How we process your data.

Last updated: April 10, 2026

1. Data controller

The controller of your personal data is MSGA, with its registered office in Lodz, Piotrkowska 276A, 90-361 Lodz, Poland, Tax ID (NIP): 7331362657, REGON: 383902384 (the "Controller").

For matters related to personal data, contact: [email protected]

2. Source of data

Your contact details were obtained from publicly available sources, such as: industry websites, social platforms (LinkedIn), company websites, public registers (KRS, CEIDG) and other publicly accessible business databases.

In line with art. 14(3) of the GDPR, this information is provided no later than within one month of obtaining the personal data or upon first contact with the data subject.

3. Legal basis for processing

Your personal data is processed based on the legitimate interest of the controller within the meaning of art. 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR).

The legitimate interest consists in establishing business contacts, conducting commercial (B2B) communication and presenting offers of services related to the recipient's professional activity.

4. Scope of processed data

We process only professional data:

First and last name
Company name and job title
Business email address
Business phone number (if publicly available)
LinkedIn profile or other publicly available professional profiles

5. Purpose of processing

Your data is processed for the following purposes:

Establishing business contact - initiating commercial relationships in the B2B model
Presenting service offers - providing information on the Controller's services that may be relevant to your professional activity
Commercial communication - maintaining business relationships and exchanging industry information

6. Data retention period

Your data will be processed for no longer than 12 months from the last contact or attempted contact. After that period, the data will be reviewed to confirm whether continued processing is justified. If there is no legitimate interest to continue processing, the data will be permanently deleted.

The data will be deleted earlier if you successfully object to its processing.

7. Your rights

Under the GDPR you have the following rights:

Right of access - you may obtain information on what data we process about you (art. 15 GDPR)
Right to rectification - you may request correction of inaccurate data (art. 16 GDPR)
Right to erasure - you may request deletion of your data ("right to be forgotten", art. 17 GDPR)
Right to restriction of processing - you may request restriction of processing in specific cases (art. 18 GDPR)
Right to object - you may at any time object to the processing of your data based on legitimate interest (art. 21 GDPR)
Right to data portability - you may receive your data in a structured format (art. 20 GDPR)
Right to lodge a complaint - you may file a complaint with the President of the Personal Data Protection Office (Stawki 2, 00-193 Warsaw, Poland)

To exercise your rights, send an email to: [email protected]. We will respond without undue delay, no later than within 30 days.

8. Data recipients

Your data may be shared only with entities supporting the Controller in fulfilling the processing purposes. Recipient categories include:

Providers of CRM systems and customer relationship management tools
Providers of business communication and email outreach platforms
Providers of hosting and IT infrastructure services
Providers of analytics and reporting tools

Each of these entities processes the data based on appropriate data processing agreements.

9. Transfer of data outside the EEA

Due to the use of technology tools (e.g. CRM platforms, analytics tools), your data may be transferred to countries outside the European Economic Area. In such cases, the transfer is made on the basis of standard contractual clauses approved by the European Commission or an adequacy decision.

10. Automated decision-making

The Controller does not make decisions about you based solely on automated processing, including profiling, that would produce legal effects or similarly significantly affect you.

11. Data security

We apply appropriate technical and organizational measures to protect your data against unauthorized access, loss or destruction. Access to the data is limited to authorized persons, and the systems we use are secured in line with current industry standards.

12. Changes to the privacy policy

The Controller reserves the right to update this Privacy Policy. We will notify you of any material changes via the website. The current version is always available at: msga.pro/en/privacy-policy