Data security is our priority at MQS

Protecting your privacy is fundamental to us. In this document, we clearly explain what data we collect, how we process it, and what rights you have under applicable regulations, including GDPR.

Preamble (Introduction)

At MQ Software PSA (hereinafter: 'MQS', 'we'), protecting your privacy is our priority. We treat your personal data with the utmost respect and ensure its security. This Privacy Policy (hereinafter: 'Policy') explains who we are, what personal data we collect via the website https://mq.software (hereinafter: 'Service'), why we collect it, and how we use it. This document also describes your rights under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter: 'GDPR').

1. Who is the Controller of your data?

The Controller of your personal data is MQ Software PSA with its registered office in Warsaw (00-867) at al. Jana Pawła II 27, NIP (Tax ID): PL5273071757. In all matters regarding the processing of your personal data and the exercise of your rights, you can contact us at the e-mail address: info@mq.software, and in matters directly related to data protection, you can contact the Data Protection Officer (DPO) appointed by the Controller at the e-mail address: iod@mq.software.

2. What data do we process, for what purpose, and on what basis?

We process your data only when we have a clear purpose and legal basis for doing so. Below you will find a summary of our activities:

Purpose of processing	Example scope of data	Legal basis under GDPR
Responding to an inquiry (via contact form, e-mail, or live chat)	Name, e-mail address, phone number, content of your message.	Art. 6(1)(f) (our legitimate interest consisting in handling your inquiry) or Art. 6(1)(b) (actions necessary prior to entering into a contract at your request).
Conclusion and performance of a contract (provision of services)	First and last name, company data, Tax ID (NIP), registered office address, e-mail address, phone number.	Art. 6(1)(b) (necessity for the conclusion and performance of a contract).
Marketing of own products and services	E-mail address, name, phone number.	Art. 6(1)(f) (our legitimate interest), and in the case of sending a newsletter – also your consent (Art. 6(1)(a)) for electronic communication.
Analytics and statistics (improving the Service)	Anonymized IP address, device data, data on traffic in the Service (collected by cookies).	Art. 6(1)(a) (your voluntary consent expressed via the cookie banner).
Establishment, exercise, or defense of claims	Any data necessary to prove the existence of a claim or defend our rights.	Art. 6(1)(f) (our legitimate interest).
Fulfillment of legal obligations (e.g., tax, accounting)	Data necessary to issue an invoice (e.g., Tax ID, company data).	Art. 6(1)(c) (legal obligation resulting from regulations, e.g., the Accounting Act).

Providing data is voluntary. However, if you wish to conclude a contract (objective 2) or receive a response to an inquiry (objective 1), providing data marked as mandatory is necessary to carry out these activities.

3. How long do we store your data?

The period of storage of your data (retention period) depends on the purpose for which it was collected:

Data related to the contract: For the entire duration of the contract, and after its termination for the period necessary to secure or pursue potential claims, generally for a period of 6 years (in accordance with general limitation periods).
Data based on consent (e.g., marketing, cookies): Until you withdraw this consent. After withdrawing consent, data is immediately deleted unless there is another legal basis for its further processing (e.g., defense of claims).
Data based on legitimate interest (e.g., response to an inquiry): Until this interest is fulfilled (e.g., end of correspondence) or until you lodge an effective objection.

4. Who do we share your data with? (Data recipients)

Your personal data may be transferred to entities that help us conduct business and provide services (so-called processors). These are our trusted partners, such as:

Providers of hosting and IT infrastructure services (e.g., Azure).
Companies providing accounting and legal services.
Providers of CRM systems and project management tools.
Providers of analytical tools (e.g., Google LLC).
Providers of marketing and communication systems.

We require these entities to maintain the confidentiality and security of your data and to process it only on our behalf and in accordance with our instructions.

Data transfer outside the European Economic Area (EEA):

We use tools provided by international entities, which may involve transferring your data to third countries (outside the EEA), mainly to the United States (USA). This happens, for example, when using Google services (analytics) or Azure (hosting). We ensure that any such transfer takes place in compliance with the GDPR. We apply legally required safeguards, such as Standard Contractual Clauses (SCC) approved by the European Commission or rely on European Commission Decisions finding an adequate level of protection.

5. Cookies

Our Service, like most websites, uses cookies.

What are cookies? These are small text files saved on your device (computer, phone) when you visit the Service.
Necessary cookies: They are crucial for the proper functioning of the Service (e.g., maintaining a session, ensuring security). We do not need your consent to use them (legal basis: Art. 6(1)(f) GDPR – our legitimate interest).
Analytical and Marketing cookies: These are optional files, often coming from our partners (e.g., Google Analytics, Meta Pixel). They help us understand how you use the site and tailor marketing content to you.
Your consent: We use optional cookies (point 3) solely based on your voluntary consent, which you express via our cookie banner (Consent Management Center). Usually, browser settings are not sufficient to express consent.
Withdrawing consent: You can modify or withdraw your consent at any time as easily as you gave it. Just click the 'Cookie settings' link available in the footer of our Service.

6. What are your rights regarding data processing?

GDPR grants you a number of rights that you can exercise by contacting us (preferably by email at: iod@mq.software):

Right of access to data (Art. 15 GDPR): You can request information about what data of yours we process and receive a copy of it.
Right to rectification of data (Art. 16 GDPR): If your data is incorrect or incomplete, you have the right to request its correction.
Right to erasure of data ('right to be forgotten') (Art. 17 GDPR): You can request the deletion of your data if, for example, you withdrew your consent or it is no longer necessary for the purposes for which it was collected.
Right to restriction of processing (Art. 18 GDPR): You can request that we restrict the processing of your data (e.g., for the time of verifying its correctness).
Right to data portability (Art. 20 GDPR): If we process data based on a contract or consent, you can receive it from us in a structured format or request it to be sent to another controller.
Right to object (Art. 21 GDPR): If we process your data based on our legitimate interest (e.g., direct marketing), you have the right to object at any time.
Right to withdraw consent (Art. 7(3) GDPR): If we process data based on consent, you can withdraw it at any time. This will not affect the lawfulness of the processing carried out before its withdrawal.
Right to lodge a complaint with a supervisory authority: If you believe that the processing of your data violates regulations, you have the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO) (address: ul. Stawki 2, 00-193 Warsaw).

We will respond to your requests promptly, no later than within one month of receiving them.

7. Changes to the Privacy Policy

We reserve the right to make changes to this Privacy Policy. Any changes will be published in the Service and enter into force on the date of their publication. We encourage you to regularly review the content of the Policy.