Last updated: March 14, 2026
Privacy Policy
Table of contents
1. Data controller
The controller of your personal data within the meaning of Art. 4(7) of the GDPR is KursVideoAI.PL (hereinafter: "the Controller"), a Polish business operating the website at https://kursvideoai.pl, Tax Identification Number (NIP): 6372199254.
Contact the Controller: kontakt@kursvideoai.pl
2. Purposes and legal bases of processing
We process your personal data for the following purposes:
| Purpose of processing | Legal basis (GDPR) |
|---|---|
| Order fulfilment and course access | Art. 6(1)(b) — performance of a contract |
| Sending newsletter and marketing communications | Art. 6(1)(a) — your consent |
| Analytics and service quality improvement (PostHog) | Art. 6(1)(f) — legitimate interests of the Controller |
| Payment processing (Stripe) | Art. 6(1)(b) — performance of a contract |
| Handling complaints and right of withdrawal | Art. 6(1)(c) — legal obligation |
| Fulfilment of tax and accounting obligations | Art. 6(1)(c) — legal obligation |
| Consultation booking, delivery, and post-session materials (recording, transcription) | Art. 6(1)(b) — performance of a contract |
3. Categories of data collected
Depending on the purpose of processing, we collect the following categories of data:
- Course purchase: first name, last name, email address, billing details (if applicable), payment data processed by Stripe.
- Newsletter: email address.
- Analytics: anonymised data about activity on the Service (pages visited, time spent, device type), collected by PostHog.
- Contact: email address, message content.
- Consultation: name, email address, booking details (via Cal.com), Google Meet session recording and transcription (delivered to the Customer after the session and then deleted by the Seller — see §5).
4. Recipients and data transfers
Your personal data may be transferred to the following entities:
- Stripe, Inc. — payment processing and order fulfilment. Stripe processes payment data in accordance with its own privacy policy. Headquarters: USA; data transferred on the basis of Standard Contractual Clauses (SCCs).
- PostHog, Inc. — service analytics. Data may be processed on servers located in the EU. Data transfer is conducted on the basis of Standard Contractual Clauses (SCCs).
- Resend, Inc. — sending transactional and newsletter emails. Headquarters: USA; data transferred on the basis of Standard Contractual Clauses (SCCs).
- Cal.com, Inc. — consultation slot booking and integrated payment processing via Stripe. Headquarters: USA; data transferred on the basis of Standard Contractual Clauses (SCCs). Cal.com processes the Customer's name, email address, and booking details for the purpose of scheduling and confirming the Consultation.
The Controller does not sell your personal data to third parties. Data is transferred only to the extent necessary for the purposes described above.
5. Data retention periods
- Order-related data: for the duration of the contract (course access) and for 5 years from the end of the tax year in which the transaction was made, for the purpose of fulfilling tax obligations.
- Newsletter data: until consent is withdrawn (unsubscription from the mailing list).
- Analytics data: for up to 12 months from collection, in anonymised form.
- Complaint data: for 1 year from the resolution of the complaint.
- Consultation recordings and transcriptions: retained by the Seller solely for the purpose of delivering them to the Customer; deleted from the Seller's systems after delivery (within 7 days of the session). The Customer is responsible for any copy they retain. [Note for legal review: confirm retention period and deletion obligation against applicable tax/archiving rules.]
6. Your rights
Under the GDPR, you have the following rights:
- Right of access — you have the right to obtain confirmation of whether we process your data and to access it.
- Right to rectification — you may request correction of inaccurate or completion of incomplete data.
- Right to erasure ("right to be forgotten") — you may request deletion of your data when there is no legal basis for its continued processing.
- Right to restriction of processing — you may request restriction of the processing of your data in certain circumstances.
- Right to data portability — you have the right to receive your data in a structured, commonly used format (e.g. CSV, JSON) and transfer it to another controller.
- Right to object — you may at any time object to the processing of your data based on the legitimate interests of the Controller.
- Right to withdraw consent — if processing is based on your consent, you may withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
To exercise any of the above rights, contact us at: kontakt@kursvideoai.pl. We will respond to your request within 30 days.
You also have the right to lodge a complaint with the supervisory authority — in Poland: the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, https://uodo.gov.pl.
8. Data security
The Controller applies appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or disclosure. In particular:
- The Service uses encrypted SSL/TLS connections.
- Payments are handled by a certified operator (Stripe); the Controller does not store card payment data.
- Access to personal data is restricted to authorised persons only.
9. Changes to this Privacy Policy
The Controller reserves the right to make changes to this Privacy Policy. We will notify you of any material changes by email or via a notice on the Service. The current version of the Privacy Policy is always available at kursvideoai.pl/en/polityka-prywatnosci.
10. Contact
For matters related to personal data protection, please contact us:
- Email: kontakt@kursvideoai.pl
- Website: https://kursvideoai.pl
See also: