Privacy Policy

Last updated

January 1, 2025

This Privacy and Cookie Policy (the "Policy") explains how Leadpack Revpack Sp. z o.o. processes personal data of users of the website available at www.revpack.co (the "Website"), and how we use cookies and similar technologies. We have prepared this Policy in plain language so that you can understand what we do with your data and what your rights are.

We process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the "GDPR") and the Polish Personal Data Protection Act of 10 May 2018.

1. Scope of this Policy

This Policy applies to personal data processed by us in connection with:

  1. your visit to and use of the Website;
  2. your communication with us via the contact form, email, scheduling tools or other channels;
  3. your subscription to our newsletter;
  4. any pre-contractual discussions and the performance of agreements with our clients;
  5. our marketing and advertising activities (including on third-party platforms).

This Policy does not apply to personal data that we process on behalf of our clients in the course of providing revenue operations, lead generation or related services to them (for example, data stored in a client’s CRM, marketing automation platform or outbound campaigns). With respect to such data, our clients act as data controllers and we act as their data processor. Our processing of that data is governed by the relevant services agreement and a data processing agreement (DPA) entered into with the client, and not by this Policy. If you are a data subject whose data has been processed in this context, please direct your enquiry to the relevant client.

2. Who is the controller of your personal data?

The controller of your personal data is:

Leadpack Revpack Sp. z o.o., a Polish limited liability company with its registered office at Al. Jana Pawła II 68/19, 00-170 Warsaw, Poland; entered in the Register of Entrepreneurs of the National Court Register under KRS number 0001189582; Tax ID (NIP): 5253057754.

Wherever this Policy uses the words "we", "us" or "our", it refers to this entity.

You can contact us in any matter related to the processing of your personal data by email at contact@revpack.co, or in writing to the address above.

We have not appointed a Data Protection Officer, as we are not legally required to do so.

3. For what purposes and on what legal bases do we process your data?

We process personal data for the purposes set out in the table below. Each purpose is associated with a specific legal basis under the GDPR.

Purpose of processing Description Legal basis (GDPR)
Contact and correspondence Responding to enquiries submitted via the contact form, email, or other communication channels; ongoing correspondence with current and prospective clients. Art. 6(1)(b) and Art. 6(1)(f) GDPR (legitimate interest in handling business communication).
Newsletter Sending educational content, business insights, product updates and marketing communications to subscribers; managing the subscriber list and unsubscribe process. Art. 6(1)(a) GDPR (consent) and Art. 6(1)(f) GDPR (legitimate interest in direct marketing of own services).
Meeting bookings Scheduling discovery calls, demos and consultations through booking tools (e.g. Calendly), including calendar coordination and confirmation messages. Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
Performance of contracts Processing data necessary to deliver services, manage engagements and handle administrative matters. Art. 6(1)(b) GDPR.
Tax and accounting obligations Issuing invoices, maintaining accounting records, and complying with tax and bookkeeping obligations. Art. 6(1)(c) GDPR.
Analytics and statistics Measuring and analysing how visitors use the Website and identifying improvements. Art. 6(1)(f) GDPR and, where applicable, Art. 6(1)(a) GDPR.
Marketing and advertising Targeting and measuring advertising campaigns on third-party platforms. Art. 6(1)(a) GDPR and Art. 6(1)(f) GDPR.
Establishment, exercise or defence of claims Processing data where necessary to establish, exercise or defend claims. Art. 6(1)(f) GDPR.

4. What categories of personal data do we process?

Depending on the context, we may process the following categories of personal data:

  1. identification and contact data (first and last name, business email address, phone number, position, employer);
  2. information about your business (company name, business address, VAT ID, industry, size, technology stack) where you provide it to us;
  3. content of your correspondence with us (including messages submitted via the contact form, email, chat or scheduling tools);
  4. newsletter-related data (email address, subscription date, segment, engagement signals such as opens and clicks);
  5. billing and accounting data (where you become a client) - such as invoice details, bank account number, transaction details;
  6. technical data collected automatically when you visit the Website (IP address, browser type and version, operating system, device type, referrer URL, pages viewed, time spent, approximate location based on IP);
  7. cookie identifiers and similar online identifiers.

5. Where do we obtain your data from?

In most cases, you provide your data to us directly - for example, when you fill in the contact form, subscribe to the newsletter, book a meeting or send us an email. Some technical data (such as IP address and cookie identifiers) is collected automatically when you visit the Website. Occasionally, we may obtain your business contact details from publicly available professional sources (such as LinkedIn or company websites) where we have a legitimate interest in establishing business contact.

6. Is providing your data mandatory?

Providing personal data is voluntary. However, in some cases providing certain data is necessary for us to be able to perform a specific action - for example, we cannot respond to your enquiry if you do not provide a contact email, and we cannot send the newsletter without an email address. Where you become a client, providing data required for tax and accounting purposes is necessary to comply with our legal obligations.

7. Who do we share your data with?

We do not sell your personal data. However, in order to operate the Website and run our business, we work with selected service providers who may process your data on our behalf or as independent controllers. These include:

  1. hosting and IT infrastructure providers;
  2. email, marketing and CRM platform providers;
  3. analytics and advertising platform providers (e.g. Google, Meta, LinkedIn);
  4. scheduling tool providers (e.g. Calendly);
  5. accounting service providers and external bookkeepers;
  6. legal advisors, auditors and other professional advisors, where bound by professional confidentiality;
  7. public authorities, where required by law (e.g. tax authorities, law enforcement, courts).

A more detailed list of the tools and categories of providers we use is set out in Section 13 (Tools and processors) below. We treat that list as a maximum scope - at any given time, we may use only a subset of the tools listed.

Where service providers process personal data on our behalf, we enter into appropriate data processing agreements with them as required under Article 28 of the GDPR.

8. Disclosures to protect us or others, and to comply with legal obligations

We may access, preserve and disclose your personal data to external parties if we, in good faith, believe that doing so is required or appropriate to:

  1. comply with applicable law, court orders, subpoenas, or requests from public authorities (including law enforcement and national security authorities);
  2. enforce our agreements, terms and policies, including investigating potential breaches;
  3. protect the rights, property or safety of us, our personnel, our clients, our users or the public;
  4. detect, prevent or otherwise address fraud, security or technical issues;
  5. collect amounts owed to us or assist in the investigation or prosecution of suspected illegal activity.

9. Transfers to third countries

Some of the tools and service providers we use are based in, or transfer data to, countries outside the European Economic Area (the "EEA") - in particular the United States. This applies, for example, to certain analytics and advertising tools provided by Google, Meta and LinkedIn, and to scheduling tools such as Calendly.

Where personal data is transferred outside the EEA, we ensure that an appropriate level of protection is in place, in particular through:

  1. the use of Standard Contractual Clauses adopted by the European Commission pursuant to Article 46 of the GDPR;
  2. reliance on adequacy decisions adopted by the European Commission, where applicable (e.g. the EU–US Data Privacy Framework, where the relevant provider is certified);
  3. additional technical and organisational safeguards implemented by us or by the relevant providers (such as encryption in transit and at rest, access controls and pseudonymisation where appropriate).

You can request more information about the safeguards in place, including a copy of the relevant Standard Contractual Clauses, by contacting us using the details in Section 2.

10. How long do we keep your data?

We process your personal data only for as long as necessary for the purposes for which it was collected. The main retention periods are:

  1. contact and correspondence data - for the duration of the correspondence and for up to 24 months thereafter, to enable us to renew contact and to defend potential claims;
  2. newsletter data - until you unsubscribe; thereafter we retain limited records for the purpose of demonstrating compliance and defending potential claims;
  3. meeting-booking data - for up to 24 months from the last booking;
  4. client data - for the duration of the engagement and afterwards for the period required by Polish tax law (generally 5 years from the end of the relevant tax year);
  5. analytics data - for the period defined by the relevant tool (typically up to 14 months for Google Analytics, with shorter periods configurable);
  6. data processed for the purpose of establishing, exercising or defending claims - until the relevant claims become time-barred under applicable law.

11. Your rights

Under the GDPR, you have the following rights in relation to your personal data:

  1. right of access - to know what data we process about you and to receive a copy of it;
  2. right to rectification - to have inaccurate or incomplete data corrected;
  3. right to erasure ("right to be forgotten") - to have your data deleted, where applicable;
  4. right to restriction of processing - to limit how we use your data in certain circumstances;
  5. right to data portability - to receive your data in a structured, commonly used, machine-readable format and to have it transferred to another controller, where the processing is based on consent or contract and carried out by automated means;
  6. right to object - to object to processing based on legitimate interests, including profiling for direct-marketing purposes (in which case we will stop such processing);
  7. right to withdraw consent - where the processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal;
  8. right to lodge a complaint - with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warsaw, Poland) or another competent supervisory authority in the EU.

To exercise any of these rights, please contact us at contact@revpack.co. We will respond without undue delay and in any event within one month of receiving your request, in accordance with the GDPR. Where the request is complex or where we receive a large number of requests, we may extend that period by a further two months and will inform you accordingly.

12. Marketing communications and opt-out

If you no longer wish to receive marketing communications from us, you can opt out at any time by:

  1. clicking the unsubscribe link at the bottom of any marketing email;
  2. contacting us at contact@revpack.co with a request to remove you from our marketing list.

Please note that even after you opt out of marketing communications, you may still receive transactional or service-related communications - for example, responses to your enquiries, scheduling confirmations, invoices, or notifications about material changes to this Policy or our Terms.

13. Automated decision-making and profiling

We do not make decisions in relation to you based solely on automated processing (including profiling) that produce legal effects concerning you or similarly significantly affect you. We may, however, use tools that perform basic profiling for analytics and advertising purposes (for example, segmenting newsletter subscribers based on engagement, or showing personalised ads on third-party platforms based on your behaviour on the Website). You have the right to object to such processing - see Section 11.

14. Tools and processors

Below is a maximum list of categories of tools and service providers we may use in connection with the Website and our business. We may not use all of them at any given time, and we may add or replace providers as our business evolves. Where any change materially affects how we process your data, we will update this Policy.

Tool / Service Provider Purpose
Google Analytics (GA4) Google Ireland Ltd. / Google LLC (USA) Website analytics and statistics.
Google Tag Manager Google Ireland Ltd. / Google LLC (USA) Tag and script management.
Google Ads Google Ireland Ltd. / Google LLC (USA) Advertising and remarketing.
Meta Pixel / Conversions API Meta Platforms Ireland Ltd. / Meta Platforms Inc. (USA) Advertising, audience targeting, conversion measurement.
LinkedIn Insight Tag LinkedIn Ireland Unlimited Company / LinkedIn Corp. (USA) Advertising, retargeting, conversion measurement.
HubSpot HubSpot Ireland Ltd. / HubSpot Inc. (USA) CRM, contact form processing, marketing automation.
Calendly Calendly LLC (USA) Scheduling meetings and consultations.
Email marketing platform Various (EU and USA) Newsletter delivery and subscriber management.
Heatmap / session-recording tools Hotjar Ltd. (Malta) / Microsoft Corp. (USA) Behavioural analytics and UX research.
Hosting and infrastructure providers Various (EU and USA) Hosting the Website and associated services.
Cloud productivity Google Ireland Ltd. / Microsoft Ireland Operations Ltd. Email, document storage, internal communication.
Accounting service provider Polish accounting office Bookkeeping and tax compliance.
Legal and professional advisors Polish law firms and consultants Legal advice and dispute handling.

15. Cookies and similar technologies

The Website uses cookies and similar technologies (such as tracking pixels, conversion APIs and the local storage of your browser). Cookies are small text files stored on your device that allow the Website to recognise you, remember your preferences and analyse how you use the Website.

We use the following categories of cookies:

Category Purpose Consent required
Strictly necessary Required for the basic functioning of the Website (e.g. session management, security, load balancing, remembering your cookie preferences). No
Analytical / performance Allow us to count visits and traffic sources, measure how visitors interact with the Website, and improve its performance (e.g. Google Analytics). Yes
Marketing / advertising Used to deliver and measure advertising on third-party platforms, including remarketing (e.g. Google Ads, Meta Pixel, LinkedIn Insight Tag). Yes
Functional Enable enhanced functionality and personalisation, such as embedded videos, chat widgets or scheduling tools. Yes

Strictly necessary cookies do not require your consent. All other categories of cookies are loaded only after you have given your consent through the cookie banner displayed on your first visit to the Website. You can change or withdraw your consent at any time by adjusting your settings via the cookie banner or by clearing cookies in your browser.

You can also manage cookies directly in your web browser, including by blocking all cookies, blocking specific categories or deleting existing cookies. Detailed information on managing cookies in popular browsers is available on their official websites (Google Chrome, Mozilla Firefox, Microsoft Edge, Safari, Opera). Please note that blocking strictly necessary cookies may prevent the Website from functioning correctly.

Some cookies are set by third parties listed in Section 14. The processing of personal data by these third parties is governed by their own privacy policies, which we encourage you to review.

16. Security of your data

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction or alteration, in accordance with Article 32 of the GDPR. These measures include access controls, encryption in transit, regular review of our processing activities, and the selection of service providers that offer adequate guarantees of GDPR compliance.

17. Children’s information

The Website and our services are intended exclusively for business users and are not directed to children under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and you believe that your child has provided us with personal data, please contact us using the details in Section 19 and we will delete the relevant data, unless we have a legal obligation to retain it.

18. Third-party websites

The Website may contain links to other websites or applications that are not controlled by us. We do not endorse, screen or approve, and are not responsible for, the privacy practices or content of such third-party websites or applications. We encourage you to read the privacy policies of any website or application with which you interact. Providing personal data to third-party websites or applications is at your own risk.

19. Changes to this Policy

We may update this Policy from time to time, in particular to reflect changes in our processing activities, the tools we use, or applicable law. The updated version will be posted on the Website together with the date of last update. Where we consider the changes to be material, we will additionally notify subscribers of our newsletter by email. Please review this Policy periodically.

20. Contact

If you have any questions about this Policy or about how we process your personal data, please contact us at:

Leadpack Revpack Sp. z o.o., Al. Jana Pawła II 68/19, 00-170 Warsaw, Poland.

Email: contact@revpack.co.