Last updated: May 6, 2026
‍
This Privacy Policy describes how Selleris Sp. z o.o. ("Selleris," "we," "us," "our") collects, uses, and shares personal information when you visit our website selleris.com or interact with our services. It is intended to comply with the EU General Data Protection Regulation (GDPR), the Polish Personal Data Protection Act, and applicable U.S. state privacy laws (including the California Consumer Privacy Act / CPRA).

1. Data Controller

‍Selleris Sp. z o.o. Warsaw 02-222, al. Jerozolimskie 181, Poland
KRS: 0000690620
NIP: 7010709991
REGON: 368051966
Email: privacy@selleris.com

2. Personal Information We Collect

We collect the following categories of personal information:
- Identifiers: name, email address, phone number, company name, job title, country.
- Communications: the content of messages you send via web forms, email, chat, scheduled calls, or LinkedIn.
- Commercial information: records of services requested, proposals, contracts, and invoicing data.
- Technical data: IP address, browser type and version, operating system, device identifiers, referring URL, pages visited, and timestamps.
- Marketing data: preferences and consent status for newsletters or other marketing communications.

We collect this information directly from you when you fill out a form, contact us, or engage our services. Technical data is collected automatically through cookies and similar technologies. In some cases we may obtain business contact details from publicly available sources or B2B data providers.

3. Purposes and Legal Bases for Processing

3.1 (GDPR)Responding to inquiries and delivering requested services: Performance of a contract / pre-contractual steps — Art. 6(1)(b)
3.2 Managing client relationships and project delivery: Performance of a contract — Art. 6(1)(b)
3.3 B2B marketing, outreach, and prospecting: Legitimate interest in promoting our services — Art. 6(1)(f)
3.4 Sending newsletters and marketing emails to subscribers: Consent — Art. 6(1)(a)
3.5 Website operation, security, and analytics: Legitimate interest — Art. 6(1)(f)
3.6 Tax, accounting, and other legal obligations: Legal obligation — Art. 6(1)(c)
3.7 Establishing, exercising, or defending legal claims: Legitimate interest — Art. 6(1)(f)

4. Sharing of Personal Information

We disclose personal information only to the following categories of recipients:
- Service providers (processors) — hosting, email, CRM, analytics, communication, and infrastructure providers acting on our instructions (including but not limited to Microsoft, HubSpot, and Bitrix24).
- Professional advisors — accountants, auditors, and legal counsel where reasonably necessary.
- Public authorities — when required by law, court order, or to protect our legal rights.

‍We do not sell personal information, and we do not "share" personal information for cross-context behavioral advertising as those terms are defined under U.S. state privacy laws (including the CCPA/CPRA).

5. International Data Transfers

Some of our service providers are located outside the European Economic Area, including in the United States. When personal data is transferred outside the EEA, we rely on appropriate safeguards under GDPR Articles 45–46, such as adequacy decisions, Standard Contractual Clauses (SCCs), or the EU–U.S. Data Privacy Framework. A copy of the relevant safeguards can be obtained by contacting us at the address above.

6. Retention

We retain personal information only for as long as necessary for the purposes described above:
- Inquiry / prospect data: up to 3 years from the last contact.
- Client data: for the duration of the contract plus the retention period required by tax and accounting law (typically 5 years from the end of the fiscal year).
- Marketing data: until consent is withdrawn or the contact opts out.
- Website analytics: up to 26 months.After these periods, data is deleted or anonymized, except where longer retention is required by law or to defend legal claims.
‍
7. Your Rights

7.1 If you are in the EEA, the UK, or Switzerland (including Poland)Under the GDPR, you have the right to:
- access your personal data;
- request rectification of inaccurate data;
- request erasure ("right to be forgotten");
- request restriction of processing;
- object to processing based on legitimate interests, including direct marketing;
- data portability;
- withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal;
- lodge a complaint with a supervisory authority — in Poland, this is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warsaw, www.uodo.gov.pl).

7.2 If you are a U.S. resident (California and other states with comparable laws)

You have the right to:
- know what personal information we collect, use, disclose, and the purposes for doing so;
- access and obtain a portable copy of your personal information;
- request deletion of your personal information;
- request correction of inaccurate personal information;
- opt out of the sale or sharing of personal information (note: we do not sell or share personal information);
- limit the use and disclosure of sensitive personal information (note: we do not collect sensitive personal information as defined under the CPRA);
- not be discriminated against for exercising any of these rights.

You may submit an authorized agent request where permitted by applicable law.

7.3 How to exercise your rightsSend a request to privacy@selleris.com. We may need to verify your identity before responding. We will respond within the timeframes required by applicable law — within one month under GDPR (extendable by two months for complex requests) and within 45 days under the CCPA/CPRA (extendable once by 45 days). There is no fee for exercising your rights, except where requests are manifestly unfounded or excessive.

8. Cookies and Similar Technologies

8.1 What we use

Our website uses cookies and similar technologies (collectively, "cookies"), including HTTP cookies, pixel tags, web beacons, local storage, and SDKs. Cookies are small files placed on your device when you visit a website. We use them to operate the site, remember your preferences, measure performance, and — with your consent — deliver and measure marketing.

8.2 Categories of cookies

We classify the cookies on our website into three categories:
- Strictly necessary — required for the website to function (e.g., security, session management, load balancing, recording your cookie preferences). These cannot be disabled and do not require consent.
- Analytics — help us understand how visitors interact with the site so we can improve content and performance, including aggregate statistics on pages viewed, traffic sources, and behavior patterns. Used only with your consent.
- Marketing and advertising — used to measure campaign effectiveness, attribute conversions, build audiences for B2B prospecting, and personalize content. Used only with your consent.

8.3 Third-party tools

The following providers may set cookies or similar identifiers on our website. We have entered into data processing or data sharing agreements with each, and where applicable, transfers outside the EEA are covered by Standard Contractual Clauses or the EU–U.S. Data Privacy Framework.

- HubSpot (HubSpot, Inc.) — strictly necessary, analytics, marketing. Used for CRM, form submissions, web analytics, and marketing automation.
- Google Analytics 4 (Google Ireland Ltd.) — analytics. Used for aggregate traffic and behavior measurement.
- LinkedIn Insight Tag (LinkedIn Ireland Unlimited Company) — marketing. Used for conversion tracking, audience building, and ad measurement.
- Meta Pixel (Meta Platforms Ireland Ltd.) — marketing. Used for conversion tracking, audience building, and ad measurement.
- Microsoft Clarity (Microsoft Corporation) — analytics. Used for heatmaps and session recording to analyze user experience.

A complete and current list of individual cookies — with names, purposes, expiration, and providers — is available in our cookie preference center, accessible at any time via the "Cookie settings" link in the website footer.

8.4 Legal basis

Strictly necessary cookies are placed on the basis of our legitimate interest in operating a secure, functional website (Art. 6(1)(f) GDPR). All other cookies are placed only with your prior consent (Art. 6(1)(a) GDPR and Art. 5(3) of the ePrivacy Directive). You may withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

8.5 Managing your preferences

You can manage cookies in three ways:
-Cookie preference center — open the "Cookie settings" link in our website footer to review the categories of cookies in use and accept, reject, or change your selection at any time.
- Browser settings — most browsers allow you to block or delete cookies. Note that blocking strictly necessary cookies may impair the functioning of our website.
- Platform-level opt-outs — you can opt out of certain analytics and advertising cookies directly with the relevant providers, including the Google Analytics opt-out browser add-on, LinkedIn ad settings, Meta ad preferences, and Microsoft Clarity privacy controls. Industry opt-out tools are also available at youronlinechoices.eu (EEA), optout.aboutads.info, and optout.networkadvertising.org (United States).

8.6 Retention

Cookies remain on your device until they expire or you delete them. Expiration periods vary by cookie and provider, ranging from session-only (deleted when you close your browser) to up to 24 months. Specific retention periods for each cookie are listed in the cookie preference center.

8.7 International transfers

Several of the providers listed above are headquartered in the United States. Cookie data transferred outside the EEA is protected under the safeguards described in Section 5 of this Privacy Policy.

9. Automated Decision-Making

We do not make decisions producing legal or similarly significant effects about you based solely on automated processing, including profiling.

10. Security

We implement appropriate technical and organizational measures to protect personal information against unauthorized access, loss, alteration, or disclosure, including encryption in transit, access controls, and vendor due diligence.

11. Children

Our services are directed at businesses and are not intended for children under 16. We do not knowingly collect personal information from children. If you believe we have done so, please contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated via our website or, where appropriate, by email.

13. Contact

For any privacy-related questions, requests, or complaints:
‍Email: privacy@selleris.com
‍Postal: Selleris Sp. z o.o., Warsaw 02-222, al. Jerozolimskie 181, Poland