Privacy and cookies policy. We respect your presonal data

We process your Personal Data when you contact us, use the Website, the electronic services we offer or you purchase our products. 

We respect your privacy and strive, in such cases, to follow best practices in the area of processing your Personal Data – in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, also known as the General Data Protection Regulation (GDPR).

This Privacy and Cookies Policy explains who we are, how we process your Personal Data, which cookies we use, your rights in this regard and how you can contact us if necessary.

The Privacy and Cookies Policy has been drawn up for information purposes only, which means that it does not give rise to any legal obligations either for you or for us (it does not constitute a contract). Consequently, we reserve the right to amend the Privacy and Cookies Policy from time to time. The current version of the Privacy and Cookies Policy will be available at the following link: https://shapedthoughts.io/privacy-policy/.

Table of Contents
  1. Glossary – key terms
  2. Who is the controller of your Personal Data?
  3. What kind of Personal Data do we collect, for what purpose, for how long, and on what legal basis do we process it?
  4. Who has access to your Personal Data?
  5. Your rights in relation to the processing of your Personal Data
  6. What are "Cookies" and other similar technological solutions? How and for what purpose do we use them?

Glossary – key terms

Personal Data – all information relating to you that we process. For example: name, email address, telephone number, etc.

Processing – any activity performed on Personal Data. For example: collection, storage, updating, deletion of data.

Website – the website available at insurancepass.io.

Who is the controller of your Personal Data?

The controller of your personal data is Shaped Thoughts sp. z o.o., with its registered office in Warsaw (02-672), ul. Domaniewska 37 lok. 2.43, entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court for the capital city of Warsaw, XIII Commercial Division of the National Court Register under KRS number: 0000974270, tax identification number (NIP): 5213970274, statistical number (REGON): 52215138000000, with a share capital of PLN 20,000, email address: [email protected]

What kind of Personal Data do we collect, for what purpose, for how long, and on what legal basis do we process it?

1. Visits to the Website 

When you visit the Website, we may use cookies and other similar technological solutions (detailed information is provided in Section VI of the Privacy and Cookies Policy). These technologies allow us to maintain the proper functioning of the Website and analyze information regarding your activity on the Website. We process this data to improve the quality of our services and optimize the Website’s functionality. In some cases, cookies (or similar technologies) also help us tailor content available via the Website to your interests (profiling). Certain cookies may be used for marketing purposes, both within the Website and across the websites of our business partners.

The legal basis for the use of cookies and similar technologies is generally your consent.

The legal basis for processing data collected through cookie technology is our legitimate interest or the legitimate interest of a “third party” (Article 6(1)(f) GDPR) – including the need to ensure the highest quality of the presented content and, in some cases, the marketing of our or our partners’ products and services. In such cases, partners do not participate in the processing of your data. Where our partners have direct access to this information, the legal basis for such processing is your freely given consent (Article 6(1)(a) GDPR).

We process Personal Data based on your consent until it is withdrawn. Personal Data processed based on our legitimate interest may be stored until you object to the processing, except in situations where, despite your objection, we determine that there are compelling legitimate grounds for the processing that override your interests, rights, and freedoms, including the establishment, exercise, or defense of legal claims.

The above does not apply where the use of cookies and similar technologies is necessary for the proper operation of the Website (i.e., for providing you with an electronic service). In such cases, processing is based on legal provisions and the necessity of processing for the performance of the service agreement (Article 6(1)(b) GDPR). Your Personal Data will then be processed for as long as necessary to achieve these purposes.

Information regarding recipients of your Personal Data, including any transfers of your Personal Data to third countries (outside the European Economic Area), is provided in Section IV below.

The rights you have regarding the processing of your Personal Data are detailed in Section V below.

2. Contacting us

When you contact us, e.g. using email, accessible forms, social media, etc., examples of Personal Data that we may process are: Personal Data that identifies you (e.g. email address, IP number, etc.), contact metadata (e.g. date of contact, duration of our conversation), and the content of our communication (e.g. content of emails). Your Personal Data is processed to respond to your inquiry, enhance our communication, improve customer service quality, and for marketing purposes. The purpose of processing depends on the context of our communication. In some cases, your Personal Data may be used for the conclusion of an agreement with you, and if an agreement is already in place, for ensuring proper service under our cooperation (e.g., handling your complaint).

The legal basis for processing in such cases depends on the context of the communication:

If you contact us solely for general information (e.g., about the Website), we process your Personal Data based on our legitimate interest (resulting from the purposes mentioned above; Article 6(1)(f) GDPR).

If your inquiry leads to the conclusion of, for example, a contract of sale, the appropriate legal basis for processing will be Article 6(1)(b) GDPR – processing necessary for taking steps at your request before entering into an agreement.

If an agreement is already in place and you contact us regarding its performance, the legal basis for processing is Article 6(1)(b) GDPR – processing necessary for the performance of the agreement.

We may also process your Personal Data for claim handling and legal proceedings, in which case the legal basis is our legitimate interest (Article 6(1)(f) GDPR).

Providing Personal Data is voluntary, but necessary for effective communication with us.

If your Personal Data was collected solely in connection with our current communication, it may be processed for a period ranging from a few days to several months, depending on the category of information and the significance of our communication for potential future interactions.

Personal Data processed based on our legitimate interest may be stored until you object to processing unless there are overriding legitimate legal grounds for processing or for establishing, exercising, or defending legal claims.

The principles of Personal Data protection and use by social media platforms you use to contact us are described in their respective privacy policies. For example, information on the processing of Personal Data by LinkedIn can be found at: https://pl.linkedin.com/legal/privacy-policy.

Information regarding recipients of your Personal Data, including any transfers of your Personal Data to third countries (outside the European Economic Area), is detailed in Section IV below.

The rights you have regarding the processing of your Personal Data are detailed in Section V below.

3. Processing of data of our contractors and their employees / associates

If you are our contractor or an employee/associate of our contractor, we may process your identifying and contact details, as well as data related to the performance of the agreement, including in particular:

your name and surname, the name of the entity employing you, contact phone number, email address, your position/qualifications, any correspondence exchanged between us. If you are a party to a contract concluded with us, we will also process your registration details and payment-related information.

Personal Data is processed for the proper performance of the contract between us and your employer/entity you represent, including documentation of its conclusion and identification of authorized persons for executing contractual tasks.

The legal basis for processing is our legitimate interest (Article 6(1)(f) GDPR), which is the performance of an agreement with our contractor. If you are an individual contracting party, your data is processed for the execution of the contract (Article 6(1)(b) GDPR).

Additionally, your Personal Data may be processed:

  • for the defense against potential claims or to pursue claims, based on our legitimate interest (Article 6(1)(f) GDPR),
  • to fulfill our legal obligations (e.g., tax, accounting obligations), based on compliance with a legal obligation imposed on the controller (Article 6(1)(c) GDPR).

We received your data directly from you or from your employer/the entity you represent. Providing personal data is voluntary, but it enables a contract to be concluded or for you to be admitted to perform the tasks specified in the contract (failure to provide it will prevent our cooperation).

As a rule, data processed based on our legitimate interest will be processed until an objection is raised or the purpose for which it was processed is fulfilled. We store data related to the performance of a contract for the duration of the contract (and also for the duration of the confidentiality obligation, if a separate declaration has been signed) and usually for up to 7 years after the end of the contract, which is based on tax regulations and the limitation period for certain claims. These periods may be extended accordingly, if necessary, in the case of possible claims and legal proceedings, by the duration of these proceedings and their settlement, as well as when the law requires us to process them for a longer period in specific cases.

Information about the recipients of your Personal Data, including any transfer of your Personal Data to third countries (outside the European Economic Area), is described in detail in Section IV below. 

Your rights in connection with the processing of your Personal Data are described in detail in Section V below.

Who has access to your Personal Data?

Access to your Personal Data is granted only to entities that support us in operating the Website based on appropriate agreements, such as entities providing IT services, supplying tools that enable our communication, conducting marketing campaigns, our advisors, including legal advisors, as well as entities providing transport, accounting, and online payment processing services.

All such entities have access only to the information necessary for their activities.

Some of the entities providing us with solutions may be located outside the European Economic Area (EEA). In each case of data transfer outside the EEA, we apply the required security measures, including, for example, standard contractual clauses adopted by the European Commission, taking into account appropriate safeguards. By contacting us, you may obtain a copy of the applied safeguards concerning the transfer of Personal Data to a country outside the EEA.

Your rights in relation to the processing of your Personal Data

To efficiently exercise your rights, please direct all requests to the email address specified in the Section II above, including “GDPR Request” in the subject line and specifying in the content which right you wish to exercise. The instructions provided in the previous sentence are merely a recommendation and not a requirement. Submitting a request in another manner does not result in the loss of the rights listed below.

At any time, you have the right to:

  1. access your Personal Data (including, for example, obtaining information on which Personal Data is processed or receiving a copy of it);
  2. request rectification and restriction of processing (e.g., if your Personal Data is inaccurate) or erasure of Personal Data (e.g., if it has been processed unlawfully);
  3. data portability regarding the Personal Data you have provided to the controller, and which is processed in an automated manner, provided the processing is based on consent or a contract, e.g., to another controller;
  4. withdraw any consent given to the controller at any time, whereby the withdrawal of consent does not affect processing carried out by the controller lawfully before its withdrawal;
  5. object to the processing of your Personal Data carried out for the purposes of the legitimate interests of the controller or a third party (unless there are other compelling legitimate grounds for processing that override your interests). If Personal Data is processed for direct marketing purposes, you have the right to object at any time to the processing of your Personal Data for such marketing, including profiling, to the extent that it is related to such direct marketing – in such a case, Personal Data must no longer be processed for those purposes.
  6. lodge a complaint with the President of the Personal Data Protection Office (a detailed description of the complaint procedure is available at: https://uodo.gov.pl/pl/83/155). Of course, if you wish to provide feedback regarding our practices, we encourage you to contact us first.

What are “Cookies” and other similar technological solutions? How and for what purpose do we use them?

“Cookies” are small text files sent by a server and stored on your device (usually on the computer’s hard drive). They store information we may need to tailor the Website to your usage and to collect statistical data.

During your visit to the Website, we may collect data regarding the domain name of your internet service provider, browser type, operating system type, IP address, the websites you visit, elements you download, as well as operational data or information about the location of the device you are using.

We assure you that all information received in this way is used solely for the purposes specified in this policy and is in no way harmful to you or your device, as it does not introduce any configuration changes.

Of course, you can change how cookies are used, including blocking or deleting them entirely (details are provided in the “Managing cookies” section below). However, doing so may prevent or significantly hinder the proper functioning of the Website (e.g., slowing down its operation), so we recommend not disabling them in your browser.

We always provide information explaining which cookies we use and for what purposes during your first visit to the Website.

Cookies used by the Website:

  1. Essential (technical) – include cookies necessary for the proper functioning of the Website, enabling website functionality, but they are not used for tracking users;
  2. Analytical – used to analyze user behavior within the Website for statistical and analytical purposes; they help provide information on metrics such as the number of visitors, bounce rate, traffic sources, etc.;
  3. Functional – assist in performing certain functions, such as sharing website content on social media platforms, collecting feedback, and enabling other third-party functionalities;
  4. Performance – serve to monitor and analyze key website performance indicators, such as loading times, user interactions, and overall site functionality. They allow for optimizing the Website’s performance and ensuring a better user experience;
  5. Advertising – used to display personalized ads to users based on their preferences and previous online activity.
  6. Uncategorized – other cookies that are currently under analysis and have not yet been assigned to any category.

To view a detailed description of the cookies we use (including the provider, cookie type, and purpose), click the “Customise” button on the cookie banner displayed when entering the Website or the “Consent Preferences” button available on every subpage of the Website.

Third-Party cookies

We may cooperate with other companies in their analytical or marketing (advertising) activities. For the purposes of this cooperation, cookies from these entities may be stored on your device. These are so-called third-party cookies. 

The aforementioned entities, due to using their own cookies within the Website, may become controllers of your Personal Data.

Below, you will find the companies that use (or their affiliates use) cookies on the Website, along with links to their privacy policies describing how they process personal data:

  1. Google LLC (Google Tag Manager, Google Analytics, Google Ads, DoubleClick) https://policies.google.com/privacy?hl=en  
  2. Meta Platforms, Inc. (Facebook, Piksel Meta), https://www.meta.com/pl/en/legal/privacy-policy/ 
  3. Hotjar Ltd., https://help.hotjar.com/hc/en-us/sections/360007966773-Data-Privacy 
  4. Microsoft Corporation (Clarity, Bing), https://www.microsoft.com/en-us/privacy/privacystatement?utm_source
  5. PipeDrive Inc., https://www.pipedrive.com/en/privacy

Managing cookies

At any time, you can modify how cookies are used by managing your consents within the privacy settings of the Website or your browser. In particular, you may withdraw previously given consent – this will not, however, affect the lawfulness of processing carried out based on consent before its withdrawal.

You can withdraw consent for cookie collection from within the Website through the cookie consent management platform. The cookie banner can be displayed by clicking the “Consent Preferences” button available on every subpage of the Website.

Once the banner is displayed, you can withdraw consent for cookies other than essential ones by clicking the “Reject” button. To customize (manage consents) for selected categories of cookies, adjust the toggle next to the chosen cookie category and press the “Save my preferences” button.

You can also withdraw consent for cookies through your browser settings. Browser manufacturers provide instructions on how to manage cookies within their products – examples can be found at the following links:

You can also find information about your browser’s privacy settings here: http://www.youronlinechoices.com/ .

Last update of the Privacy and Cookies Policy: 25.03.2025.

Scroll to Top