Last updated 29.05.2026

Privacy policy

This Privacy Policy is intended to provide transparent information about how your personal data is processed in connection with your use of the CustomerHero.com platform (the "Platform").

I. Data Controller

The Controller of your personal data is Get Feedback Racino, Sadowski, Skowronek spółka jawna with its registered office in Warsaw at ul. Solec 81B, flat 73-A (hereinafter: "Controller").

The Controller has appointed a Data Protection Officer who can be contacted:

  • by e-mail: iod@customerhero.com,
  • in writing: to the address of the Controller's registered office with the note "IOD".

II. Scope and data sources

The Controller processes personal data to the extent necessary to use the Platform, in particular:

  • identification and contact details (e.g. name, e-mail address, telephone number),
  • data relating to your account and the use of the Platform's functionalities,
  • billing data necessary for the issuing and billing of services,
  • data contained in correspondence addressed to the Controller,
  • technical data, including IP address, device identifiers, system logs and information about activity on the Platform,
  • data related to surveys, forms, opinion polls or other interactions created by users of the Platform.

Personal data is obtained:

  • directly from the data subject
  • indirectly, from users of the Platform, in particular in the case of persons acting on their behalf or for their benefit (e.g. employees, collaborators or representatives),
  • from respondents participating in surveys, forms or other interactions carried out through the Platform.

In the case of indirectly acquired data, the Controller usually processes business, contact and relationship data provided by the user of the Platform.

III. Purposes and grounds for data processing

The personal data is processed for the following purposes:

  • the conclusion and performance of the agreement for the provision of electronic services and the operation of the Platform, including the maintenance of the user's account and the provision of the Platform's functionality (art. 6 sec. 1 (b) GDPR);
  • contact, handling of enquiries, requests, complaints and ongoing communication relating to the use of the Platform (art. 6 sec. 1(f) GDPR - the Controller's legitimate interest in providing efficient communication and service to users),
  • fulfilment of legal obligations incumbent on the Controller, in particular those arising from tax and accounting regulations (art. 6 sec. 1 (c) of the GDPR),
  • to ensure the security of the Platform, to prevent abuse, to monitor the operation of the systems, to keep technical statistics and to assert or defend against claims (art. 6 sec. 1(f) GDPR - the Controller's legitimate interest in ensuring the security of the services and protecting the Controller's rights),
  • Direct marketing of the Controller's own products and services (art. 6 sec. 1(f) GDPR - the Controller's legitimate interest in promoting its own services),
  • to send commercial information by electronic means, including the newsletter, after obtaining the relevant consents required by law, in particular the provisions of the Electronic Communications Law (art. 6 sec. 1(a) of the GDPR).

The provision of data is voluntary; however, failure to provide data necessary for the conclusion and performance of the contract may prevent the use of the Platform or selected functionalities.

IV. Data Recipients

Personal data may be transferred to entities cooperating with the Controller, in particular providers of IT services, analytical and communication tools, entities providing services related to the security of systems and data, entities providing accounting, tax, audit and advisory services, providing legal services, payment operators (among others. Stripe Payments Europe Limited) and the invoicing system provider Power Media S.A. - ifirma.pl and entities providing administrative and organisational support. 

In specific cases, data may also be made available to entities authorised by law, in particular public authorities and courts.

V. Data Transmission outside of the EEA

In connection with the use of technology providers, personal data may be transferred outside the European Economic Area, in particular to the United States. In the case of the solution we use, the processing of personal data is of a purely technical nature and takes place in connection with data transmission (so-called "data in transit"), in order to ensure the security and integrity of network traffic, without permanent storage outside the EEA.

Transfers of data to third countries are carried out using the appropriate safeguards required by the GDPR. The transfer of data to the United States is based on a decision by the European Commission finding an adequate level of protection under the EU-US Data Privacy Framework (art. 45 of the GDPR). In case the supplier concerned would not be covered by the above decision, the Controller will apply the standard contractual clauses adopted by the European Commission (art. 46 of the GDPR).

The data subject may obtain a copy of the safeguards in place or information on where they are available by contacting the Controller.

VI. Data storage period

Personal data are kept for the period necessary to fulfil the purposes of the processing, in particular:

  • contract-related data - for the duration of the contract and thereafter for the period of the statute of limitations for claims and the period resulting from tax and accounting law (as a rule 5 years),
  • data related to communications - for the duration of the communication and thereafter for the period of limitation of claims,
  • technical data and system logs - for the period necessary to ensure the security and correct operation of the Platform,
  • data processed on the basis of consent - until it is withdrawn,
  • data processed for marketing purposes - until you object or withdraw your consent, depending on the basis for processing.

VII. The rights of data subjects

The data subject is entitled to:

  • Right to access data
  • the right to rectify provided data
  • the right to erasure,
  • the right to restrict the processing of data,
  • Right to data transfer,
  • The right to object to the processing.

In the case of data processing pursuant to art. 6 sec. 1(f) of the GDPR, an objection can be raised on grounds relating to a particular situation.

In the case of direct marketing, an objection can be lodged at any time without justification.

In the case of processing on the basis of consent, consent may be withdrawn at any time, in particular by contacting the Controller or changing the settings in your user account. Withdrawal of consent does not affect the lawfulness of earlier processing.

The data subject also has the right to lodge a complaint with the President of the Data Protection Authority or other competent supervisory authority.

VIII. Automated decision-making

Personal data shall not be used for automated decision-making or profiling that produces legal effects or similarly significantly affects data subjects. 

IX. Technical data and safety

The controller shall apply appropriate technical and organisational measures to ensure the protection of personal data, in particular measures ensuring the confidentiality, integrity and availability of data, the security of IT systems and access control mechanisms.

Only authorised employees and associates of the Controller may have access to personal data, only to the extent necessary to perform their duties, provide technical support, maintain the Platform and ensure the security of systems and data.

X. Questionnaires, forms and respondent data

As part of the Platform's functionality, users can create surveys, forms, opinion polls and other interactions and process third-party data.

In this respect, the user of the Platform acts, in principle, as the controller of the personal data, while the Platform Controller processes the data only at the documented instruction of the user as a processor, to the extent and for the purpose specified by the user and the contract concluded.

Detailed rules for the processing of respondents' data may also be set out in a separate data processing entrustment agreement concluded between the Platform Controller and the Platform user.

The user is responsible for the compliance of the processing of data in surveys, forms or other interactions with the applicable legislation, in particular:

  • having an appropriate legal basis for the processing,
  • implementation of information obligations,
  • ensuring that the content and manner of data collection comply with data protection legislation.

The Controller of the Platform does not independently determine the purposes of the processing of respondents' data and does not use the data processed within the framework of the surveys or forms for its own purposes, in particular marketing.

The collection of personal data (e.g. e-mail addresses, telephone numbers, names, addresses or identification numbers) in surveys or forms, the results of which are publicly available, is prohibited if this could lead to the unauthorised disclosure of personal data.

When completing a survey or form, the results of which are publicly available, the respondent should be aware that the information provided may be made publicly available, including indexed by search engines.

The Controller of the Platform does not use the e-mail addresses of respondents entered into the Platform by users for its own marketing activities or the marketing activities of third parties without an appropriate legal basis.

XI. Cookies

The rules on the use of cookies and similar technologies are set out in a separate cookie policy, which provides detailed information on their use, including the extent to which they may constitute personal data.

XII. Changes to the Privacy Policy

The Privacy Policy may be updated in particular in the event of a change in the law, a change in the functionality of the Platform or a change in the way data is processed.

In the event of significant changes, users may be informed in an appropriate manner, in particular through a message on the Platform.

Company
Platform Overview
Professional Services
Solutions
Customer Experience
Employee Experience
Patient Experience
Guest Experience
Multichannel Feedback
Industries
Retail
Restaurants
Travel & Hospitality
Telecom & Media
Insurance
Banking
Healthcare
Utilities
Resources
Benchmarks & Insights
Customer Stories
Blog
Get to know us
About us
Contact
Request demo
English
Privacy policy
Terms of Use
Cookies
© CustomerHero