Privacy Policy
for Group 95 Sp. z o.o. T/A Doctorank
Last updated: 4 May 2026
1. Who is the controller?
The controller of personal data processed through https://doctorank.com/ is GROUP 95 SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, with its registered office at ul. Jana Henryka Dąbrowskiego 77A, 60-529 Poznań, Poland, entered in the register of entrepreneurs of the National Court Register under KRS number 0001018960, NIP 7812047283, share capital 8,000.00 PLN.
Contact for privacy matters: info@doctorank.com
2. Scope of this Policy
This Policy explains how we process personal data of Website visitors, business contacts, prospects, newsletter subscribers, clients, partners, social media users, and people who contact Doctorank through the Website or related channels.
3. Data we may collect
| Context | Examples of personal data |
|---|---|
| Website visit | IP address, device and browser data, approximate location, pages viewed, referring page, time of visit, cookie identifiers, consent choices, security logs. |
| Contact / proposal form | First name, last name, company or organisation, business email, telephone number, selected service interest such as SEO/PPC/UX/CRO/audits/development, message content, and related correspondence. |
| Calendly / video call booking | Name, email, company, meeting time, answers to booking questions, calendar metadata, video meeting details, and communication about the meeting. |
| Newsletter | Email address, consent record, subscription status, delivery and engagement data such as opens/clicks if enabled by the mailing tool. |
| Client and partner communication | Name, role, company, email, phone, billing/contact information, project-related information, messages, meeting notes, and contract information. |
| Social media interaction | Profile name, handle, public comments, messages, reactions, and information made available by the social platform. |
| Recruitment contact | Name, contact details, CV/resume, portfolio, work history, education, and information provided during recruitment. |
4. Purposes and legal bases
| Purpose | Legal basis under GDPR |
|---|---|
| Responding to inquiries, arranging consultations, and preparing proposals | Art. 6(1)(b) GDPR where processing is necessary before entering into a contract, and Art. 6(1)(f) GDPR based on our legitimate interest in business communication. |
| Providing services to clients and managing projects | Art. 6(1)(b) GDPR for contracts with individuals or Art. 6(1)(f) GDPR for processing representatives of companies; Art. 6(1)(c) GDPR where legal obligations apply. |
| Newsletter and optional marketing communication | Art. 6(1)(a) GDPR where consent is required; Art. 6(1)(f) GDPR for limited B2B relationship marketing where permitted by law. You may withdraw consent or object at any time. |
| Website analytics and performance measurement | Consent where required for non-essential cookies or similar technologies; otherwise Art. 6(1)(f) GDPR for basic, aggregated, privacy-preserving analytics and service improvement. |
| Security, fraud prevention, abuse prevention, and technical administration | Art. 6(1)(f) GDPR based on our legitimate interest in maintaining a secure and reliable Website. |
| Accounting, tax, legal compliance, and statutory record keeping | Art. 6(1)(c) GDPR where processing is required by law; Art. 6(1)(f) GDPR for establishing or defending claims. |
| Recruitment, if you apply or contact us about a role | Art. 6(1)(b) GDPR for steps before an employment/cooperation agreement; Art. 6(1)(c) GDPR for statutory employment data where applicable; Art. 6(1)(a) GDPR for optional extra data or future recruitment consent. |
| Social media profile management | Art. 6(1)(f) GDPR based on communication, brand promotion, community management, and responding to messages or comments. |
5. Legitimate interests
Where we rely on legitimate interests, those interests may include responding to business inquiries, developing client relationships, operating and securing the Website, preventing abuse, improving services, managing social media profiles, pursuing or defending legal claims, and carrying out limited B2B marketing where permitted by law. We assess whether our interests are overridden by the interests, rights, or freedoms of the data subject.
6. Cookies and similar technologies
We use cookies and similar technologies as described in the Cookie Policy. Non-essential analytics, marketing, and embedded-content technologies should be used only where a valid legal basis exists, including consent where required by EU and Polish law.
7. Recipients of data
We may share personal data with trusted recipients only where necessary, including:
- hosting, infrastructure, security, backup, and website maintenance providers;
- email, CRM, newsletter, form-handling, analytics, and consent-management providers;
- Calendly and video-meeting providers used for booking and calls;
- advertising, analytics, and social media platforms if implemented with proper consent;
- professional advisers such as lawyers, accountants, auditors, insurers, and tax advisers;
- public authorities, courts, regulators, or law enforcement where required by law;
- potential successors in case of a merger, reorganisation, sale, or transfer of all or part of the business.
Processors should act under data processing agreements required by Art. 28 GDPR. Third-party controllers, such as social media platforms, may process data under their own privacy policies.
8. International transfers
Some providers may process personal data outside the European Economic Area, including in the United States or other countries. Where this happens, we rely on appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, supplementary measures, or another lawful transfer mechanism under Chapter V GDPR.
9. Retention periods
| Data category | Typical retention period |
|---|---|
| Contact and proposal inquiries | For the time needed to respond and follow up, usually up to 24 months after the last contact unless a longer period is justified by negotiations or claims. |
| Client/project records | For the duration of the cooperation and then for limitation periods applicable to claims, tax, and accounting obligations. |
| Newsletter data | Until withdrawal of consent, unsubscribe, objection, or termination of the newsletter, plus a record needed to prove consent or suppression status. |
| Cookie consent records | For the period needed to demonstrate consent choices, typically up to 12 months unless the consent tool uses a different lawful period. |
| Website security logs | Usually up to 12 months, unless longer retention is needed to investigate incidents or defend claims. |
| Recruitment data | For the recruitment process and, where consent is given, for future recruitment for the period stated in the recruitment notice. |
| Accounting and tax documents | For periods required by Polish tax and accounting laws. |
10. Your GDPR rights
Subject to the conditions and limits in the GDPR, you may have the right to:
- access your personal data;
- rectify inaccurate or incomplete data;
- erase data;
- restrict processing;
- data portability;
- object to processing based on legitimate interests;
- withdraw consent at any time where processing is based on consent;
- not be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects.
To exercise rights, contact info@doctorank.com. We may need to verify your identity before acting on a request. You also have the right to lodge a complaint with the President of the Personal Data Protection Office in Poland (Prezes Urzędu Ochrony Danych Osobowych, UODO).
11. Automated decision-making
We do not use personal data collected through the Website for decisions based solely on automated processing that produce legal effects or similarly significantly affect individuals.
12. Children
The Website and services are intended for business users and are not directed to children. We do not knowingly collect personal data from children through the Website.
13. Security
We use organisational and technical measures intended to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. No online system is completely secure, so users should also take care when sending information online.
14. Changes to this Policy
We may update this Privacy Policy to reflect changes in the Website, tools, services, law, or processing practices. The current version is published on the Website and applies from the date stated above.