briefservice

Privacy Policy

Last updated: July 2026

1. General information

This policy applies to the website operating at brief-service.com (including the info.brief-service.com subdomain).

The operator of the website and the controller of personal data is: Jurecki MAREK PRZEDSIĘBIORSTWO WIELOBRANŻOWE „JANMAR”, tax ID (NIP): 9241722538, ul. Sosnowa 10/7, 68-100 Żagań, Poland.

Operator contact e-mail: audicarforme@op.pl. You can also use this address for any request concerning your personal data.

The website obtains information about users in the following ways:

  • through data voluntarily entered in the contact form and in the chat window,
  • through the operator's own visit statistics, run on the operator's server without cookies (section 2),
  • through cookies and browser local storage (section 7),
  • through Google marketing tools (section 7).

2. What data we collect and why

Contact form. We collect a name, an e-mail address and the message content. The data is used solely to reply to the inquiry and handle the matter it concerns (art. 6(1)(b) and (f) GDPR).

Chat. We collect the voluntarily provided name and e-mail address, the conversation content and - when the conversation concerns a specific service - its name. The data is used to reply and present an offer (art. 6(1)(b) GDPR). Message translation (the translate button in the chat window) happens entirely on the operator's server - conversation content is not passed to external translation services.

Visit statistics (cookieless). On every page view the operator's server records: the address of the visited page, the language version, the referring domain, advertising campaign parameters (utm_source, utm_medium, utm_campaign), the device type (desktop / phone / tablet), the country derived from the IP address (a local DB-IP geolocation database - the IP address is not sent anywhere) and an anonymous technical identifier valid for one day. The identifier is a one-way hash of the IP address and browser name with a key that changes daily - the raw IP address is never stored, and identifiers from different days cannot be linked together. The mechanism stores nothing on the user's device. Purpose: measuring site traffic and advertising campaign effectiveness (art. 6(1)(f) GDPR - the operator's legitimate interest).

Inquiry source (attribution). When you send a message via the chat or the contact form, the server checks your visits from the last 48 hours (via the identifier described above) and records the inquiry's source: the entry channel (e.g. Google ad, Meta ad, search engine, direct visit), the visited page, campaign parameters, the referring domain and the country. Purpose: evaluating advertising effectiveness (art. 6(1)(f) GDPR).

Ad conversion measurement (Google Ads, Meta). Events such as viewing a service page, clicking the phone number, submitting the form or starting a chat are reported to Google Ads and Meta (Facebook) to account for advertising effectiveness - the details and the related cookies are described in section 7. The legal basis is user consent (art. 6(1)(a) GDPR).

3. Data recipients

Data may be disclosed to the following recipients or categories of recipients:

  • OVH - server infrastructure (hosting) provider,
  • Mailtrap - e-mail delivery provider; through it the operator receives notifications about new inquiries (a notification contains the name, e-mail address and message content),
  • Google - solely within the scope of the marketing tools and fonts described in section 7,
  • Meta (Facebook) - solely within the scope of the ad-effectiveness measurement described in section 7,
  • persons authorised by the operator - solely to handle inquiries.

Processing by these service providers takes place under data processing agreements.

4. Transfers outside the European Economic Area

Data from the forms, the chat and the visit statistics is stored on servers located in the European Union.

The providers Google, Meta and Mailtrap may process some data (e.g. technical browser data, the content of e-mail notifications) on servers outside the European Economic Area, in particular in the USA. Such transfers take place on the basis of a European Commission adequacy decision (the EU-U.S. Data Privacy Framework) or standard contractual clauses.

5. Data retention

  • contact form inquiries and chat conversations - for the time needed to handle the matter, no longer than 3 years from the last contact,
  • visit statistics - indefinitely; they do not allow a specific person to be identified,
  • database backups - deleted automatically after 7 days,
  • cookies - according to the periods listed in section 7.

6. Your rights

You have the right to request from the controller:

  • access to your personal data,
  • rectification of the data,
  • erasure of the data,
  • restriction of processing,
  • data portability.

You have the right to object to processing based on the operator's legitimate interest (including the statistics and attribution described in section 2) and the right to withdraw consent at any time - without affecting the lawfulness of processing carried out before the withdrawal.

You may lodge a complaint about the controller's activities with the President of the Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warsaw, Poland.

Providing personal data is voluntary but necessary to handle an inquiry - without an e-mail address we will not be able to reply.

The controller is not able to link the statistical data described in section 2 to a specific person - to that extent, exercising the rights above may not be possible (art. 11 GDPR).

7. Cookies and browser storage

The website uses its own cookies solely for functional purposes:

  • chat_id - keeps the chat conversation continuous across pages and visits; set only when a conversation is started; valid for 30 days; necessary for the chat to work,
  • admin_token - login to the administration panel (used only by site staff); valid for 8 hours.

In the browser's local storage (localStorage) the website saves: the chosen language version (lang) and - once provided in the chat window - the name and e-mail address (chat_user_name, chat_user_email) so you do not have to type them again. This data stays in your browser until you delete it and is not used for tracking.

Google tools. The website uses Google Ads and Google Tag Manager to measure advertising effectiveness. These tools may set Google marketing cookies on the device (including _gcl_au) and send Google information about visits and on-site events (e.g. clicking the phone number, submitting the form, starting a chat). The use of marketing cookies requires the user's consent. You give consent in the banner shown on your first visit and can change or withdraw it at any time via the "Cookie settings" link in the page footer - until you consent, these tools stay disabled. Details of data processing by Google: policies.google.com/privacy.

Meta (Facebook) tools. The website uses the Meta Pixel to measure the effectiveness of ads run on Meta services (Facebook, Instagram). The tool activates only after the same consent is given in the banner and may set Meta cookies (including _fbp, valid for about 90 days) and send Meta Platforms information about visits and on-site events (e.g. viewing a service page, clicking the phone number, submitting the form, starting a chat). For the collection and transmission of these events the operator and Meta Platforms Ireland act as joint controllers. Details of data processing by Meta: facebook.com/privacy/policy.

Google Fonts. The site loads font files from Google's servers (fonts.googleapis.com, fonts.gstatic.com), which involves transmitting the device's IP address to Google when the page loads.

Cookies can be managed in any web browser's settings. Blocking all cookies does not limit browsing the website - the only effects are losing chat continuity after navigating to another page and having to re-enter your details in the chat window.

8. Data protection measures used by the operator

  • data transmission, including login and data entry points, is protected by encryption (SSL/TLS certificate),
  • administrative passwords are stored only as irreversible hashes (bcrypt) - this operation cannot be reversed,
  • session cookies are inaccessible to page scripts (httpOnly),
  • the server limits the number of requests from a single address (protection against attacks and spam),
  • the database is archived automatically every day, and backups are deleted after 7 days,
  • the software used to process data is updated regularly,
  • no raw IP addresses are stored in the visit statistics.

9. Hosting

The website is hosted (technically maintained) on the servers of OVH in the European Union.

The server infrastructure may record standard technical logs (addresses of requested resources, request times, error information) to ensure the reliability of the service. These logs are used solely for administering the website.