Privacy Policy
How we collect, use and protect your personal data.
Last updated: 24 February 2026
1. Data controller
The controller of your personal data is Breachroad, based in Rabka-Zdrój (ul. Zakopiańska 56, 34-700 Rabka-Zdrój, Poland). For data protection matters you can contact us at [email protected].
2. What data we collect
We process the data you provide directly — for example by filling in the contact form, subscribing to the newsletter or getting in touch about an engagement. This may include:
- Name and work email address
- Company name and contact details
- The content of your enquiry and correspondence history
- Technical data (e.g. IP address, browser data) collected automatically
3. Purposes and legal bases
We process data for the following purposes:
- Responding to your enquiry and preparing a quote (Art. 6(1)(b) GDPR)
- Delivering services under a concluded contract
- Sending the newsletter based on your consent (Art. 6(1)(a) GDPR)
- Pursuing the controller's legitimate interests (Art. 6(1)(f) GDPR)
4. Sharing data
We do not sell your data. We may entrust it to trusted processors (e.g. a hosting provider or an email tool) under data processing agreements, and disclose it to authorised authorities where required by law.
5. Retention period
We keep data for as long as necessary to achieve the purpose for which it was collected — for the duration of the engagement, the validity of a consent, or until the expiry of statutory time limits. Data from delivered test projects is deleted as agreed in the contract.
6. Data security
As a cybersecurity company we apply appropriate technical and organisational measures protecting data against unauthorised access, modification or loss — including encryption, access control and regular security reviews.
7. Cookies
We use cookies to ensure the site works correctly and to analyse traffic. You can manage cookie preferences in your browser settings and via the consent banner shown on your first visit.
8. Your rights
In connection with the processing of your data you have the following rights:
Access & portability
You can obtain a copy of your data in a structured format.
Rectification
You can request correction of outdated or incorrect data.
Erasure
You can request deletion of your data ("the right to be forgotten").
Objection & withdrawal of consent
You can unsubscribe from the newsletter or object at any time.
You also have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO).
9. External links
Our site may contain links to external websites. We are not responsible for their privacy practices — we encourage you to review their policies before providing any data.
10. Changes to this policy
We may update this policy periodically. We announce changes by publishing the new version on this page together with the update date.
11. Contact
For matters relating to the processing of personal data, contact us: