers allow you to control cookies through their settings. You can usually:

    • Delete existing cookies
    • Block third-party cookies
    • Set your browser to notify you when a cookie is being placed

    Please note that disabling cookies may impact certain functionalities of our website.

    For more information about our use of cookies, including how to manage or disable them, please refer to our Cookies Policy.

    10. Glossary

    In this Privacy Policy, the following terms have specific meanings:

    • Consent: The freely given, specific, informed, and unambiguous indication of your wishes by which you signify agreement to the processing of personal data.
    • Controller: The person or organization that determines the purposes and means of the processing of personal data. In this case, Hamila Data Engineering is the controller.
    • Data Subject: A natural person whose personal data is collected, held, or processed.
    • DPO (Data Protection Officer): A person formally appointed to ensure an organization processes personal data in compliance with GDPR.
    • EEA (European Economic Area): Includes EU member states plus Iceland, Liechtenstein, and Norway.
    • GDPR: The General Data Protection Regulation (EU) 2016/679, a binding regulation that governs data privacy and protection in the EU and EEA.
    • Lawful Basis: The legal justification for processing personal data under Article 6 of GDPR (e.g., consent, contract, legal obligation, legitimate interest).
    • Personal Data: Any information relating to an identified or identifiable natural person (data subject), such as name, email, phone number, or IP address.
    • Processing: Any operation performed on personal data — including collection, storage, use, transfer, or deletion.
    • Processor: A third-party service or provider who processes data on behalf of the controller and under their instructions.
    • Special Categories of Personal Data: Sensitive personal data, such as health data, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, or data concerning sexual orientation. We do not process this type of data.
    • Trackers: Cookies, pixels, tags, or similar technologies used to collect and store data about user behavior.

    If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at hello@hamila.agency or by mail at 00-867, Al. Jana Pawła II 27, Warsaw, Poland.

    If you believe that we have not properly respected your data protection rights or have processed your personal data unlawfully, you have the right to lodge a complaint with a supervisory authority.

    The President of the Personal Data Protection Office (UODO)
    ul. Stawki 2, 00-193 Warsaw, Poland
    Website: https://uodo.gov.pl

    If you reside in another EU or EEA country, you may also contact your local supervisory authority.

    This Privacy Policy was last updated on 16.07.2025.