Privacy Policy

Date of last update: 23.08.2023r.

GDPR notice

  1. The controller of your personal data is ViralTalk sp. z o.o., with its registered seat in Toruń, 14 Astrowa street, 87-100 Toruń, Poland, NIP tax ID no.: 521-391-23-93, KRS registry no.: 0000869027, share capital PLN 10,150.00.
  2. If you have any questions, concerns or requests related to the processing of your data, please contact us at:
  3. We process your personal data for the following purposes:
    1. to provide website functionality and facilitate the use of our websites ( and any other connected or otherwise related digital media (including the mobile site or mobile app) (Article 6 section (1) letters (b) and (f) GDPR); you’ll find more details on the use of cookies and server logs at the end of this document,
    2. to perform contracts entered with, or to take action prior to entering into such a contract at the request of a data subject (Article 6 section (1) letters (b) and (f) GDPR),
    3. where applicable, to carry out billing, accounting and financial reporting activities (Article 6 section (1) letters (c) and (f) GDPR),
    4. to carry out obligations under the law, in particular telecommunications law and the law on provision of electronic services (Article 6 section (1) letter (c) GDPR),
    5. to realize the controller's legitimate interest in marketing products and services (Article 6 section (1) letter (f) GDPR),
    6. for the purposes indicated in the contents for the processing of personal data - where such specific consents were given (Article 6 section (1) letter (a) GDPR).
    7. We also process personal data in connection with the realization of the controller's other legitimate interests, based on Article 6 section (1) letter (f) GDPR: to establish, assert and defend claims, and for statistical purposes related to improving work efficiency and service quality and to adapting them to recipients, as well as to handle correspondence and commercial inquiries.
  4. As a rule, we process the data you provide voluntarily. If you did not provide us with your data, the source of your data is the entity that had your consent to provide it to the controller, or another valid legal basis.
    1. Personal data obtained in this way includes data necessary to carry out activities justified by the purpose of the processing and its legal basis indicated above, including marketing activities (typically this includes name, surname, e-mail address, telephone number or mailing address, business information, including relevant identification numbers, information about the use of our resources, etc.).
    2. An example of us processing your data is us using the e-mail address you’ve provided to contact you and communicate with you in matters regarding our service and performance of contracts. For such activities no additional consent from you is required. However, by granting such additional consent (on an opt-in basis), you may accordingly enable us to use that address for further activities, such as: sending you additional notifications or approaching you in matters exceeding the above-mentioned scope, including marketing information.
    3. A special case of data collection is the acquisition by us of your data directly from the TikTok website on your instructions: verifying your user account, linking it to your business account on the TikTok website and accessing the data associated with that business account, to the extent necessary for the proper provision of services to you and performance of the agreement concluded between us (in the basic scope: the identifier of your business account on the TikTok website and the data assigned to that account, including authorization data and transmission data for transactions).
  5. Your personal data may be transferred outside the European Economic Area (hereinafter: EEA). Considering the services provided by the controller's contractors in carrying out support for ICT services and IT infrastructure, the controller may outsource certain activities or tasks to reputable contractors operating outside the EEA. This may result in the transfer of your data outside the EEA. The controller shall ensure that such transfers are limited to countries which, in accordance with the decision of the European Commission, provide an adequate level of protection, or to cases in which the Controller has provided adequate safeguards - e.g. in the form of implementing standard contractual clauses adopted by the European Commission by way of agreement with data recipients (Article 46 section (2) letter (c) GDPR). By doing so, the controller ensures that your data is secured in accordance with the principles provided for in Chapter V of the GDPR. You may request further information about the safeguards in place in this regard, obtain a copy of these safeguards and information on where they can be accessed by approaching the contact point provided above.
  6. Recipients of your personal data may be:
    1. Suppliers and contractors of the controller.
    2. Sales platforms and payment operators.
    3. Entities conducting marketing activities.
    4. Entities that provide IT services or IT solutions.
    5. Entities that archive and destroy documents (in the case of paper documents related to the fulfilment of processing purposes).
    6. Entities providing courier and postal services (in the case of correspondence related to the fulfilment of processing purposes).
  7. The data shall be stored for no longer than the longest permissible retention period, subject to the following:
    1. Data processed for the purpose of entering into and performing a contract shall be kept no longer than until the necessity of their storage for entering into and performing such a contract ceases to exist.
    2. Data processed on the basis of consent obtained shall be kept no longer than until the necessity of their storage for the purpose covered by that consent ceases to exist, and in any event - no longer than until the effective withdrawal of the consent granted.
    3. Data processed on the basis of realizing legitimate interests shall be kept no longer than until the necessity of their storage for realizing the particular purpose justifying their processing ceases to exist, and in each case - no longer than until an objection to such processing is raised and made effective. In the area of establishing, asserting and defending claims, that period is generally based on the provisions of generally applicable law (limitation periods for claims). In other areas, the period will be based on considerations determining the necessity of such processing (in the field of IT analytics and security: typically for a period of one year), but not excluding indefinite retention periods if the purpose of processing remains indefinitely valid.
    4. Data processed for the purpose of fulfilling legal obligations are kept for no longer than periods instrumental for the proper discharge of those obligations. Such periods typically arise directly from the relevant legal regulations (e.g., the statute of limitations for tax debts), including regulations governing the periods of mandatory record retention and the admissibility of inspections by the competent authorities.
  8. In particular, you are entitled to the following rights:
    1. The data subject has the right to request from the controller access to, rectification, erasure or restriction of processing of personal data concerning the data subject, as well as the right to data portability.
    2. The data subject also has the right to lodge a complaint with a supervisory authority. The competent supervisory authority in the Republic of Poland is the President of the Office for Personal Data Protection.
    3. Withdrawal of consent: if the processing is based on a person's consent, that person has the right to withdraw that consent at any time without affecting the legality of the processing carried out on the basis of that consent before its withdrawal.
    4. Right to object: the data subject has the right to object at any time - on grounds relating to the data subject’s particular situation - to the processing of personal data based on Article 6 section (1) letter (f) GDPR (including any profiling). The controller shall no longer be allowed to process such personal data unless the controller demonstrates the existence of compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for establishing, asserting or defending claims. If personal data are processed for the purposes of direct marketing, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, including profiling, to the extent that the processing is related to such direct marketing. If the data subject raises an objection to processing for direct marketing purposes, the personal data may no longer be processed for such purposes.
  9. The provision of personal data processed for the purposes described above is neither a statutory requirement, nor a contractual requirement, nor a condition for entering into a contract (with a provision for the necessity of providing us with data necessary for the proper conclusion and settlement of contracts concluded, and the instruction to provide us with data from the TikTok service necessary for the conclusion and performance of contracts for certain services). The data subject is not obliged to provide any such data. However, the possible consequence of a failure to provide it - depending on the circumstances, including the contract being concluded, e.g. while making an order - may be, among other things, the inability to conclude or perform a specific contract.
  10. Your data will not be subject to automated decision-making resulting in significant legal effects or similarly significant impact.


This service collects in an automatic manner information contained in cookie files only. The operator of this service informs that cookie files (so-called "cookies") are IT data, in particular text files, which are stored in the user's terminal device. Cookies usually contain the name of the website they come from, the time they are to be stored on the terminal device and a unique number. Cookies are used for:

  • adapting the content of the service's websites to the user's preferences and optimizing the use of the websites; in particular, these files allow for recognition of the service user's device and appropriate display of the website, adjusted to individual preferences of the user;
  • creating statistics that help to understand how the users of the service use its websites, which allows to improve their structure and content;
  • maintaining the user session for the service;

The service uses the following types of cookies:

  • "necessary" cookies to enable the use of available services, such as authentication cookies used for services that require authentication, or security cookies, such as those used to detect authentication abuse regarding the service.
  • "performance" or "statistical" cookies, which enable the collection of information about the use of the service’s pages.
  • "marketing" cookies, allowing to provide users with advertising content more tailored to their interests. These are files that record a unique user identifier to identify the device returning to the site. The ID is used to deliver profiled ads.

Web browsers (the service user’s software) by default allow the storage of cookies on the end device. The service’s user can always change the browser settings that determine the use of cookies. Restricting the use of cookies may affect the functionality of the service. Cookies placed in the service user’s terminal device may also be used by advertisers and partners cooperating with the service operator. The operator of the service informs that the entity responsible for placing cookies on the service user's terminal device and at the same time having access to them is their controller. The controller informs that information on how to use cookies is available in the relevant software settings (web browser). More information about cookies is available in the "help" section of the browser menu.

Any user who does not consent to the use of cookies is obliged to modify the settings of the web browser. Configuring the system to allow the use of cookies implies consent for the controller to store the information referred to above, in accordance with Article 173 section 2 of the Act of July the 16 th 2004, Telecommunications Law (Journal of Laws of 2017, item 1907, as amended). Instructions for changing settings are available at:

  • Chrome
  • Firefox
  • Internet Explorer
  • Opera
  • Safari

Server logs

  • Use of the site involves sending requests to the server on which the site is stored.
  • Every request made to the server is recorded in the server logs. The logs include, among other things, the user's IP address, the timestamp of the server, information about the Internet browser and the operating system of the user.
  • Logs are saved and stored on the server.
  • Data recorded in server logs are not associated with specific individuals using the site and are not used by the controller to identify a user.
  • Server logs are only auxiliary material for the administration of the site, and their contents are not disclosed to anyone except those authorized to administer the server.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited (below: Google). Google Analytics uses cookies. The information generated by the cookie about your use of this site is usually sent to a Google server in the US and stored there. However, due to the activation of IP anonymization on these pages, your IP address will be truncated in advance by Google in member states of the European Union or other countries party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website traffic and Internet usage to the website operator. The IP address provided by Google Analytics will not be merged with other data held by Google.

The purpose of data processing is to evaluate website usage and compile reports on website activities. Based on website and Internet usage, other related services will be provided. The processing is based on the legitimate interest of the website operator.

Google Analytics collects data on IP addresses, network location, date of visit, operating system, browser type. You can prevent cookies from being stored by using the appropriate setting on your browser software; however, please note that if you do so, you may not be able to use all the features of this site to the fullest extent possible.

In addition, you can prevent Google from collecting data generated by cookies and data related to your use of the website (including your IP address), as well as the processing of such data by Google, by downloading and installing the browser plug-in available at the following link: Browser Add On to disable Google Analytics. In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our sites by clicking this link. An opt-out cookie will be installed on your device. This will prevent Google Analytics from collecting this site and this browser in the future, as long as the cookie remains installed on your browser.