Privacy Policy

1. General Information

In order to ensure a high standard of communication, transparency of the online activities of Minerva Technology Sp. z o.o. (“Minerva Technology”), and compliance with applicable law, we present the principles governing our processing of information concerning you (both personal data and information not subject to personal data protection rules) through our website available at www.useminerva.com (the “Website”). The controller of personal data is Minerva Technology Sp. z o.o. with its registered office in Poznań at ul. Szelągowska 24, entered in the Register of Entrepreneurs of the National Court Register (KRS) kept by the District Court Poznań - Nowe Miasto i Wilda in Poznań, 8th Commercial Division of the National Court Register, under number 0001149370, NIP (Tax ID) 7812082658, REGON 540649685 (the “Controller” or “Minerva”). This Privacy Policy describes how Minerva operates as the administrator of the Website with respect to the technologies used, including cookies (which are described in more detail in the separate Cookies Policy of Minerva Technology sp. z o.o.), and the processing of personal data of Website users. For matters relating to the protection of personal data, please contact the Controller at the following e-mail address: .

2. Scope of the Policy

This Policy applies exclusively to the processing of personal data related to the use of the Website. The rules governing the processing of personal data in connection with the provision of electronic services to clients are set out in separate documents, in particular the General Terms and Conditions of Service (“GTC”) and the agreements concluded with clients.

3. What Data Do We Process?

Depending on how you use the Website, we may process: Technical data − anonymous online identifiers of the Website user, − information about the device and logins (so-called system logs), which include data such as the date of the visit to the site and the IP address from which you connected to the Website, − Website traffic statistics (for example, we apply capping and count page views of our websites), − data on traffic to and from individual pages, − data and metadata of the web browser you use, − data stored in cookies. Collecting this information allows us to continuously improve our websites and make their use more comfortable. Based on this data, we can create reports on the performance of our websites and draw conclusions about your interest in particular content. However, we do not personalize the content displayed to you on our websites. At the same time, we emphasize that the data recorded in Minerva’s server logs is not associated with specific users and is not used to identify individual users, unless you decide to contact us, for example via the contact forms. Data provided voluntarily When a Website user makes use of the contact form, registers on the website or in the application, sends us their own materials, or submits a complaint regarding a specific service we provide electronically, your personal data reaches our servers and may sometimes be supplemented with data read from cookies. If you contact us via the contact form, e-mail, or other communication channels, we may process: − first and last name, − nickname, − name of the organization represented, − e-mail address, − correspondence address, − telephone number, − the content of the message, − other information provided voluntarily.

4. Purposes and Legal Bases of Processing

We process personal data on the basis of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), for the following purposes: 1) Contact and handling inquiries Legal basis: Art. 6(1)(f) GDPR – the Controller’s legitimate interest in conducting correspondence and handling requests; Art. 6(1)(b) GDPR – with respect to steps taken with a view to entering into a contract. 2) Conclusion and performance of a contract, in particular handling complaints and other requests relating to the services provided Legal basis: Art. 6(1)(b) GDPR. 3) Marketing of our own services Legal basis: Art. 6(1)(f) GDPR; the user’s consent, where required by law. 4) Analytics and development of the Website Legal basis: Art. 6(1)(f) GDPR. 5) Ensuring the security of the Website Legal basis: Art. 6(1)(f) GDPR. 6) Establishing, exercising, or defending legal claims Legal basis: Art. 6(1)(f) GDPR.

5. Cookies and Similar Technologies

The Website uses cookies and similar technologies for: − the proper functioning of the Website, − ensuring security, − traffic analysis, − measuring the effectiveness of marketing activities, − improving the functionality of the Website. Detailed information can be found in the Cookies Policy.

6. Tools Used by Minerva

In connection with the operation of the Website, Minerva may use the following categories of tools: − analytics tools, including Google Analytics, which enables the analysis of Website visit statistics, − marketing tools, including Google Tag Manager, which enables tag management and monitoring of online advertising campaigns, − cookie consent management tools, including Cookiebot, used to manage consent to the processing of data in cookies beyond those strictly necessary, − hosting and cloud services, − communication and e-mail services, − security and performance monitoring services. The scope of tools used may change as the Website develops.

7. Recipients of Data

In order to provide services at a high standard, Minerva uses subcontractors, for example for the technological maintenance of the Website or for handling communication with you. In specific cases, these entities may have access to the personal data we process. In such cases, Minerva entrusts these entities with the processing of your personal data in accordance with the security standards we have established. Personal data may be disclosed to entities providing services to the Controller, in particular: − hosting and IT infrastructure providers, − cloud service providers, − providers of analytics and marketing tools, − e-mail service providers, − CRM system providers, − law firms and advisors, − entities supporting the Controller in the area of IT systems security; these entities process data exclusively in accordance with the Controller’s instructions or as independent data controllers.

8. Transfers of Data Outside the European Economic Area

In connection with Minerva’s use of IT infrastructure providers, cloud services, analytics tools, communication systems, security services, and artificial intelligence technologies, personal data may be transferred outside the European Economic Area (“EEA”) or may be accessible from countries located outside the EEA. Data transfers may take place in particular to entities established or operating in the United States of America, the United Kingdom, or other countries where the data centers or personnel of the providers used by Minerva are located. Data transfers may occur, among other things, in connection with the use of: − hosting and cloud infrastructure services, − data storage services, − e-mail and electronic communication services, − analytics tools, − security monitoring systems, − tools using artificial intelligence technologies and large language models (LLMs). Where data is transferred outside the EEA, Minerva ensures an adequate level of personal data protection in accordance with the requirements of the GDPR, in particular by: 1. using providers covered by a European Commission decision confirming an adequate level of data protection, including, where applicable, entities participating in programs recognized by the European Commission as ensuring an adequate level of protection; 2. concluding Standard Contractual Clauses (SCC) approved by the European Commission; 3. implementing additional technical and organizational measures enhancing the level of data protection, such as data encryption, pseudonymization, access control, and limiting the scope of data transferred; 4. applying other mechanisms provided for by the GDPR, where available and appropriate to the nature of a given transfer. Minerva assesses the legitimacy and security of data transfers outside the EEA and works with providers who commit to ensuring an adequate level of personal data protection. Data subjects may obtain additional information about the safeguards applied to data transfers by contacting Minerva at: .

9. Profiling and Automated Decision-Making

The Controller does not make decisions concerning Website users based solely on automated processing of data that would produce legal effects concerning them or similarly significantly affect them.

10. Data Retention Period

Personal data is stored for the period necessary to achieve the purpose of its processing, and subsequently until: − the expiry of the limitation period for claims, − the expiry of obligations arising from legal provisions, − an effective objection is raised, − consent is withdrawn, where processing is based on consent.

11. Security Measures

The data collected by Minerva is processed and stored using security measures appropriate to the identified risk and compliant with the requirements of applicable law. For example, on websites where contact forms are used or where we offer the possibility of creating accounts and logging in, we use encrypted HTTPS protocols. At the same time, we wish to draw your attention to the risks arising from sharing your login credentials with third parties and from failing to log out of the websites after you have finished using them.

12. Rights of Data Subjects

You have the right to: − access your data, − rectify your data, − erase your data, − restrict processing, − data portability, − object to processing, − withdraw consent (where processing is based on consent), − lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych). Please send the above requests to .

13. Voluntary Provision of Data

Providing personal data is voluntary; however, in some cases it may be necessary to use certain functionalities of the Website, to receive a response to a submitted inquiry, or to conclude a contract.

14. Children’s Data

The Website is not intended for persons under 18 years of age. The Controller does not knowingly process children’s personal data. If you believe that such data has been provided without the knowledge of a parent or guardian, please contact us at , and the data will be deleted without delay.

15. Changes to the Privacy Policy

The Controller may update this Privacy Policy from time to time. The current version of the document is always available in the footer of the Website. Date of last update: 09.06.2026.