Business Rating logo

Effective Date: 30 August 2025

This Privacy Policy sets out the rules for the processing and protection of personal data provided by Users in connection with their use of the website business-rating.org (hereinafter referred to as the “Service”).

§1 Definitions

  1. Administrator – the owner of the website business-rating.org, with its registered office in Poland.
  2. Service – the website operating at the address https://business-rating.org/.
  3. User – any natural person visiting the Service or using one or more of the services or functionalities described in this Policy.
  4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

§2 Personal Data Administrator

  1. The administrator of your personal data is Ludzkie SEO Jacek Białas, e-mail address: contact@business-rating.org.
  2. In matters related to the processing of your personal data, you can contact us via e-mail or traditional mail at the addresses indicated above.

§3 Purposes and Legal Bases for Data Processing

The Administrator processes your personal data for the following purposes and on the following legal bases:

  • To provide services electronically, including enabling Users to publish opinions and ratings of companies:
  • Scope of data: First name, last name, nickname, e-mail address, content of the opinion, IP address.
  • Legal basis: Article 6(1)(b) of the GDPR (necessity for the performance of a contract for the provision of electronic services) and Article 6(1)(a) of the GDPR (User’s consent to publish the opinion).

To manage a User account (if the Service offers such functionality):

  • Scope of data: First and last name, e-mail address, password, history of submitted reviews.
  • Legal basis: Article 6(1)(b) of the GDPR (necessity for the performance of a contract for maintaining an account).
  • To handle inquiries and requests sent to the Administrator via the contact form or e-mail address:
  • Scope of data: Name, e-mail address, content of the message.
  • Legal basis: Article 6(1)(f) of the GDPR (the Administrator’s legitimate interest in communicating with Users).

For analytical and statistical purposes to improve the functioning of the Service:

  • Scope of data: IP address, location data, browser type, operating system, time spent on the Service, visited subpages.
  • Legal basis: Article 6(1)(f) of the GDPR (the Administrator’s legitimate interest in optimizing the Service).
  • For marketing purposes (if applicable), e.g., to send a newsletter:
  • Scope of data: E-mail address.
  • Legal basis: Article 6(1)(a) of the GDPR (User’s consent).
  • Legal basis: Article 6(1)(f) of the GDPR (the Administrator’s legitimate interest).

§4 Data Recipients

  1. Users’ personal data may be transferred to entities that process data on behalf of the Administrator, including IT service providers, hosting companies, and providers of analytical tools (e.g., Google Analytics). These entities process data on the basis of a contract with the Administrator and solely in accordance with its instructions.
  2. Opinions published by the User, along with the provided nickname, will be publicly available to all visitors of the Service.
  3. Your data may also be made available to public authorities within the limits and on the basis of the law.

§5 Data Retention Period

  1. Data processed on the basis of a contract will be stored for the duration of the contract, and after its termination for the period necessary to pursue or defend against claims, but no longer than 6 years.
  2. Data processed on the basis of consent (e.g., reviews, newsletter) will be stored until the consent is withdrawn.
  3. Data processed on the basis of the Administrator’s legitimate interest will be stored until an effective objection is raised.

§6 User Rights

In connection with the processing of your personal data, you have the following rights:

  1. The right to access your data (Article 15 GDPR).
  2. The right to rectify your data (Article 16 GDPR).
  3. The right to erase your data (“right to be forgotten”) (Article 17 GDPR).
  4. The right to restrict processing (Article 18 GDPR).
  5. The right to data portability (Article 20 GDPR).
  6. The right to object to the processing of data based on Article 6(1)(f) of the GDPR (Article 21 GDPR).
  7. The right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  8. The right to lodge a complaint with a supervisory authority, which in Poland is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych – UODO, ul. Stawki 2, 00-193 Warsaw).

§7 Cookies

The Service uses cookies, which are small text files stored on the User’s end device (e.g., computer, tablet, smartphone).

Cookies are used to:

  • Ensure the proper functioning of the Service.
  • Create statistics that help understand how Users use the websites, which allows for improving their structure and content (e.g., Google Analytics).
  • Maintain the User’s session (after logging in), so the User does not have to re-enter their login and password on every subpage of the Service.
  • The Service uses two main types of cookies: “session” cookies and “persistent” cookies. Session cookies are temporary files that are stored on the User’s end device until they log out, leave the website, or turn off the software (web browser). Persistent cookies are stored on the User’s end device for the time specified in the cookie parameters or until they are deleted by the User.
  • The User has the option to limit or disable the access of cookies to their computer. If this option is used, the use of the Service will still be possible, except for functions that by their nature require cookies. Detailed information on the possibilities and methods of handling cookies is available in the software settings (web browser).

§8 Data Security

The Administrator applies technical and organizational measures to ensure the protection of the processed personal data is appropriate to the threats and categories of data being protected. In particular, the Administrator protects data against unauthorized disclosure, access by an unauthorized person, processing in violation of applicable laws, and against alteration, loss, damage, or destruction.

§9 Final Provisions

This Policy enters into force on the day of its publication on the Service’s website.

In matters not regulated by this Privacy Policy, the provisions of data protection law shall apply.

The Administrator reserves the right to make changes to the Privacy Policy. Users will be informed of any changes via a notice on the Service.