Effective as of: 01.07.2025
1. GENERAL INFORMATION
1.1. This Privacy Policy outlines the principles of personal data processing by the FormDig platform available at formdig.com.
1.2. The data controller is JohnCube Sp. z o.o., with its registered office at ul. Św. Józefa 13, Rybnik, Poland, KRS: 0000791161, VAT ID: PL6423217738 (hereinafter referred to as the “Controller” or “FormDig”).
1.3. Contact with the Data Protection Officer: marcin.przybyla@johncube.pl or JohnCube Sp. z o.o., ul. Św. Józefa 13, 44-200, Poland.
2. LEGAL BASES FOR PROCESSING
2.1. Personal data is processed on the following legal bases:
• Art. 6(1)(a) GDPR – consent of the data subject
• Art. 6(1)(b) GDPR – performance of a contract or steps taken prior to entering into a contract
• Art. 6(1)(c) GDPR – compliance with a legal obligation
• Art. 6(1)(f) GDPR – legitimate interest of the Controller
3. CATEGORIES OF DATA PROCESSED
3.1. Account user data:
• Identification data: first name, last name
• Contact data: email address, phone number
• Technical data: IP address, device and browser information
• Payment data: transaction details (excluding card information)
• Usage data: activity logs, usage statistics
3.2. Data collected by the monitoring script:
• Form data: field inputs, interaction times
• Behavioral data: navigation paths, clicks, form abandonment
• Technical data: IP address, user agent, screen resolution
• Performance data: loading times, form errors
Note: Only data necessary for form monitoring is processed.
4. PURPOSES OF DATA PROCESSING
4.1. Account user data:
• Service delivery – enabling use of the FormDig platform
• Communication and support – user interaction and troubleshooting
• Billing – invoicing and accounting
• Marketing – promoting services
• Security – abuse prevention, spam control
4.2. Data from the monitoring script:
• Form analytics – tracking performance and conversion
• Error detection – identifying technical issues
• Optimization – generating reports and recommendations
• Alerts – notifying about form malfunctions
5. DATA RECIPIENTS
5.1. Data may be shared with the following categories of recipients:
• Technical service providers – hosting, analytics, IT support
• Payment processors – handling financial transactions
• Communication service providers – email, notifications
• Public authorities – when required by law
5.2. All recipients operate under data processing agreements compliant with the GDPR.
6. TRANSFER OF DATA OUTSIDE THE EEA
6.1. In certain cases, data may be transferred outside the European Economic Area.
6.2. Transfers are made only with adequate safeguards in place:
• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs) approved by the EC
• Certifications such as the EU-U.S. Data Privacy Framework (formerly Privacy Shield)
6.3. A list of countries and safeguards is available upon request.
7. DATA RETENTION
7.1. Account user data:
• Basic data – until account deletion or consent withdrawal
• Financial data – 5 years (for accounting obligations)
• Security logs – 12 months
7.2. Form monitoring data:
• Analytical data – up to 24 months or until consent withdrawal
• Aggregated data – may be stored indefinitely (anonymized)
7.3. After the retention period, data is automatically deleted or anonymized.
8. DATA SUBJECT RIGHTS
8.1. Under the GDPR, you have the following rights:
Right of access (Art. 15 GDPR):
• To obtain information about your data
• To receive a copy of your personal data
Right to rectification (Art. 16 GDPR):
• To correct inaccurate or outdated data
Right to erasure (Art. 17 GDPR):
• To request data deletion in certain cases ("right to be forgotten")
Right to restriction of processing (Art. 18 GDPR):
• To limit processing in specific situations
Right to data portability (Art. 20 GDPR):
• To receive your data in a structured format
• To transfer your data to another controller
Right to object (Art. 21 GDPR):
• To object to processing based on legitimate interest
• To object to processing for marketing purposes
8.2. To exercise your rights, contact support@formdig.com.
9. DATA SECURITY
9.1. FormDig applies appropriate technical and organizational measures:
• Encryption – data in transit and at rest is encrypted
• Access control – access restricted to authorized personnel
• Backups – regular data backups
• Monitoring – ongoing system security monitoring
• Training – regular staff training on data protection
9.2. In the event of a data breach, the Controller will:
• Notify the supervisory authority within 72 hours
• Inform affected individuals if there is a high risk to their rights
10. COOKIES
10.1. FormDig uses cookies for:
• Functional – to ensure core platform functionality
• Analytical – to analyze traffic and user behavior
• Preferences – to remember user settings
10.2. Types of cookies used:
• Session – deleted when the browser is closed
• Persistent – stored for a defined period
• First-party – set by FormDig
• Third-party – set by partners (e.g., Google Analytics)
10.3. Cookie management:
• Settings can be changed in your web browser
• Disabling cookies may limit platform functionality
11. MONITORING SCRIPT AND PRIVACY
11.1. The FormDig script installed on client websites:
• Collects only the data necessary to monitor forms
• Allows exclusion of specific fields (e.g., passwords, sensitive data)
11.2. Client responsibilities:
• Informing users about form monitoring
• Configuring exclusions for sensitive data
12. CHILDREN’S RIGHTS
12.1. FormDig does not knowingly collect data from children under 16.
12.2. If such data is detected, it will be deleted immediately.
12.3. Parents/guardians may contact us regarding their child’s data.
13. CHANGES TO THIS PRIVACY POLICY
13.1. The Controller may update this Privacy Policy.
13.2. Users will be notified of significant changes:
• By email
• Via a notification in the user panel
• With a notice on the homepage
13.3. Continued use of the platform implies acceptance of the changes.
14. COMPLAINTS TO THE SUPERVISORY AUTHORITY
14.1. In case of concerns regarding data processing, you may file a complaint with:
Personal Data Protection Office (UODO)
• Address: ul. Stawki 2, 00-193 Warsaw, Poland
• Phone: +48 22 531 03 00
• Email: kancelaria@uodo.gov.pl
• Website: uodo.gov.pl
15. CONTACT
15.1. For matters related to data protection, please contact:
Data Controller:
• Email: marcin.przybyla@johncube.pl
• Address: JohnCube Sp. z o.o., ul. Św. Józefa 13, 44-200 Rybnik, Poland
• Phone: +48 601 084 169
15.2. Response time for inquiries: up to 30 days from receipt.
Last updated: 01.07.2025