//legal
ANTONI SHKRABA STUDIO / AI25.Studio
Business address: Jana Pawła Woronicza 31/155, 02‑640 Warsaw, Poland
VAT (NIP): PL 521 411 36 55 | REGON: 541 449 095
Production brand: AI25.Studio
Last updated: 19 November 2025
1. Introduction
This Privacy Policy explains in detail how ANTONI SHKRABA STUDIO (hereinafter “the Company”, “we”, “us”, or “our”) processes personal data in connection with our website, services and communications under the brand AI25.Studio (the “Service”). Our data processing is subject to the Regulation (EU) 2016/679 (GDPR) and the Polish implementing legislation (in particular the Act of 10 May 2018 on the Protection of Personal Data) as incorporated into national law. (CEE Legal Matters)
By accessing or using our Service you confirm that you accept this Privacy Policy and consent to our processing of your personal data as described herein.
In Poland, the General Data Protection Regulation (“GDPR”) is commonly referred to as “RODO” (“Rozporządzenie o Ochronie Danych Osobowych”). RODO is not a separate law but the Polish term for the GDPR, which applies directly across all EU Member States. The GDPR is supplemented in Poland by the national Act of 10 May 2018 on the Protection of Personal Data, which regulates the functioning of the supervisory authority (UODO) and provides additional procedural rules for data protection within the Polish legal system.
Our services and content are primarily directed to business entities and professionals (B2B context). We do not target our website or services toward individual consumers unless otherwise specified.
2. Data Controller
The data controller (the entity that determines the purposes and means of processing) for your personal data is:
ANTONI SHKRABA STUDIO
Address: Jana Pawła Woronicza 31/155, 02‑640 Warsaw, Poland
Email: hello@ai25.studio
If you have any questions about this Policy, or wish to exercise your rights as a data subject (see Section 7), you may contact us at the above email.
3. Legal Basis and Processing Principles
3.1 Legal Basis
We process personal data only when we have a lawful basis under Article 6 of the GDPR. These include:
the data subject’s consent (Art. 6(1)(a) GDPR) — e.g., for marketing communications or optional profiling;
necessity for performance of a contract or to take steps prior to entering a contract (Art. 6(1)(b));
compliance with a legal obligation to which the Company is subject (Art. 6(1)(c));
our legitimate interests (Art. 6(1)(f)), provided these do not override the rights and freedoms of the data subject.
3.2 Principles of Processing
In accordance with Article 5 GDPR, we adhere to the following principles:
lawfulness, fairness and transparency;
purpose limitation (personal data are collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes);
data minimisation (only data adequate, relevant and limited to what is necessary);
accuracy (we take reasonable steps to keep personal data accurate and up to date);
storage limitation (personal data kept in a form which permits identification for no longer than necessary);
integrity and confidentiality (appropriate security of personal data);
accountability (we are responsible for, and able to demonstrate, compliance with these principles).
4. Categories of Personal Data Collected
4.1 Data You Provide
Identification and contact data: name, surname, company name, address, e‑mail, telephone number;
Billing and invoicing data (company, VAT/NIP, REGON, address);
Data provided when you fill forms on our Service, request quotes, subscribe to newsletters or contact us;
4.2 Data Collected Automatically
Technical/usage data such as IP address, browser type and version, operating system, pages visited, referral URL, date/time of visit, device identifiers;
Cookies and other tracking technologies (see Section 9);
We use third-party analytics services (such as Google Analytics) to collect anonymized data regarding user behavior on our website. This includes page visits, duration, referrer URL, and browser information. Data may be stored in pseudonymized format and is used to improve user experience and website performance. IP addresses are anonymized before being stored, and such data is retained for [14 months] by default.
4.3 Data from Third Parties
If you use social login or engage via social networks, relevant personal data may be provided by the social network;
Data from analytics and marketing platforms, payment processors, hosting providers;
4.4 Special Categories of Data
We ordinarily do not process special categories of personal data (Art. 9 GDPR) such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade‑union membership, genetic or biometric data etc. Should we ever do so, we will explicitly inform you and rely on the applicable legal basis.
5. Purposes of Processing, Retention and Profiling
5.1 Purposes
We use personal data for the following purposes:
Providing our Services, fulfilling contractual obligations and responding to enquiries;
Managing client relationships, billing/invoicing, accounting and tax obligations;
Administering and improving our website and services (including analytics, research and development);
Communicating with you by e‑mail, telephone or other medium regarding the Service, updates, changes or offers (if you have consented, or where otherwise permitted);
Marketing communications where consent has been given or permissible under law;
Ensuring IT, network and information security, fraud prevention and detection;
Legal compliance and defence of legal claims;
5.2 Profiling & Automated Decision‑Making
If we engage in any automated processing including profiling which produces legal effects or similarly significant effects concerning you, we will notify you, provide meaningful information about the logic and envisaged consequences, and offer the right to human intervention (Art. 22 GDPR). At present we do not carry out such processing activities.
5.3 Retention
We retain personal data for as long as necessary for the relevant purpose(s) or to satisfy legal, accounting or tax obligations. After expiry of the retention period, data will be securely deleted or anonymised.
We may use personal data (e.g., IP address, cookie identifiers) for remarketing and behavioral advertising campaigns using platforms such as Google Ads, Meta (Facebook) Ads or similar. These platforms may display targeted ads based on previous interactions with our website. This processing is based on your prior consent under Article 6(1)(a) GDPR. You can withdraw consent or manage preferences via our cookie banner or directly in your advertising account settings.
6. Recipients and Data Transfers
6.1 Recipients
We may disclose your personal data to:
Service providers (processors) acting on our behalf (e.g., hosting, payment, analytics, marketing);
Legal, tax, accounting, regulatory or law enforcement authorities where required by law;
In the event of business restructuring, sale, merger or asset transfer, to the acquiring entity subject to appropriate safeguards.
We ensure that all data processors and subprocessors engaged in handling personal data on our behalf are bound by a Data Processing Agreement (DPA) and provide adequate guarantees in compliance with Article 28 GDPR.
6.2 Transfers within the EEA
Transfers of personal data within the European Economic Area (EEA) are subject to EU rules and are considered adequately protected.
6.4 Supervisory Authority Reporting
In the event of a personal data breach, the Company will cooperate with and report to the relevant supervisory authority — in Poland, the Office for Personal Data Protection (“UODO”) — in accordance with Polish and EU law. (penteris.com)
7. Data Subject Rights
Under Articles 15–22 of the GDPR and Polish law you have the following rights:
Right of access (Art 15) — to obtain confirmation whether personal data are processed and access to such data plus information. (UODO)
Right to rectification (Art 16) — to request correction of inaccurate or incomplete data.
Right to erasure (“right to be forgotten”) (Art 17) — in certain circumstances you may request deletion of personal data.
Right to restriction of processing (Art 18).
Right to data portability (Art 20) — where processing is based on consent or contract and done by automated means.
Right to object (Art 21) — including to processing for direct marketing or for our legitimate interests.
Right to withdraw consent at any time when processing is based on consent (Art 7(3)).
Where applicable, the right not to be subject to a decision based solely on automated processing (Art 22).
To exercise your rights, please contact us at hello@ai25.studio. We respond in the timeframe required by law (generally one month, extendable by two months in complex cases).
If you believe your rights have been violated, you may lodge a complaint with UODO.
If you are located outside the European Economic Area (EEA), please note that we process your personal data in accordance with this Privacy Policy and applicable EU data protection standards. If local laws grant you additional rights, we will take reasonable steps to respect them.
8. Cookies and Tracking Technologies
We use cookies and similar technologies to provide, maintain and improve our Service. These include:
Strictly necessary cookies – essential for operation of the website;
Performance/analytics cookies – to collect anonymous usage data to improve our Service;
Functional cookies – to remember user preferences;
Marketing/advertising cookies – subject to prior consent.
Pursuant to Polish and EU law (including the Act on provision of services by electronic means), we obtain your informed consent prior to using non‑essential cookies. We provide clear information about the categories of cookies used and how to manage your cookie settings.
You may disable or delete cookies via your browser settings, but this may affect functionality of our website.
9. Security of Personal Data
We implement appropriate technical and organisational measures to safeguard personal data (Art 32 GDPR). These measures include:
Encryption and pseudonymisation where feasible;
Access controls and authentication procedures (e.g., multi‑factor authentication, role‑based access);
Regular security audits, penetration testing and vulnerability assessments. (penteris.com)
Secure backup, data segmentation, network protection and incident detection/response capabilities;
Data protection by design and default (Art 25 GDPR) – we integrate data protection principles into our system and processes from the earliest stage.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will notify UODO without undue delay, and if feasible within 72 hours of becoming aware of it. (penteris.com)
10. Data Protection Impact Assessment (DPIA)
Where the processing we intend to carry out is likely to result in a high risk to the rights and freedoms of individuals (for example introduction of new technologies, large‑scale processing of special categories, systematic monitoring), we will carry out a Data Protection Impact Assessment (DPIA) pursuant to Art 35 GDPR and in line with applicable Polish rules. (Активный Ум)
11. Monitoring, Employee Data and Internal Processing
When employees, contractors or other persons act on behalf of the Company and are subject to internal processing of their personal data, such processing is carried out in accordance with Polish labour law, supplementary national regulations and GDPR principles. Monitoring of staff (e.g., IT, CCTV) is implemented only with legitimate basis, appropriate safeguards and transparency. (Активный Ум)
12. International and Cross‑Border Processing
We may engage in cross‑border processing of personal data insofar as our operations, service providers or clients are located outside Poland. In such cases, we ensure that:
Appropriate safeguards are in place (see Section 6.3);
Transfers are documented, and the data subjects are informed of the transfer and relevant safeguards;
We comply with applicable EU and Polish law on international transfers.
13. Changes to This Privacy Policy
We reserve the right to amend this Privacy Policy at any time. Changes may be required due to changes in our services, legal/regulatory obligations, new technologies or business developments. We will publish the updated version on our website and update the “Last updated” date. Continued use of the Service after changes constitutes your acceptance of the amended Policy.
14. Contact and Complaints
For any questions or to exercise your rights, you can contact:
ANTONI SHKRABA STUDIO
Email: hello@ai25.studio
Address: Jana Pawła Woronicza 31/155, 02‑640 Warsaw, Poland
If you believe that our processing of your personal data is not compliant with applicable law, you may lodge a complaint with the supervisory authority:
Office for Personal Data Protection (UODO)
ul. Stawki 2, 00‑193 Warsaw, Poland
Website: https://uodo.gov.pl
15. Governing Law and Jurisdiction
This Privacy Policy is governed by the laws of Poland and by applicable EU regulations (including GDPR). Any disputes arising in connection with this Policy will be subject to the competent courts of Poland, unless mandatory procedural rules dictate otherwise.
16. Hosting and Technical Infrastructure
Our website AI25.Studio is hosted on the infrastructure of Framer — a third-party website development and hosting provider accessible at https://framer.website.
As part of hosting and platform management, Framer may process certain data such as IP addresses, browser types, technical logs and usage statistics to enable delivery and security of the website. We ensure that our contractual relationship with Framer includes appropriate safeguards in line with Article 28 and Article 46 of the GDPR. Framer’s servers and sub-processors may be located within the European Economic Area (EEA) or in other jurisdictions with adequate legal protections.
For more information, please refer to Framer’s Privacy Policy.