Privacy Policy

Introduction

Borealis ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website at https://borealis.io or engage with our services. Please read this policy carefully. If you disagree with its terms, please discontinue use of the site.

Data We Collect

• Contact Information — Name, email address, phone number, and company name provided via contact forms or direct communication.
• Usage Data — Pages visited, time spent, referring URLs, browser type, and device information collected automatically when you use our website.
• Communication Data — Records of correspondence if you contact us, including emails and messages submitted through the site.
• Cookies & Tracking — Small data files stored on your browser for site functionality, analytics, and session management.

How We Use Your Data

• Service Delivery — To respond to inquiries, provide project proposals, and communicate about ongoing engagements.
• Site Improvement — To understand how visitors use our website and improve our content, navigation, and performance.
• Legal Compliance — To comply with applicable laws, regulations, and legal obligations in Poland and the EU.
• Marketing — With your explicit consent, to send relevant updates about our services, case studies, or events. You may withdraw consent at any time.

Legal Basis for Processing (GDPR)

As a company operating in Poland and serving clients across the EU, we process personal data under the following legal bases: (a) contractual necessity — when processing is required to perform a contract or to take pre-contractual steps at your request; (b) legitimate interests — for analytics and service improvement, where your rights do not override our interests; (c) legal obligation — where processing is required to comply with applicable law; and (d) consent — for optional activities such as marketing communications.

Data Sharing & Third Parties

We do not sell your personal data. We may share it with trusted third-party service providers (e.g., hosting, analytics, email infrastructure) who process data on our behalf under data processing agreements. We may also disclose data when required by law or to protect our legal rights. Any third parties operating outside the EEA are subject to appropriate safeguards such as Standard Contractual Clauses.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by law. Contact form submissions are retained for up to 3 years. Analytics data is retained in aggregated, anonymised form. Upon request, we will delete or anonymise your personal data unless retention is legally required.

Your Rights

• Access — Request a copy of the personal data we hold about you.
• Rectification — Request correction of inaccurate or incomplete data.
• Erasure — Request deletion of your personal data where no legitimate basis for retention exists.
• Restriction — Request that we limit processing of your data in certain circumstances.
• Portability — Receive your data in a structured, machine-readable format.
• Objection — Object to processing based on legitimate interests or for direct marketing purposes.

Cookies

We use essential cookies necessary for the website to function and, where you have given consent, analytical cookies to understand usage patterns. You can control cookie preferences through your browser settings or our cookie consent banner. Disabling cookies may affect certain site features.

Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include HTTPS encryption, access controls, and regular security reviews. However, no internet transmission is entirely secure, and we cannot guarantee absolute security.

Contact & Complaints

For any privacy-related questions or to exercise your rights, contact us at contact.borealissoft@gmail.com. You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) at www.datatilsynet.dk if you believe we have processed your data unlawfully.